From ec80132d285b09d77d19d6203a84d5072a9754ee Mon Sep 17 00:00:00 2001 From: Joe Corall Date: Fri, 31 May 2024 10:18:41 -0400 Subject: [PATCH] Support reverse proxies --- .env | 12 +++++++++++- docker-compose.yml | 38 +++++++++++++++++++------------------- 2 files changed, 30 insertions(+), 20 deletions(-) diff --git a/.env b/.env index cd60033..78727c8 100644 --- a/.env +++ b/.env @@ -40,7 +40,17 @@ REPOSITORY=islandora.io TAG=local # The domain at which your production site is hosted. -DOMAIN=islandora.dev +# If you're using a reverse proxy, this is the reverse proxy domain name +FRONTEND_DOMAIN=islandora.dev + +# The domain at which this islandora docker compose deployment is running. +# +# If this docker deployment is accessed directly by the WWW +# this should be the same value as FRONTEND_DOMAIN +# +# If this docker deployment is a backend to a reverse proxy +# This is the domain name your FRONTEND_DOMAIN connects to +BACKEND_DOMAIN=islandora.dev # The email to use for admin users and Lets Encrypt. EMAIL=postmaster@example.com diff --git a/docker-compose.yml b/docker-compose.yml index fd2b1f7..a1ab286 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -230,7 +230,7 @@ services: <<: [*prod, *activemq] labels: <<: [*traefik-disable, *activemq-labels] - traefik.http.routers.activemq_http.rule: &traefik-host-activemq-prod Host(`activemq.${DOMAIN}`) + traefik.http.routers.activemq_http.rule: &traefik-host-activemq-prod Host(`activemq.${FRONTEND_DOMAIN}`) traefik.http.routers.activemq_https.rule: *traefik-host-activemq-prod traefik.http.routers.activemq_https.tls.certresolver: *traefik-certresolver secrets: @@ -259,7 +259,7 @@ services: <<: [*prod, *blazegraph] labels: <<: [*traefik-disable, *blazegraph-labels] - traefik.http.routers.blazegraph_http.rule: &traefik-host-blazegraph-prod Host(`blazegraph.${DOMAIN}`) + traefik.http.routers.blazegraph_http.rule: &traefik-host-blazegraph-prod Host(`blazegraph.${FRONTEND_DOMAIN}`) traefik.http.routers.blazegraph_https.rule: *traefik-host-blazegraph-prod traefik.http.routers.blazegraph_https.tls.certresolver: *traefik-certresolver cantaloupe-dev: &cantaloupe @@ -289,7 +289,7 @@ services: <<: [*prod, *cantaloupe] labels: <<: [*cantaloupe-labels] - traefik.http.routers.cantaloupe_http.rule: &traefik-host-cantaloupe-prod Host(`${DOMAIN}`) && PathPrefix(`/cantaloupe`) + traefik.http.routers.cantaloupe_http.rule: &traefik-host-cantaloupe-prod Host(`${BACKEND_DOMAIN}`) && PathPrefix(`/cantaloupe`) traefik.http.routers.cantaloupe_https.rule: *traefik-host-cantaloupe-prod traefik.http.routers.cantaloupe_https.tls.certresolver: *traefik-certresolver drupal-dev: &drupal @@ -355,14 +355,14 @@ services: environment: <<: [*drupal-environment] DEVELOPMENT_ENVIRONMENT: false - DRUPAL_DEFAULT_CANTALOUPE_URL: "https://${DOMAIN}/cantaloupe/iiif/2" - DRUPAL_DEFAULT_FCREPO_URL: "https://fcrepo.