Skip to content

Commit

Permalink
Add Letsencrypt automatic cert generation for registry layer- 86byxgqbj
Browse files Browse the repository at this point in the history
  • Loading branch information
@drizzentic
drizzentic committed Aug 5, 2024
1 parent 5e28705 commit 4565376
Show file tree
Hide file tree
Showing 12 changed files with 35 additions and 18 deletions.
2 changes: 1 addition & 1 deletion .env.cluster
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ STAGING=true
INSECURE=false

# Reverse Proxy - Traefik
DOMAIN_NAME_HOST_TRAEFIK=domain
DOMAIN_NAME=domain

# Analytics Datastore - Elastic Search
ES_HEAP_SIZE=-Xms8192m -Xmx8192m
Expand Down
2 changes: 1 addition & 1 deletion .env.local
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,4 +28,4 @@ JS_REPORT_PACKAGE_PATH=
# Reverse Proxy - Traefik
PLACEMENT_ROLE_CONSTRAINTS=manager
ENABLE_TRAEFIK_DASHBOARD=true
DOMAIN_NAME_HOST_TRAEFIK=domain
DOMAIN_NAME=domain
6 changes: 5 additions & 1 deletion client-registry-jempi/docker-compose.api.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,11 @@ services:
- traefik.docker.network=reverse-proxy-traefik_public
- traefik.http.routers.jempi-api.service=jempi-api
- traefik.http.services.jempi-api.loadbalancer.server.port=50000
- traefik.http.routers.jempi-api.rule=Host(`${JEMPI_API_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME_HOST_TRAEFIK}`)
- traefik.http.routers.jempi-api.rule=Host(`${JEMPI_API_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME}`)
- traefik.http.routers.jempi-api.entrypoints=websecure
- traefik.http.routers.jempi-api.tls=true
- traefik.http.routers.jempi-api.tls.certresolver=${CERT_RESOLVER}
- traefik.http.services.jempi-api.loadbalancer.server.scheme=https
resources:
limits:
memory: ${JEMPI_API_MEMORY_LIMIT}
Expand Down
6 changes: 5 additions & 1 deletion client-registry-jempi/docker-compose.web.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,11 @@ services:
- traefik.docker.network=reverse-proxy-traefik_public
- traefik.http.routers.jempi-web.service=jempi-web
- traefik.http.services.jempi-web.loadbalancer.server.port=3000
- traefik.http.routers.jempi-web.rule=Host(`${JEMPI_WEB_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME_HOST_TRAEFIK}`)
- traefik.http.routers.jempi-web.rule=Host(`${JEMPI_WEB_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME}`)
- traefik.http.routers.jempi-web.entrypoints=websecure
- traefik.http.routers.jempi-web.tls=true
- traefik.http.routers.jempi-web.tls.certresolver=${CERT_RESOLVER}
- traefik.http.services.jempi-web.loadbalancer.server.scheme=https
placement:
max_replicas_per_node: 1
resources:
Expand Down
15 changes: 12 additions & 3 deletions client-registry-santempi/docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,11 @@ services:
- traefik.docker.network=reverse-proxy-traefik_public
- traefik.http.routers.santedb-mpi.service=santedb-mpi
- traefik.http.services.santedb-mpi.loadbalancer.server.port=8080
- traefik.http.routers.santedb-mpi.rule=Host(`${SANTEDB_MPI_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME_HOST_TRAEFIK}`)
- traefik.http.routers.santedb-mpi.rule=Host(`${SANTEDB_MPI_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME}`)
- traefik.http.routers.santedb-mpi.entrypoints=websecure
- traefik.http.routers.santedb-mpi.tls=true
- traefik.http.routers.santedb-mpi.tls.certresolver=${CERT_RESOLVER}
- traefik.http.services.santedb-mpi.loadbalancer.server.scheme=https
volumes:
- santedb-data:/santedb

