switch to security proxy and config to make maelstro accessible

georchestra · Jan 21, 2025 · 6af38f3 · 6af38f3
1 parent 48da1eb
commit 6af38f3
Show file tree

Hide file tree

Showing 6 changed files with 135 additions and 57 deletions.
diff --git a/README.md b/README.md
@@ -1,2 +1,9 @@
 # maelstro
 geOrchestra Maelstro is an application which helps synchronise geonetwork and geoserver instances
+
+
+## run it in docker
+Refer to documentation from https://github.com/georchestra/docker/tree/master?tab=readme-ov-file#on-linux to trust caddy certificate
+
+Also you need to run few commands before to start documented here : [georchestra/README.md](georchestra/README.md)
+
diff --git a/georchestra/0001-tweat-gateway-and-security-proxy-config-to-host-mael.patch b/georchestra/0001-tweat-gateway-and-security-proxy-config-to-host-mael.patch
@@ -0,0 +1,70 @@
+From 7708ff6453b48253f9047c6afc20c11e05e99e04 Mon Sep 17 00:00:00 2001
+From: Jean-Michel Crepel <[email protected]>
+Date: Tue, 21 Jan 2025 10:17:24 +0100
+Subject: [PATCH] tweat gateway and security-proxy config to host maelstro
+ backend service
+
+---
+ gateway/routes.yaml                       | 10 +++++++++-
+ security-proxy/security-proxy.properties  |  2 +-
+ security-proxy/targets-mapping.properties |  1 +
+ 3 files changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/gateway/routes.yaml b/gateway/routes.yaml
+index 86c25b9..3ca3c2f 100644
+--- a/gateway/routes.yaml
++++ b/gateway/routes.yaml
+@@ -10,7 +10,7 @@ spring:
+         predicates:
+         - Path=/
+         filters:
+-        - RedirectTo=308, /datahub/
++        - RedirectTo=308, /geonetwork/
+       - id: header
+         uri: ${georchestra.gateway.services.header.target}
+         predicates:
+@@ -59,6 +59,13 @@ spring:
+         uri: ${georchestra.gateway.services.ogc-api-records.target}
+         predicates:
+         - Path=/ogc-api-records/**
++      - id: maelstro-back
++        uri: ${georchestra.gateway.services.maelstro-back.target}
++        predicates:
++        - Path=/maelstrob/**
++        filters:
++        - RewritePath=/maelstrob/(?<segment>.*),/$\{segment}
++
+
+ georchestra.gateway.services:
+   console.target: http://${CONSOLE_HOST}:8080/console/
+@@ -71,3 +78,4 @@ georchestra.gateway.services:
+   import.target: http://${IMPORT_HOST}:80/
+   mapstore.target: http://${MAPSTORE_HOST}:8080/mapstore/
+   ogc-api-records.target: http://${OGC_API_RECORDS_HOST}:8080/ogc-api-records/
++  maelstro-back.target: http://${MAELSTRO_HOST}:8000/
+diff --git a/security-proxy/security-proxy.properties b/security-proxy/security-proxy.properties
+index d42ef7a..6a23907 100644
+--- a/security-proxy/security-proxy.properties
++++ b/security-proxy/security-proxy.properties
+@@ -131,7 +131,7 @@ casTicketValidation=http://${CAS_HOST}:8080/cas
+ # The security-proxy will 302 redirect / to the defaultTarget value (/header by default).
+ # Change it if your homepage (eg a CMS) is located on /portal/ for instance
+ # default: ${headerUrl}
+-#defaultTarget=${headerUrl}
++defaultTarget=/geonetwork/
+
+
+ # Connection pool settings for the logger appender that inserts OGC request stats on the database
+diff --git a/security-proxy/targets-mapping.properties b/security-proxy/targets-mapping.properties
+index 1bccb4f..eadd82b 100644
+--- a/security-proxy/targets-mapping.properties
++++ b/security-proxy/targets-mapping.properties
+@@ -9,3 +9,4 @@ datafeeder=http://${DATAFEEDER_HOST}:8080/datafeeder/
+ import=http://${IMPORT_HOST}:80/
+ datahub=http://${DATAHUB_HOST}:80/datahub/
+ ogc-api-records=http://${OGC_API_RECORDS_HOST}:8080/ogc-api-records/
++maelstrob=http://${MAELSTRO_HOST}:8000/
+\ No newline at end of file
+-- 
+2.34.1
+
diff --git a/georchestra/0001-tweat-gateway-config-to-host-maelstro-backend-servic.patch b/georchestra/0001-tweat-gateway-config-to-host-maelstro-backend-servic.patch
diff --git a/georchestra/README.md b/georchestra/README.md
@@ -9,7 +9,7 @@ Start composition
 ```
 git submodule update --init --recursive
 cd config
-git apply ../0001-tweat-gateway-config-to-host-maelstro-backend-servic.patch
+git apply ../0001-tweat-gateway-and-security-proxy-config-to-host-mael.patch
 cd ..
 docker compose up -d
 ```