${DOMAIN}/fcrepo/rest/" - DRUPAL_DEFAULT_MATOMO_URL: "https://${DOMAIN}/matomo/" - DRUPAL_DEFAULT_SITE_URL: "${DOMAIN}" - DRUPAL_DRUSH_URI: "https://${DOMAIN}" + DRUPAL_DEFAULT_CANTALOUPE_URL: "https://${FRONTEND_DOMAIN}/cantaloupe/iiif/2" + DRUPAL_DEFAULT_FCREPO_URL: "https://fcrepo.${FRONTEND_DOMAIN}/fcrepo/rest/" + DRUPAL_DEFAULT_MATOMO_URL: "https://${FRONTEND_DOMAIN}/matomo/" + DRUPAL_DEFAULT_SITE_URL: "${FRONTEND_DOMAIN}" + DRUPAL_DRUSH_URI: "https://${FRONTEND_DOMAIN}" labels: <<: [*traefik-enable, *traefik-https-redirect-middleware, *traefik-drupal-labels] - traefik.http.routers.drupal_http.rule: &traefik-host-drupal-prod Host(`${DOMAIN}`) + traefik.http.routers.drupal_http.rule: &traefik-host-drupal-prod Host(`${BACKEND_DOMAIN}`) traefik.http.routers.drupal_https.rule: *traefik-host-drupal-prod traefik.http.routers.drupal_https.tls.certresolver: *traefik-certresolver volumes: @@ -502,10 +502,10 @@ services: <<: [*prod, *fcrepo] environment: <<: [*fcrepo-environment] - FCREPO_ALLOW_EXTERNAL_DRUPAL: "https://${DOMAIN}/" + FCREPO_ALLOW_EXTERNAL_DRUPAL: "https://${FRONTEND_DOMAIN}/" labels: <<: [*fcrepo-labels] - traefik.http.routers.fcrepo_http.rule: &traefik-host-fcrepo-prod Host(`fcrepo.${DOMAIN}`) + traefik.http.routers.fcrepo_http.rule: &traefik-host-fcrepo-prod Host(`fcrepo.${FRONTEND_DOMAIN}`) traefik.http.routers.fcrepo_https.rule: *traefik-host-fcrepo-prod traefik.http.routers.fcrepo_https.tls.certresolver: *traefik-certresolver secrets: @@ -547,12 +547,12 @@ services: <<: [*prod, *matomo] labels: <<: [*matomo-labels] - traefik.http.routers.matomo_http.rule: &traefik-host-matomo-prod Host(`${DOMAIN}`) && PathPrefix(`/matomo`) + traefik.http.routers.matomo_http.rule: &traefik-host-matomo-prod Host(`${BACKEND_DOMAIN}`) && PathPrefix(`/matomo`) traefik.http.routers.matomo_https.rule: *traefik-host-matomo-prod traefik.http.routers.matomo_https.tls.certresolver: *traefik-certresolver environment: <<: *matomo-environment - MATOMO_DEFAULT_HOST: "https://${DOMAIN}" + MATOMO_DEFAULT_HOST: "https://${FRONTEND_DOMAIN}" secrets: - source: DB_ROOT_PASSWORD - source: MATOMO_DB_PASSWORD @@ -589,7 +589,7 @@ services: <<: [*prod, *solr] labels: <<: [*traefik-disable, *solr-labels] - traefik.http.routers.solr_http.rule: &traefik-host-solr-prod Host(`solr.${DOMAIN}`) + traefik.http.routers.solr_http.rule: &traefik-host-solr-prod Host(`solr.${FRONTEND_DOMAIN}`) traefik.http.routers.solr_https.rule: *traefik-host-solr-prod traefik.http.routers.solr_https.tls.certresolver: *traefik-certresolver # Ensure drupal mounts the shared volumes first. @@ -683,11 +683,11 @@ services: default: aliases: # Allow services to connect on the same name/port as the outside. - - "${DOMAIN}" # Drupal is at the root domain. - - "activemq.${DOMAIN}" - - "blazegraph.${DOMAIN}" - - "fcrepo.${DOMAIN}" - - "solr.${DOMAIN}" + - "${FRONTEND_DOMAIN}" # Drupal is at the root domain. + - "activemq.${FRONTEND_DOMAIN}" + - "blazegraph.${FRONTEND_DOMAIN}" + - "fcrepo.${FRONTEND_DOMAIN}" + - "solr.${FRONTEND_DOMAIN}" depends_on: # Sometimes traefik doesn't pick up on new containers so make sure # they are started before traefik.