Skip to content

Commit

Permalink
Add Letsencrypt automatic cert generation for registry layer- 86byxgqbj
Browse files Browse the repository at this point in the history
  • Loading branch information
@drizzentic
drizzentic committed Aug 6, 2024
1 parent 5e28705 commit 92e6267
Show file tree
Hide file tree
Showing 12 changed files with 50 additions and 19 deletions.
2 changes: 1 addition & 1 deletion .env.cluster
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ STAGING=true
INSECURE=false

# Reverse Proxy - Traefik
DOMAIN_NAME_HOST_TRAEFIK=domain
DOMAIN_NAME=domain

# Analytics Datastore - Elastic Search
ES_HEAP_SIZE=-Xms8192m -Xmx8192m
Expand Down
2 changes: 1 addition & 1 deletion .env.local
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,4 +28,4 @@ JS_REPORT_PACKAGE_PATH=
# Reverse Proxy - Traefik
PLACEMENT_ROLE_CONSTRAINTS=manager
ENABLE_TRAEFIK_DASHBOARD=true
DOMAIN_NAME_HOST_TRAEFIK=domain
DOMAIN_NAME=domain
9 changes: 8 additions & 1 deletion client-registry-jempi/docker-compose.api.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,11 @@ services:
- traefik.docker.network=reverse-proxy-traefik_public
- traefik.http.routers.jempi-api.service=jempi-api
- traefik.http.services.jempi-api.loadbalancer.server.port=50000
- traefik.http.routers.jempi-api.rule=Host(`${JEMPI_API_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME_HOST_TRAEFIK}`)
- traefik.http.routers.jempi-api.rule=Host(`${JEMPI_API_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME}`)
- traefik.http.routers.jempi-api.entrypoints=websecure
- traefik.http.routers.jempi-api.tls=true
- traefik.http.routers.jempi-api.tls.certresolver=${CERT_RESOLVER}
- traefik.http.services.jempi-api.loadbalancer.server.scheme=http
resources:
limits:
memory: ${JEMPI_API_MEMORY_LIMIT}
Expand All @@ -43,6 +47,7 @@ services:
jempi:
postgres:


jempi-api-kc:
image: jembi/jempi-api-kc:${JEMPI_API_KC_IMAGE_TAG}
environment:
Expand Down Expand Up @@ -89,9 +94,11 @@ services:
jempi:
postgres:


volumes:
jempi-shared-data:


networks:
reverse-proxy:
name: reverse-proxy_public
Expand Down
7 changes: 6 additions & 1 deletion client-registry-jempi/docker-compose.web.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,11 @@ services:
- traefik.docker.network=reverse-proxy-traefik_public
- traefik.http.routers.jempi-web.service=jempi-web
- traefik.http.services.jempi-web.loadbalancer.server.port=3000
- traefik.http.routers.jempi-web.rule=Host(`${JEMPI_WEB_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME_HOST_TRAEFIK}`)
- traefik.http.routers.jempi-web.rule=Host(`${JEMPI_WEB_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME}`)
- traefik.http.routers.jempi-web.entrypoints=websecure
- traefik.http.routers.jempi-web.tls=true
- traefik.http.routers.jempi-web.tls.certresolver=${CERT_RESOLVER}
- traefik.http.services.jempi-web.loadbalancer.server.scheme=http
placement:
max_replicas_per_node: 1
resources:
Expand All @@ -34,6 +38,7 @@ services:
keycloak:
default:


networks:
reverse-proxy:
name: reverse-proxy_public
Expand Down
15 changes: 12 additions & 3 deletions client-registry-santempi/docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,11 @@ services:
- traefik.docker.network=reverse-proxy-traefik_public
- traefik.http.routers.santedb-mpi.service=santedb-mpi
- traefik.http.services.santedb-mpi.loadbalancer.server.port=8080
- traefik.http.routers.santedb-mpi.rule=Host(`${SANTEDB_MPI_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME_HOST_TRAEFIK}`)
- traefik.http.routers.santedb-mpi.rule=Host(`${SANTEDB_MPI_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME}`)
- traefik.http.routers.santedb-mpi.entrypoints=websecure
- traefik.http.routers.santedb-mpi.tls=true
- traefik.http.routers.santedb-mpi.tls.certresolver=${CERT_RESOLVER}
- traefik.http.services.santedb-mpi.loadbalancer.server.scheme=https
volumes:
- santedb-data:/santedb