diff --git a/georchestra/geor-compose.yml b/georchestra/geor-compose.yml
@@ -49,7 +49,7 @@ services:
         condition: service_completed_successfully
     volumes:
       - postgresql_data:/var/lib/postgresql/data
-    restart: always
+    restart: no
 
   ldap:
     image: georchestra/ldap:24.0.x
@@ -74,21 +74,66 @@ services:
     volumes:
       - ldap_data:/var/lib/ldap
       - ldap_config:/etc/ldap
-    restart: always
+    restart: no
 
-  gateway:
-    image: georchestra/gateway:1.1.x
+#  gateway:
+#    image: georchestra/gateway:1.1.x
+#    depends_on:
+#      - database
+#    volumes:
+#      - georchestra_datadir:/etc/georchestra
+#    environment:
+#      - JAVA_TOOL_OPTIONS=-Dgeorchestra.datadir=/etc/georchestra
+#    env_file:
+#      - .envs-common
+#      - .envs-ldap
+#      - .envs-hosts
+#      - .envs-database-georchestra
+  proxy:
+    image: georchestra/security-proxy:24.0.x
+    healthcheck:
+      test: ["CMD-SHELL", "curl -s -f http://localhost:8080/_static/bootstrap_3.0.0/css/bootstrap-theme.min.css >/dev/null || exit 1"]
+      interval: 30s
+      timeout: 10s
+      retries: 10
     depends_on:
-      - database
+      ldap:
+        condition: service_healthy
+      database:
+        condition: service_healthy
     volumes:
       - georchestra_datadir:/etc/georchestra
     environment:
-      - JAVA_TOOL_OPTIONS=-Dgeorchestra.datadir=/etc/georchestra
+      - JAVA_OPTIONS=-Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF
+      - XMS=256M
+      - XMX=1G
     env_file:
       - .envs-common
       - .envs-ldap
       - .envs-hosts
       - .envs-database-georchestra
+    restart: no
+  cas:
+    image: georchestra/cas:latest
+    healthcheck:
+      test: [ "CMD-SHELL", "curl -s -f http://localhost:8080/cas/login >/dev/null || exit 1" ]
+      interval: 30s
+      timeout: 10s
+      retries: 10
+    depends_on:
+      ldap:
+        condition: service_healthy
+    volumes:
+      - georchestra_datadir:/etc/georchestra
+    environment:
+      - JAVA_OPTIONS=-Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF
+      - XMS=256M
+      - XMX=1G
+    env_file:
+      - .envs-common
+      - .envs-ldap
+      - .envs-database-georchestra
+    restart: no
 
   geoserver:
     image: georchestra/geoserver:24.0.x
@@ -116,7 +161,7 @@ services:
     env_file:
       - .envs-database-georchestra
       - .envs-database-datafeeder
-    restart: always
+    restart: no
 
   console:
     image: georchestra/console:24.0.x
@@ -141,7 +186,7 @@ services:
       - .envs-ldap
       - .envs-database-georchestra
       - .envs-hosts
-    restart: always
+    restart: no
 
   geonetwork:
     image: georchestra/geonetwork:24.0.x
@@ -167,7 +212,7 @@ services:
     env_file:
       - .envs-hosts
       - .envs-database-georchestra
-    restart: always
+    restart: no
 
   postgis:
     # used by datafeeder to ingest uploaded user datasets into
@@ -184,7 +229,7 @@ services:
       - .envs-database-datafeeder
     volumes:
       - datafeeder_postgis_data:/var/lib/postgresql/data
-    restart: always
+    restart: no
 
   elasticsearch:
     image: docker.elastic.co/elasticsearch/elasticsearch:7.17.21
@@ -205,6 +250,6 @@ services:
     environment:
       discovery.type: single-node
       ES_JAVA_OPTS: -Xms512m -Xmx512m
-    restart: always
+    restart: no
 
 
diff --git a/georchestra/resources/caddy/etc/Caddyfile b/georchestra/resources/caddy/etc/Caddyfile
@@ -44,7 +44,7 @@
     }
 
     handle {
-        reverse_proxy gateway:8080
+        reverse_proxy proxy:8080
         header {
             Access-Control-Allow-Origin *
             Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS"