diff --git a/.env.traefik.remote b/.env.traefik.remote index ca1131aa..6fda2a47 100644 --- a/.env.traefik.remote +++ b/.env.traefik.remote @@ -26,28 +26,42 @@ JS_REPORT_PACKAGE_PATH= # KAFKA_TOPICS=2xx,reprocess,3xx,metrics:3:1 KAFKA_TOPICS=2xx,2xx-async,reprocess,3xx,metrics:3:3,patient,observation -OPENHIM_CORE_MEDIATOR_HOSTNAME=c9a4-41-90-68-240.ngrok-free.app +OPENHIM_CORE_MEDIATOR_HOSTNAME=domain OPENHIM_MEDIATOR_API_PORT=443/openhimcomms # Reverse Proxy - Nginx REVERSE_PROXY_INSTANCES=1 -DOMAIN_NAME=c9a4-41-90-68-240.ngrok-free.app -SUBDOMAINS=openhimcomms.,openhimcore.,openhimconsole.,kibana.,reports.,santewww.,santempi.,superset.,keycloak.,grafana.,minio.,jempi-web.,jempi-api. +DOMAIN_NAME=domain +SUBDOMAINS=openhimcomms.domain,openhimcore.domain,openhimconsole.domain,kibana.domain,reports.domain,santewww.domain,santempi.domain,superset.domain,keycloak.domain,grafana.domain,minio.domain,jempi-web.domain,jempi-api.domain STAGING=false INSECURE=false # Identity Access Manager - Keycloak -KC_FRONTEND_URL=https://keycloak.c9a4-41-90-68-240.ngrok-free.app -KC_GRAFANA_ROOT_URL=https://grafana. -KC_JEMPI_ROOT_URL=https://jempi-web. -KC_SUPERSET_ROOT_URL=https://superset. -KC_OPENHIM_ROOT_URL=https://c9a4-41-90-68-240.ngrok-free.app -GF_SERVER_DOMAIN=grafana. - -REACT_APP_JEMPI_BASE_API_HOST=https://jempi-api. +KC_FRONTEND_URL=https://keycloak.domain +KC_GRAFANA_ROOT_URL=https://grafana.domain +KC_JEMPI_ROOT_URL=https://jempi-web.domain +KC_SUPERSET_ROOT_URL=https://superset.domain +KC_OPENHIM_ROOT_URL=https://domain + +REACT_APP_JEMPI_BASE_API_HOST=https://jempi-api.domain REACT_APP_JEMPI_BASE_API_PORT=443 -OPENHIM_CONSOLE_BASE_URL=https://c9a4-41-90-68-240.ngrok-free.app -OPENHIM_API_HOST=https://c9a4-41-90-68-240.ngrok-free.app/openhimcomms +OPENHIM_CONSOLE_BASE_URL=https://domain +OPENHIM_API_HOST=https://domain/openhimcomms OPENHIM_API_PORT=443/openhimcomms -OPENHIM_HOST_NAME=c9a4-41-90-68-240.ngrok-free.app +OPENHIM_HOST_NAME=domain +OPENHIM_CORE_IMAGE=jembi/openhim-core:prerelease +OPENHIM_CONSOLE_IMAGE=jembi/openhim-console:poc-microfrontend-prelease +GF_SERVER_ROOT_URL=https://domain/grafana +GF_SERVER_DOMAIN=domain +MINIO_BROWSER_REDIRECT_URL=https://domain/minio +DOMAIN_NAME_HOST_TRAEFIK=domain +GF_SERVER_SERVE_FROM_SUB_PATH=true + +# Traefik Labels CERT_RESOLVER=le +# letsencrypt staging url https://acme-staging-v02.api.letsencrypt.org/directory +CA_SERVER=https://acme-v02.api.letsencrypt.org/directory +TLS=false +TLS_CHALLENGE=false +WEB_ENTRY_POINT=web +REDIRECT_TO_HTTPS=false diff --git a/client-registry-jempi/docker-compose.api.yml b/client-registry-jempi/docker-compose.api.yml index d586f930..c7a61edf 100644 --- a/client-registry-jempi/docker-compose.api.yml +++ b/client-registry-jempi/docker-compose.api.yml @@ -40,6 +40,13 @@ services: - traefik.http.routers.jempi-api.service=jempi-api - traefik.http.services.jempi-api.loadbalancer.server.port=50000 - traefik.http.routers.jempi-api.rule=Host(`${JEMPI_API_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME_HOST_TRAEFIK}`) + - traefik.http.routers.jempi-api.entrypoints=${WEB_ENTRY_POINT} + - traefik.http.routers.jempi-api.tls=${TLS} + - traefik.http.routers.jempi-api.tls.certresolver=${CERT_RESOLVER} + - traefik.http.services.jempi-api.loadbalancer.server.scheme=http + - traefik.http.middlewares.jempi-api-redirect.redirectscheme.scheme=https + - traefik.http.middlewares.jempi-api-redirect.redirectscheme.permanent=${REDIRECT_TO_HTTPS} + resources: limits: memory: ${JEMPI_API_MEMORY_LIMIT} @@ -53,6 +60,7 @@ services: jempi: postgres: + jempi-api-kc: image: jembi/jempi-api-kc:${JEMPI_API_KC_IMAGE_TAG} configs: @@ -109,9 +117,11 @@ services: jempi: postgres: + volumes: jempi-shared-data: + networks: reverse-proxy: name: reverse-proxy_public diff --git a/client-registry-jempi/docker-compose.web.yml b/client-registry-jempi/docker-compose.web.yml index 130d57ef..08e7f22f 100644 --- a/client-registry-jempi/docker-compose.web.yml +++ b/client-registry-jempi/docker-compose.web.yml @@ -21,6 +21,13 @@ services: - traefik.http.routers.jempi-web.service=jempi-web - traefik.http.services.jempi-web.loadbalancer.server.port=3000 - traefik.http.routers.jempi-web.rule=Host(`${JEMPI_WEB_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME_HOST_TRAEFIK}`) + - traefik.http.routers.jempi-web.entrypoints=${WEB_ENTRY_POINT} + - traefik.http.routers.jempi-web.tls=${TLS} + - traefik.http.routers.jempi-web.tls.certresolver=${CERT_RESOLVER} + - traefik.http.services.jempi-web.loadbalancer.server.scheme=http + - traefik.http.middlewares.jempi-web-redirect.redirectscheme.scheme=https + - traefik.http.middlewares.jempi-web-redirect.redirectscheme.permanent=${REDIRECT_TO_HTTPS} + placement: max_replicas_per_node: 1 resources: @@ -34,6 +41,7 @@ services: keycloak: default: + networks: reverse-proxy: name: reverse-proxy_public diff --git a/client-registry-jempi/importer/openhim/docker-compose.config.yml b/client-registry-jempi/importer/openhim/docker-compose.config.yml index 3f9d0a3b..5b997a96 100644 --- a/client-registry-jempi/importer/openhim/docker-compose.config.yml +++ b/client-registry-jempi/importer/openhim/docker-compose.config.yml @@ -20,15 +20,16 @@ services: openhim: default: + configs: openhim-config-importer-openhimConfig.js: file: ./openhimConfig.js - name: openhim-config-importer-openhimConfig.js-${openhim_config_importer_openhimConfig_js_DIGEST:?err} + name: openhim-config-importer-openhimConfig.js-${jempi_openhim_config_importer_openhimConfig_js_DIGEST:?err} labels: name: openhim openhim-config-importer-openhim-import.json: file: ./openhim-import.json - name: openhim-config-importer-openhim-import.json-${openhim_config_importer_openhim_import_js_DIGEST:?err} + name: openhim-config-importer-openhim-import.json-${jempi_openhim_config_importer_openhim_import_js_DIGEST:?err} labels: name: openhim diff --git a/client-registry-jempi/importer/openhim/openhimConfig.js b/client-registry-jempi/importer/openhim/openhimConfig.js index 37dc1a19..546d34fa 100644 --- a/client-registry-jempi/importer/openhim/openhimConfig.js +++ b/client-registry-jempi/importer/openhim/openhimConfig.js @@ -4,12 +4,11 @@ const fs = require("fs"); const https = require("https"); const path = require("path"); -const OPENHIM_CORE_SERVICE_NAME = 'openhim-core' -const OPENHIM_MEDIATOR_API_PORT = 8080 -const OPENHIM_API_PASSWORD = - process.env.OPENHIM_API_PASSWORD || 'instant101' +const OPENHIM_CORE_SERVICE_NAME = "openhim-core"; +const OPENHIM_MEDIATOR_API_PORT = 8080; +const OPENHIM_API_PASSWORD = process.env.OPENHIM_API_PASSWORD || "instant101"; const OPENHIM_API_USERNAME = - process.env.OPENHIM_API_USERNAME || 'root@openhim.org' + process.env.OPENHIM_API_USERNAME || "root@openhim.org"; const authHeader = new Buffer.from( `${OPENHIM_API_USERNAME}:${OPENHIM_API_PASSWORD}` diff --git a/dashboard-visualiser-superset/docker-compose.yml b/dashboard-visualiser-superset/docker-compose.yml index 36c35097..3d9c4a59 100644 --- a/dashboard-visualiser-superset/docker-compose.yml +++ b/dashboard-visualiser-superset/docker-compose.yml @@ -9,6 +9,13 @@ services: - traefik.docker.network=reverse-proxy-traefik_public - traefik.http.routers.dashboard-visualiser-superset.rule=Host(`${SUPERSET_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME_HOST_TRAEFIK}`) - traefik.http.services.dashboard-visualiser-superset.loadbalancer.server.port=8088 + - traefik.http.services.dashboard-visualiser-superset.loadbalancer.server.scheme=http + - traefik.http.routers.dashboard-visualiser-superset.entrypoints=${WEB_ENTRY_POINT} + - traefik.http.routers.dashboard-visualiser-superset.tls=${TLS} + - traefik.http.routers.dashboard-visualiser-superset.tls.certresolver=${CERT_RESOLVER} + - traefik.http.routers.dashboard-visualiser-superset.middlewares=dashboard-visualiser-superset-redirect + - traefik.http.middlewares.dashboard-visualiser-superset-redirect.redirectscheme.scheme=https + - traefik.http.middlewares.dashboard-visualiser-superset-redirect.redirectscheme.permanent=${REDIRECT_TO_HTTPS} environment: KC_SUPERSET_SSO_ENABLED: ${KC_SUPERSET_SSO_ENABLED} KC_SUPERSET_CLIENT_ID: ${KC_SUPERSET_CLIENT_ID} @@ -46,6 +53,7 @@ services: postgres: default: + configs: superset_config.py: file: ./config/superset_config.py @@ -71,6 +79,7 @@ configs: volumes: superset_home: + networks: clickhouse: name: clickhouse_public diff --git a/documentation/packages/reverse-proxy-traefik/environment-variables.md b/documentation/packages/reverse-proxy-traefik/environment-variables.md new file mode 100644 index 00000000..2714a9d0 --- /dev/null +++ b/documentation/packages/reverse-proxy-traefik/environment-variables.md @@ -0,0 +1,12 @@ +# Traefik Environment Variables + +The following environment variables can be used to configure Traefik: + +| Variable | Value | Description | +| ----------------- | ------------------------------------------------------------------------------------------------ | --------------------------------------------------------------- | +| CERT_RESOLVER | le | The certificate resolver to use for obtaining TLS certificates. | +| CA_SERVER | [https://acme-v02.api.letsencrypt.org/directory](https://acme-v02.api.letsencrypt.org/directory) | The URL of the ACME server for certificate generation. | +| TLS | true | Enable or disable TLS encryption. | +| TLS_CHALLENGE | http | The challenge type to use for TLS certificate generation. | +| WEB_ENTRY_POINT | web | The entry point for web traffic. | +| REDIRECT_TO_HTTPS | true | Enable or disable automatic redirection to HTTPS. | diff --git a/fhir-ig-importer/docker-compose.yml b/fhir-ig-importer/docker-compose.yml index 7c87cced..482307b5 100644 --- a/fhir-ig-importer/docker-compose.yml +++ b/fhir-ig-importer/docker-compose.yml @@ -19,10 +19,23 @@ services: hapi-fhir: openhim: reverse-proxy: + traefik: environment: FHIR_IG_IMPORTER_CORE_URL: ${FHIR_IG_IMPORTER_CORE_URL} OPENHIM_API_USERNAME: ${OPENHIM_USERNAME} OPENHIM_API_PASSWORD: ${OPENHIM_PASSWORD} + deploy: + replicas: 1 + labels: + - traefik.enable=true + - traefik.docker.network=reverse-proxy-traefik_public + - traefik.http.routers.fhir-ig-importer.rule=PathPrefix(`/fhir-ig-importer`) + - traefik.http.routers.fhir-ig-importer.entrypoints=${WEB_ENTRY_POINT} + - traefik.http.routers.fhir-ig-importer.tls=${TLS} + - traefik.http.services.fhir-ig-importer.loadbalancer.server.port=8080 + - traefik.http.services.fhir-ig-importer.loadbalancer.server.scheme=http + - traefik.http.routers.fhir-ig-importer.middlewares=fhir-ig-importer-stripprefix + - traefik.http.middlewares.fhir-ig-importer-stripprefix.stripprefix.prefixes=/fhir-ig-importer networks: hapi-fhir: @@ -34,4 +47,7 @@ networks: reverse-proxy: name: reverse-proxy_public external: true + traefik: + name: reverse-proxy-traefik_public + external: true default: diff --git a/identity-access-manager-keycloak/docker-compose.yml b/identity-access-manager-keycloak/docker-compose.yml index 3c1fbc69..3cd2d8c8 100644 --- a/identity-access-manager-keycloak/docker-compose.yml +++ b/identity-access-manager-keycloak/docker-compose.yml @@ -3,13 +3,7 @@ version: "3.9" services: identity-access-manager-keycloak: image: ${KEYCLOAK_IMAGE} - command: - [ - "start", - "--proxy=edge", - "--hostname-url=${KC_FRONTEND_URL}", - "--import-realm", - ] + command: [ "start", "--proxy=edge", "--hostname-url=${KC_FRONTEND_URL}", "--import-realm" ] hostname: identity-access-manager-keycloak healthcheck: test: curl --fail http://localhost:8080/health/ready || exit 1 @@ -49,10 +43,15 @@ services: - traefik.enable=true - traefik.docker.network=reverse-proxy-traefik_public - traefik.http.routers.identity-access-manager-keycloak.service=identity-access-manager-keycloak + - traefik.http.services.identity-access-manager-keycloak.loadbalancer.server.scheme=http - traefik.http.services.identity-access-manager-keycloak.loadbalancer.server.port=8080 - traefik.http.routers.identity-access-manager-keycloak.rule=Host(`${KC_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME_HOST_TRAEFIK}`) - - traefik.http.routers.identity-access-manager-keycloak.tls=true + - traefik.http.routers.identity-access-manager-keycloak.tls=${TLS} - traefik.http.routers.identity-access-manager-keycloak.tls.certresolver=${CERT_RESOLVER} + - traefik.http.routers.identity-access-manager-keycloak.entrypoints=${WEB_ENTRY_POINT} + - traefik.http.middlewares.identity-access-manager-keycloak-redirect.redirectscheme.scheme=https + - traefik.http.middlewares.identity-access-manager-keycloak-redirect.redirectscheme.permanent=${REDIRECT_TO_HTTPS} + networks: reverse-proxy: public: @@ -60,6 +59,7 @@ services: default: postgres: + configs: realm.json: file: ./config/realm.json diff --git a/interoperability-layer-openhim/docker-compose.yml b/interoperability-layer-openhim/docker-compose.yml index 59a1d95e..d39b0ac5 100644 --- a/interoperability-layer-openhim/docker-compose.yml +++ b/interoperability-layer-openhim/docker-compose.yml @@ -47,24 +47,21 @@ services: - traefik.http.routers.openhimcomms.service=openhimcomms - traefik.http.services.openhimcomms.loadbalancer.server.port=8080 - traefik.http.services.openhimcomms.loadbalancer.server.scheme=https - - traefik.http.routers.openhimcomms.tls=true - - traefik.http.routers.openhimcomms.entrypoints=websecure + - traefik.http.routers.openhimcomms.tls=${TLS} + - traefik.http.routers.openhimcomms.entrypoints=${WEB_ENTRY_POINT} - traefik.http.routers.openhimcomms.rule=Host(`${DOMAIN_NAME_HOST_TRAEFIK}`) && PathPrefix(`/openhimcomms`) - traefik.http.middlewares.openhimcomms-stripprefix.stripprefix.prefixes=/openhimcomms - traefik.http.routers.openhimcomms.middlewares=openhimcomms-stripprefix - - traefik.http.routers.openhimcomms.tls.certresolver=le + - traefik.http.routers.openhimcomms.tls.certresolver=${CERT_RESOLVER-""} - traefik.http.routers.openhimcore.service=openhimcore - traefik.http.services.openhimcore.loadbalancer.server.port=5000 - traefik.http.services.openhimcore.loadbalancer.server.scheme=https - - traefik.http.routers.openhimcore.tls=true - - traefik.http.routers.openhimcore.entrypoints=websecure + - traefik.http.routers.openhimcore.tls=${TLS} + - traefik.http.routers.openhimcore.entrypoints=${WEB_ENTRY_POINT} - traefik.http.routers.openhimcore.rule=Host(`${DOMAIN_NAME_HOST_TRAEFIK}`) && PathPrefix(`/openhimcore`) - traefik.http.middlewares.openhimcore-stripprefix.stripprefix.prefixes=/openhimcore - traefik.http.routers.openhimcore.middlewares=openhimcore-stripprefix - - traefik.http.routers.openhimcore.tls.certresolver=le - - - + - traefik.http.routers.openhimcore.tls.certresolver=${CERT_RESOLVER-""} openhim-console: image: ${OPENHIM_CONSOLE_IMAGE} @@ -93,10 +90,14 @@ services: - traefik.docker.network=reverse-proxy-traefik_public - traefik.http.services.openhim-console.loadbalancer.server.scheme=http - traefik.http.routers.openhim-console.service=openhim-console - - traefik.http.routers.openhim-console.entrypoints=websecure - - traefik.http.routers.openhim-console.tls=true - - traefik.http.routers.openhim-console.rule=Host(`${DOMAIN_NAME}`) + - traefik.http.routers.openhim-console.entrypoints=${WEB_ENTRY_POINT} + - traefik.http.routers.openhim-console.tls=${TLS} + - traefik.http.routers.openhim-console.rule=Host(`${DOMAIN_NAME_HOST_TRAEFIK}`) - traefik.http.services.openhim-console.loadbalancer.server.port=80 + - traefik.http.middlewares.openhim-console-redirect.redirectscheme.scheme=https + - traefik.http.middlewares.openhim-console-redirect.redirectscheme.permanent=${REDIRECT_TO_HTTPS} + - traefik.http.routers.openhim-console.middlewares=openhim-console-redirect + placement: max_replicas_per_node: ${OPENHIM_CONSOLE_MAX_REPLICAS_PER_NODE} resources: diff --git a/kafka-mapper-consumer/docker-compose.yml b/kafka-mapper-consumer/docker-compose.yml index cdd96cda..18dae6b4 100644 --- a/kafka-mapper-consumer/docker-compose.yml +++ b/kafka-mapper-consumer/docker-compose.yml @@ -29,6 +29,19 @@ services: networks: kafka: reverse-proxy: + traefik: + deploy: + replicas: 1 + labels: + - traefik.enable=true + - traefik.docker.network=reverse-proxy-traefik_public + - traefik.http.routers.kafka-mapper-consumer-ui.rule=PathPrefix(`/kafka-mapper-consumer-ui`) + - traefik.http.services.kafka-mapper-consumer-ui.loadbalancer.server.port=80 + - traefik.http.services.kafka-mapper-consumer-ui.loadbalancer.server.url=http://kafka-mapper-consumer-ui:80/jembi-kafka-mapper-consumer-ui.js + - traefik.http.routers.kafka-mapper-consumer-ui.tls=${TLS} + - traefik.http.routers.kafka-mapper-consumer-ui.entrypoints=${WEB_ENTRY_POINT} + - traefik.http.routers.kafka-mapper-consumer-ui.middlewares=kafka-mapper-consumer-ui-stripprefix + - traefik.http.middlewares.kafka-mapper-consumer-ui-stripprefix.stripprefix.prefixes=/kafka-mapper-consumer-ui configs: fhir-mapping.json: @@ -50,4 +63,7 @@ networks: reverse-proxy: name: reverse-proxy_public external: true + traefik: + name: reverse-proxy-traefik_public + external: true default: diff --git a/kafka-mapper-consumer/package-metadata.json b/kafka-mapper-consumer/package-metadata.json index d60905e1..85c7b0ab 100644 --- a/kafka-mapper-consumer/package-metadata.json +++ b/kafka-mapper-consumer/package-metadata.json @@ -2,7 +2,7 @@ "id": "kafka-mapper-consumer", "name": "Kafka Mapper Consumer", "description": "A kafka consumer that maps fhir resources to a flattened data structure", - "type": "use-case", + "type": "infrastructure", "version": "0.0.1", "dependencies": ["message-bus-kafka", "interoperability-layer-openhim"], "environmentVariables": { diff --git a/monitoring/docker-compose.yml b/monitoring/docker-compose.yml index a60cb0fc..20f2f89f 100644 --- a/monitoring/docker-compose.yml +++ b/monitoring/docker-compose.yml @@ -11,7 +11,16 @@ services: - traefik.docker.network=reverse-proxy-traefik_public - traefik.http.routers.grafana.service=grafana - traefik.http.services.grafana.loadbalancer.server.port=3000 - - traefik.http.routers.grafana.rule=Host(${DOMAIN_NAME_HOST_TRAEFIK} && PathPrefix(`/grafana`) + - traefik.http.routers.grafana.rule=Host(`${DOMAIN_NAME_HOST_TRAEFIK}`) && PathPrefix(`/grafana`) + - traefik.http.routers.grafana.tls=${TLS} + - traefik.http.services.grafana.loadbalancer.server.scheme=http + - traefik.http.routers.grafana.entrypoints=${WEB_ENTRY_POINT} + - traefik.http.routers.grafana.tls.certresolver=${CERT_RESOLVER-le} + - traefik.http.middlewares.grafana-stripprefix.stripprefix.prefixes=/grafana + - traefik.http.routers.grafana.middlewares=grafana-stripprefix + - traefik.http.middlewares.grafana-redirect.redirectscheme.scheme=https + - traefik.http.middlewares.grafana-redirect.redirectscheme.permanent=${REDIRECT_TO_HTTPS} + environment: GF_SECURITY_ADMIN_USER: ${GF_SECURITY_ADMIN_USER} GF_SECURITY_ADMIN_PASSWORD: ${GF_SECURITY_ADMIN_PASSWORD} @@ -38,7 +47,7 @@ services: GF_AUTH_GENERIC_OAUTH_API_URL: "${KC_API_URL}/realms/${KC_REALM_NAME}/protocol/openid-connect/userinfo" GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'Viewer'" GF_SERVER_DOMAIN: ${GF_SERVER_DOMAIN} - GF_SERVER_ROOT_URL: ${KC_GRAFANA_ROOT_URL} + GF_SERVER_ROOT_URL: ${GF_SERVER_ROOT_URL} GF_SERVER_SERVE_FROM_SUB_PATH: ${GF_SERVER_SERVE_FROM_SUB_PATH} GF_AUTH_SIGNOUT_REDIRECT_URL: "${KC_FRONTEND_URL}/realms/${KC_REALM_NAME}/protocol/openid-connect/logout?client_id=${KC_GRAFANA_CLIENT_ID}&post_logout_redirect_uri=${KC_GRAFANA_ROOT_URL}/login" configs: @@ -228,6 +237,7 @@ volumes: loki-data: + networks: keycloak: name: keycloak_public diff --git a/reprocess-mediator/docker-compose.yml b/reprocess-mediator/docker-compose.yml index e23b97a4..0332e116 100644 --- a/reprocess-mediator/docker-compose.yml +++ b/reprocess-mediator/docker-compose.yml @@ -22,8 +22,21 @@ services: openhim: reprocess: reverse-proxy: + traefik: environment: REPROCESSOR_API_BASE_URL: ${REPROCESSOR_API_BASE_URL} + deploy: + replicas: 1 + labels: + - traefik.enable=true + - traefik.docker.network=reverse-proxy-traefik_public + - traefik.http.routers.reprocess-mediator-ui.rule=PathPrefix(`/reprocess-mediator-ui`) + - traefik.http.services.reprocess-mediator-ui.loadbalancer.server.port=80 + - traefik.http.services.reprocess-mediator-ui.loadbalancer.server.url=http://reprocess-mediator-ui:80/jembi-reprocessor-mediator-microfrontend.js + - traefik.http.routers.reprocess-mediator-ui.tls=${TLS} + - traefik.http.routers.reprocess-mediator-ui.entrypoints=${WEB_ENTRY_POINT} + - traefik.http.routers.reprocess-mediator-ui.middlewares=reprocess-mediator-ui-stripprefix + - traefik.http.middlewares.reprocess-mediator-ui-stripprefix.stripprefix.prefixes=/reprocess-mediator-ui networks: openhim: @@ -38,3 +51,6 @@ networks: openhim-mongo: name: openhim_mongo_public external: true + traefik: + name: reverse-proxy-traefik_public + external: true diff --git a/reverse-proxy-traefik/docker-compose.yml b/reverse-proxy-traefik/docker-compose.yml index 6fae1279..ebd83ea3 100644 --- a/reverse-proxy-traefik/docker-compose.yml +++ b/reverse-proxy-traefik/docker-compose.yml @@ -22,7 +22,7 @@ services: #certificate resolver - --certificatesresolvers.le.acme.email=${ACME_EMAIL?Variable not set} - --certificatesresolvers.le.acme.storage=/certificates/acme.json - - --certificatesresolvers.le.acme.tlschallenge=true + - --certificatesresolvers.le.acme.tlschallenge=${TLS_CHALLENGE} - --certificatesresolvers.le.acme.caserver=${CA_SERVER} - --certificatesresolvers.le.acme.dnschallenge.delaybeforecheck=0 @@ -41,11 +41,12 @@ services: - traefik.http.routers.traefik.entrypoints=http - traefik.http.routers.traefik.middlewares=auth - traefik.http.routers.traefik.service=api@internal - - traefik.http.routers.traefik.tls=true - - traefik.http.routers.traefik.tls.certresolver=${CERT_RESOLVER} + - traefik.http.routers.traefik.tls=${TLS} + - traefik.http.routers.traefik.tls.certresolver=${CERT_RESOLVER-""} - traefik.http.services.openhim-console.loadbalancer.server.port=8080 - traefik.http.middlewares.to-https.redirectscheme.scheme=https + - traefik.http.middlewares.to-https.redirectscheme.permanent=${REDIRECT_TO_HTTPS} - traefik.http.middlewares.auth.basicauth.users=${USERNAME}:${PASSWORD} placement: diff --git a/test/cucumber/features/single-mode/recipe.feature b/test/cucumber/features/single-mode/recipe.feature index c676be79..93490536 100644 --- a/test/cucumber/features/single-mode/recipe.feature +++ b/test/cucumber/features/single-mode/recipe.feature @@ -15,8 +15,6 @@ Feature: CDR-DW recipe? And The service "identity-access-manager-keycloak" should be started with 1 replica And The service "jempi-ratel" should be started with 1 replica And The service "jempi-alpha-01" should be started with 1 replica - And The service "jempi-alpha-02" should be started with 1 replica - And The service "jempi-alpha-03" should be started with 1 replica And The service "jempi-zero-01" should be started with 1 replica And The service "jempi-async-receiver" should be started with 1 replica And The service "kafka-unbundler-consumer" should be started with 1 replica diff --git a/test/cucumber/features/steps/recipesSteps.js b/test/cucumber/features/steps/recipesSteps.js index 5785eaf4..3ed48969 100644 --- a/test/cucumber/features/steps/recipesSteps.js +++ b/test/cucumber/features/steps/recipesSteps.js @@ -19,6 +19,10 @@ const clickhouse = new ClickHouse({ port: CLICKHOUSE_PORT, debug: CLICKHOUSE_DEBUG, raw: true, + basicAuth: { + username: "default", + password: "dev_password_only", + }, }); const query = (table) => `SELECT * FROM ${table}`;