Expand All @@ -41,16 +45,21 @@ services:
- traefik.docker.network=reverse-proxy-traefik_public
- traefik.http.routers.santedb-www.service=santedb-www
- traefik.http.services.santedb-www.loadbalancer.server.port=9200
- traefik.http.routers.santedb-www.rule=Host(`${SANTEDB_WWW_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME_HOST_TRAEFIK}`)
- traefik.http.routers.santedb-www.rule=Host(`${SANTEDB_WWW_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME}`)
- traefik.http.routers.santedb-www.entrypoints=websecure
- traefik.http.routers.santedb-www.tls=true
- traefik.http.routers.santedb-www.tls.certresolver=${CERT_RESOLVER}
- traefik.http.services.santedb-www.loadbalancer.server.scheme=https
networks:
default:
reverse-proxy:
traefik:

# Sante's Match configuration is stored in the container. This will prevent the matching rules of the client registry from being lost. A docker config cannot be used for this case as the settings can be changed on Sante's UI.
# Sante's Match configuration is stored in the container. This will prevent the matching rules of the client registry from being lost. A docker config cannot be used for this case as the settings can be changed on Sante's UI.
volumes:
santedb-data:


networks:
mpi:
name: mpi_public
Expand Down
2 changes: 1 addition & 1 deletion dashboard-visualiser-jsreport/docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ services:
labels:
- traefik.enable=true
- traefik.docker.network=reverse-proxy-traefik_public
- traefik.http.routers.dashboard-visualiser-jsreport.rule=Host(`${DOMAIN_NAME_HOST_TRAEFIK}`) && PathPrefix(`${JS_REPORT_PATH_PREFIX}`)
- traefik.http.routers.dashboard-visualiser-jsreport.rule=Host(`${DOMAIN_NAME}`) && PathPrefix(`${JS_REPORT_PATH_PREFIX}`)
- traefik.http.middlewares.jsreport-stripprefix.stripprefix.prefixes=${JS_REPORT_PATH_PREFIX}
- traefik.http.routers.dashboard-visualiser-jsreport.middlewares=jsreport-stripprefix
- traefik.http.services.dashboard-visualiser-jsreport.loadbalancer.server.port=5488
Expand Down
2 changes: 1 addition & 1 deletion dashboard-visualiser-kibana/docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ services:
- traefik.enable=true
- traefik.docker.network=reverse-proxy-traefik_public
- traefik.http.routers.dashboard-visualiser-kibana.service=dashboard-visualiser-kibana
- traefik.http.routers.dashboard-visualiser-kibana.rule=Host(`${KIBANA_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME_HOST_TRAEFIK}`)
- traefik.http.routers.dashboard-visualiser-kibana.rule=Host(`${KIBANA_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME}`)
- traefik.http.services.dashboard-visualiser-kibana.loadbalancer.server.port=5601
resources:
limits:
Expand Down
2 changes: 1 addition & 1 deletion dashboard-visualiser-superset/docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ services:
labels:
- traefik.enable=true
- traefik.docker.network=reverse-proxy-traefik_public
- traefik.http.routers.dashboard-visualiser-superset.rule=Host(`${SUPERSET_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME_HOST_TRAEFIK}`)
- traefik.http.routers.dashboard-visualiser-superset.rule=Host(`${SUPERSET_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME}`)
- traefik.http.services.dashboard-visualiser-superset.loadbalancer.server.port=8088
environment:
KC_SUPERSET_SSO_ENABLED: ${KC_SUPERSET_SSO_ENABLED}
Expand Down
2 changes: 1 addition & 1 deletion documentation/packages/reverse-proxy-traefik/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ The package is an alternative reverse proxy Nginx, this reverse proxy exposes pa
| JSReport | Sub Directory (e.g. <domain>/jsreport) |
| OpenHim | Sub Domain (Frontend) Sub Directory (Backend) (e.g. openhim.<domain> and openhim.<domain>/openhimcore) |

> Please ensure that the ENV "DOMAIN_NAME_HOST_TRAEFIK" is set, in this documentation we will be using the placeholder "domain" for its value
> Please ensure that the ENV "DOMAIN_NAME" is set, in this documentation we will be using the placeholder "domain" for its value
## Subdomain-Based Reverse Proxy

Expand Down
2 changes: 1 addition & 1 deletion identity-access-manager-keycloak/docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ services:
- traefik.docker.network=reverse-proxy-traefik_public
- traefik.http.routers.identity-access-manager-keycloak.service=identity-access-manager-keycloak
- traefik.http.services.identity-access-manager-keycloak.loadbalancer.server.port=8080
- traefik.http.routers.identity-access-manager-keycloak.rule=Host(`${KC_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME_HOST_TRAEFIK}`)
- traefik.http.routers.identity-access-manager-keycloak.rule=Host(`${KC_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME}`)
- traefik.http.routers.identity-access-manager-keycloak.tls=true
- traefik.http.routers.identity-access-manager-keycloak.tls.certresolver=${CERT_RESOLVER}
networks:
Expand Down
8 changes: 4 additions & 4 deletions interoperability-layer-openhim/docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,19 +49,19 @@ services:
- traefik.http.services.openhimcomms.loadbalancer.server.scheme=https
- traefik.http.routers.openhimcomms.tls=true
- traefik.http.routers.openhimcomms.entrypoints=websecure
- traefik.http.routers.openhimcomms.rule=Host(`${DOMAIN_NAME_HOST_TRAEFIK}`) && PathPrefix(`/openhimcomms`)
- traefik.http.routers.openhimcomms.rule=Host(`${DOMAIN_NAME}`) && PathPrefix(`/openhimcomms`)
- traefik.http.middlewares.openhimcomms-stripprefix.stripprefix.prefixes=/openhimcomms
- traefik.http.routers.openhimcomms.middlewares=openhimcomms-stripprefix
- traefik.http.routers.openhimcomms.tls.certresolver=le
- traefik.http.routers.openhimcomms.tls.certresolver=${CERT_RESOLVER}
- traefik.http.routers.openhimcore.service=openhimcore
- traefik.http.services.openhimcore.loadbalancer.server.port=5000
- traefik.http.services.openhimcore.loadbalancer.server.scheme=https
- traefik.http.routers.openhimcore.tls=true
- traefik.http.routers.openhimcore.entrypoints=websecure
- traefik.http.routers.openhimcore.rule=Host(`${DOMAIN_NAME_HOST_TRAEFIK}`) && PathPrefix(`/openhimcore`)
- traefik.http.routers.openhimcore.rule=Host(`${DOMAIN_NAME}`) && PathPrefix(`/openhimcore`)
- traefik.http.middlewares.openhimcore-stripprefix.stripprefix.prefixes=/openhimcore
- traefik.http.routers.openhimcore.middlewares=openhimcore-stripprefix
- traefik.http.routers.openhimcore.tls.certresolver=le
- traefik.http.routers.openhimcore.tls.certresolver=${CERT_RESOLVER}



Expand Down
16 changes: 13 additions & 3 deletions monitoring/docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ services:
- traefik.docker.network=reverse-proxy-traefik_public
- traefik.http.routers.grafana.service=grafana
- traefik.http.services.grafana.loadbalancer.server.port=3000
- traefik.http.routers.grafana.rule=Host(${DOMAIN_NAME_HOST_TRAEFIK} && PathPrefix(`/grafana`)
- traefik.http.routers.grafana.rule=Host(`${DOMAIN_NAME}`) && PathPrefix(`/grafana`)
environment:
GF_SECURITY_ADMIN_USER: ${GF_SECURITY_ADMIN_USER}
GF_SECURITY_ADMIN_PASSWORD: ${GF_SECURITY_ADMIN_PASSWORD}
Expand Down Expand Up @@ -72,6 +72,7 @@ services:
traefik:
default:


prometheus:
image: prom/prometheus:v2.38.0
user: root
Expand All @@ -92,6 +93,7 @@ services:
public:
default:


cadvisor:
image: gcr.io/cadvisor/cadvisor:v0.45.0
command: -docker_only
Expand Down Expand Up @@ -152,7 +154,13 @@ services:
MINIO_BROWSER_REDIRECT_URL: ${MINIO_BROWSER_REDIRECT_URL}
MINIO_SERVER_URL: http://localhost:9000
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
test:
[
"CMD",
"curl",
"-f",
"http://localhost:9000/minio/health/live"
]
interval: 30s
timeout: 20s
retries: 3
Expand All @@ -165,7 +173,7 @@ services:
labels:
- traefik.enable=true
- traefik.docker.network=reverse-proxy-traefik_public
- traefik.http.routers.minio.rule=${DOMAIN_NAME_HOST_TRAEFIK} && PathPrefix(`/minio`)
- traefik.http.routers.minio.rule=Host(`${DOMAIN_NAME}`) && PathPrefix(`/minio`)
- traefik.http.services.minio.loadbalancer.server.port=9001
- traefik.http.middlewares.minio-stripprefix.stripprefix.prefixes=/minio
- traefik.http.routers.minio.middlewares=minio-stripprefix
Expand All @@ -174,6 +182,7 @@ services:
traefik:
default:


configs:
grafana.ini:
file: ./grafana/grafana.ini
Expand Down Expand Up @@ -258,6 +267,7 @@ volumes:
minio-01-data1:
minio-01-data2:


networks:
keycloak:
name: keycloak_public
Expand Down

0 comments on commit 92e6267

Please sign in to comment.