Expand All @@ -41,16 +45,21 @@ services:
- traefik.docker.network=reverse-proxy-traefik_public
- traefik.http.routers.santedb-www.service=santedb-www
- traefik.http.services.santedb-www.loadbalancer.server.port=9200
- traefik.http.routers.santedb-www.rule=Host(`${SANTEDB_WWW_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME_HOST_TRAEFIK}`)
- traefik.http.routers.santedb-www.rule=Host(`${SANTEDB_WWW_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME}`)
- traefik.http.routers.santedb-www.entrypoints=websecure
- traefik.http.routers.santedb-www.tls=true
- traefik.http.routers.santedb-www.tls.certresolver=${CERT_RESOLVER}
- traefik.http.services.santedb-www.loadbalancer.server.scheme=https
networks:
default:
reverse-proxy:
traefik:

# Sante's Match configuration is stored in the container. This will prevent the matching rules of the client registry from being lost. A docker config cannot be used for this case as the settings can be changed on Sante's UI.
# Sante's Match configuration is stored in the container. This will prevent the matching rules of the client registry from being lost. A docker config cannot be used for this case as the settings can be changed on Sante's UI.
volumes:
santedb-data:


networks:
mpi:
name: mpi_public
Expand Down
2 changes: 1 addition & 1 deletion dashboard-visualiser-jsreport/docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ services:
labels:
- traefik.enable=true
- traefik.docker.network=reverse-proxy-traefik_public
- traefik.http.routers.dashboard-visualiser-jsreport.rule=Host(`${DOMAIN_NAME_HOST_TRAEFIK}`) && PathPrefix(`${JS_REPORT_PATH_PREFIX}`)
- traefik.http.routers.dashboard-visualiser-jsreport.rule=Host(`${DOMAIN_NAME}`) && PathPrefix(`${JS_REPORT_PATH_PREFIX}`)
- traefik.http.middlewares.jsreport-stripprefix.stripprefix.prefixes=${JS_REPORT_PATH_PREFIX}
- traefik.http.routers.dashboard-visualiser-jsreport.middlewares=jsreport-stripprefix
- traefik.http.services.dashboard-visualiser-jsreport.loadbalancer.server.port=5488
Expand Down
2 changes: 1 addition & 1 deletion dashboard-visualiser-kibana/docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ services:
- traefik.enable=true
- traefik.docker.network=reverse-proxy-traefik_public
- traefik.http.routers.dashboard-visualiser-kibana.service=dashboard-visualiser-kibana
- traefik.http.routers.dashboard-visualiser-kibana.rule=Host(`${KIBANA_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME_HOST_TRAEFIK}`)
- traefik.http.routers.dashboard-visualiser-kibana.rule=Host(`${KIBANA_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME}`)
- traefik.http.services.dashboard-visualiser-kibana.loadbalancer.server.port=5601
resources:
limits:
Expand Down
2 changes: 1 addition & 1 deletion dashboard-visualiser-superset/docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ services:
labels:
- traefik.enable=true
- traefik.docker.network=reverse-proxy-traefik_public
- traefik.http.routers.dashboard-visualiser-superset.rule=Host(`${SUPERSET_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME_HOST_TRAEFIK}`)
- traefik.http.routers.dashboard-visualiser-superset.rule=Host(`${SUPERSET_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME}`)
- traefik.http.services.dashboard-visualiser-superset.loadbalancer.server.port=8088
environment:
KC_SUPERSET_SSO_ENABLED: ${KC_SUPERSET_SSO_ENABLED}
Expand Down
2 changes: 1 addition & 1 deletion documentation/packages/reverse-proxy-traefik/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ The package is an alternative reverse proxy Nginx, this reverse proxy exposes pa
| JSReport | Sub Directory (e.g. <domain>/jsreport) |
| OpenHim | Sub Domain (Frontend) Sub Directory (Backend) (e.g. openhim.<domain> and openhim.<domain>/openhimcore) |

> Please ensure that the ENV "DOMAIN_NAME_HOST_TRAEFIK" is set, in this documentation we will be using the placeholder "domain" for its value
> Please ensure that the ENV "DOMAIN_NAME" is set, in this documentation we will be using the placeholder "domain" for its value
## Subdomain-Based Reverse Proxy

Expand Down
2 changes: 1 addition & 1 deletion identity-access-manager-keycloak/docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ services:
- traefik.docker.network=reverse-proxy-traefik_public
- traefik.http.routers.identity-access-manager-keycloak.service=identity-access-manager-keycloak
- traefik.http.services.identity-access-manager-keycloak.loadbalancer.server.port=8080
- traefik.http.routers.identity-access-manager-keycloak.rule=Host(`${KC_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME_HOST_TRAEFIK}`)
- traefik.http.routers.identity-access-manager-keycloak.rule=Host(`${KC_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME}`)
- traefik.http.routers.identity-access-manager-keycloak.tls=true
- traefik.http.routers.identity-access-manager-keycloak.tls.certresolver=${CERT_RESOLVER}
networks:
Expand Down
8 changes: 4 additions & 4 deletions interoperability-layer-openhim/docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,19 +49,19 @@ services:
- traefik.http.services.openhimcomms.loadbalancer.server.scheme=https
- traefik.http.routers.openhimcomms.tls=true
- traefik.http.routers.openhimcomms.entrypoints=websecure
- traefik.http.routers.openhimcomms.rule=Host(`${DOMAIN_NAME_HOST_TRAEFIK}`) && PathPrefix(`/openhimcomms`)
- traefik.http.routers.openhimcomms.rule=Host(`${DOMAIN_NAME}`) && PathPrefix(`/openhimcomms`)
- traefik.http.middlewares.openhimcomms-stripprefix.stripprefix.prefixes=/openhimcomms
- traefik.http.routers.openhimcomms.middlewares=openhimcomms-stripprefix
- traefik.http.routers.openhimcomms.tls.certresolver=le
- traefik.http.routers.openhimcomms.tls.certresolver=${CERT_RESOLVER}
- traefik.http.routers.openhimcore.service=openhimcore
- traefik.http.services.openhimcore.loadbalancer.server.port=5000
- traefik.http.services.openhimcore.loadbalancer.server.scheme=https
- traefik.http.routers.openhimcore.tls=true
- traefik.http.routers.openhimcore.entrypoints=websecure
- traefik.http.routers.openhimcore.rule=Host(`${DOMAIN_NAME_HOST_TRAEFIK}`) && PathPrefix(`/openhimcore`)
- traefik.http.routers.openhimcore.rule=Host(`${DOMAIN_NAME}`) && PathPrefix(`/openhimcore`)
- traefik.http.middlewares.openhimcore-stripprefix.stripprefix.prefixes=/openhimcore
- traefik.http.routers.openhimcore.middlewares=openhimcore-stripprefix
- traefik.http.routers.openhimcore.tls.certresolver=le
- traefik.http.routers.openhimcore.tls.certresolver=${CERT_RESOLVER}



Expand Down
4 changes: 2 additions & 2 deletions monitoring/docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ services:
- traefik.docker.network=reverse-proxy-traefik_public
- traefik.http.routers.grafana.service=grafana
- traefik.http.services.grafana.loadbalancer.server.port=3000
- traefik.http.routers.grafana.rule=Host(${DOMAIN_NAME_HOST_TRAEFIK} && PathPrefix(`/grafana`)
- traefik.http.routers.grafana.rule=Host(${DOMAIN_NAME} && PathPrefix(`/grafana`)
environment:
GF_SECURITY_ADMIN_USER: ${GF_SECURITY_ADMIN_USER}
GF_SECURITY_ADMIN_PASSWORD: ${GF_SECURITY_ADMIN_PASSWORD}
Expand Down Expand Up @@ -165,7 +165,7 @@ services:
labels:
- traefik.enable=true
- traefik.docker.network=reverse-proxy-traefik_public
- traefik.http.routers.minio.rule=${DOMAIN_NAME_HOST_TRAEFIK} && PathPrefix(`/minio`)
- traefik.http.routers.minio.rule=${DOMAIN_NAME} && PathPrefix(`/minio`)
- traefik.http.services.minio.loadbalancer.server.port=9001
- traefik.http.middlewares.minio-stripprefix.stripprefix.prefixes=/minio
- traefik.http.routers.minio.middlewares=minio-stripprefix
Expand Down

0 comments on commit 4565376

Please sign in to comment.