Skip to content

Commit

Permalink
Merge branch 'main' into develop
Browse files Browse the repository at this point in the history
  • Loading branch information
alondhe committed Apr 29, 2024
2 parents 2668ae9 + 780f3a6 commit 11c7eee
Show file tree
Hide file tree
Showing 11 changed files with 368 additions and 2 deletions.
2 changes: 1 addition & 1 deletion .env
Original file line number Diff line number Diff line change
Expand Up @@ -426,4 +426,4 @@ ARES_RUN_NETWORK="FALSE" # should the full Ares network analysis be run?
# default admin user login userid and password

PGADMIN_ADMIN_USER="user@domain.com"
PGADMIN_DEFAULT_PASSWORD_FILE="./secrets/pgadmin4/PGADMIN_DEFAULT_PASSWORD"
PGADMIN_DEFAULT_PASSWORD_FILE="./secrets/pgadmin4/PGADMIN_DEFAULT_PASSWORD"
5 changes: 5 additions & 0 deletions .gitattributes
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# Auto detect text files and perform LF normalization
* text=auto

# These files should have specific line endings
*.sh text eol=lf
27 changes: 27 additions & 0 deletions atlas/config-local-template.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
define([], function () {
var configLocal = {};

var getUrl = window.location;
var baseUrl = getUrl.protocol + "//" + getUrl.host;

// WebAPI
configLocal.webAPIRoot = baseUrl + '/WebAPI/';
configLocal.api = {
name: "$ATLAS_INSTANCE_NAME",
url: baseUrl + '/WebAPI/'
};

configLocal.cohortComparisonResultsEnabled = $ATLAS_COHORT_COMPARISON_RESULTS_ENABLED;
configLocal.userAuthenticationEnabled = $ATLAS_USER_AUTH_ENABLED;
configLocal.plpResultsEnabled = $ATLAS_PLP_RESULTS_ENABLED;

configLocal.authProviders = [{
"name": "$ATLAS_SECURITY_PROVIDER_NAME",
"url": "user/login/$ATLAS_SECURITY_PROVIDER_TYPE",
"ajax": $ATLAS_SECURITY_USE_AJAX,
"icon": "fa $ATLAS_SECURITY_ICON",
"isUseCredentialsForm": $ATLAS_SECURITY_USE_FORM
}];

return configLocal;
});
6 changes: 6 additions & 0 deletions atlas/envsubst.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
#!/bin/sh

set -e

envsubst < /tmp/config-local.js > /usr/share/nginx/html/atlas/js/config-local.js
nginx -g 'daemon off;'
2 changes: 1 addition & 1 deletion docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -679,4 +679,4 @@ secrets:
file: ${PGADMIN_DEFAULT_PASSWORD_FILE}




27 changes: 27 additions & 0 deletions ohdsi-atlas.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
version: '3.9'

services:

ohdsi-atlas:
container_name: ohdsi-atlas
platform: ${DOCKER_ARCH}
restart: unless-stopped
ipc: none
privileged: false
environment:
WEBAPI_URL: ${BROADSEA_HOST}/WebAPI
ATLAS_INSTANCE_NAME: ${ATLAS_INSTANCE_NAME}
ATLAS_COHORT_COMPARISON_RESULTS_ENABLED: ${ATLAS_COHORT_COMPARISON_RESULTS_ENABLED}
ATLAS_USER_AUTH_ENABLED: ${ATLAS_USER_AUTH_ENABLED}
ATLAS_PLP_RESULTS_ENABLED: ${ATLAS_PLP_RESULTS_ENABLED}
ATLAS_SECURITY_PROVIDER_NAME: ${ATLAS_SECURITY_PROVIDER_NAME}
ATLAS_SECURITY_PROVIDER_TYPE: ${ATLAS_SECURITY_PROVIDER_TYPE}
ATLAS_SECURITY_ICON: ${ATLAS_SECURITY_ICON}
ATLAS_SECURITY_USE_FORM: ${ATLAS_SECURITY_USE_FORM}
ATLAS_SECURITY_USE_AJAX: ${ATLAS_SECURITY_USE_AJAX}
volumes:
- ./atlas/config-local-template.js:/tmp/config-local.js:ro
- ./atlas/envsubst.sh:/tmp/envsubst.sh:ro
entrypoint: ["sh", "/tmp/envsubst.sh" ]
labels:
- "traefik.enable=true"
138 changes: 138 additions & 0 deletions ohdsi-webapi.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,138 @@
version: '3.9'

services:

ohdsi-webapi:
container_name: ohdsi-webapi
platform: ${DOCKER_ARCH}
restart: unless-stopped
ipc: none
read_only: true
tmpfs:
- /tmp
privileged: false
volumes:
- ./cacerts:/usr/local/openjdk-8/lib/security/cacerts:ro # add a cacerts file if using LDAPS
environment:

DATASOURCE_DRIVERCLASSNAME: org.postgresql.Driver
DATASOURCE_URL: ${WEBAPI_DATASOURCE_URL}
DATASOURCE_USERNAME: ${WEBAPI_DATASOURCE_USERNAME}
DATASOURCE_PASSWORD: ${WEBAPI_DATASOURCE_PASSWORD}
DATASOURCE_OHDSI_SCHEMA: ${WEBAPI_DATASOURCE_OHDSI_SCHEMA}
SPRING_JPA_PROPERTIES_HIBERNATE_DIALECT: org.hibernate.dialect.PostgreSQLDialect
SPRING_JPA_PROPERTIES_HIBERNATE_DEFAULT_SCHEMA: ${WEBAPI_DATASOURCE_OHDSI_SCHEMA}
SPRING_BATCH_REPOSITORY_TABLEPREFIX: ${WEBAPI_DATASOURCE_OHDSI_SCHEMA}.BATCH_
FLYWAY_DATASOURCE_DRIVERCLASSNAME: org.postgresql.Driver
FLYWAY_DATASOURCE_URL: ${WEBAPI_DATASOURCE_URL}
FLYWAY_DATASOURCE_USERNAME: ${WEBAPI_DATASOURCE_USERNAME}
FLYWAY_DATASOURCE_PASSWORD: ${WEBAPI_DATASOURCE_PASSWORD}
FLYWAY_LOCATIONS: classpath:db/migration/postgresql
FLYWAY_PLACEHOLDERS_OHDSISCHEMA: ${WEBAPI_DATASOURCE_OHDSI_SCHEMA}
FLYWAY_SCHEMAS: ${WEBAPI_DATASOURCE_OHDSI_SCHEMA}
FLYWAY_BASELINEONMIGRATE: "true"
FLYWAY_TABLE: schema_history
flyway_baselineVersionAsString: "2.2.5.20180212152023" # this env var is case sensitive
FLYWAY_BASELINEDESCRIPTION: Base Migration
SECURITY_CORS_ENABLED: "true"
SECURITY_ORIGIN: "${HTTP_TYPE}://${BROADSEA_HOST}"
SOLR_ENDPOINT: "${SOLR_VOCAB_ENDPOINT}"

# Security provider enabling/disabling

SECURITY_PROVIDER: ${WEBAPI_SECURITY_PROVIDER}
SECURITY_AUTH_KERBEROS_ENABLED: ${SECURITY_AUTH_KERBEROS_ENABLED}
SECURITY_AUTH_OPENID_ENABLED: ${SECURITY_AUTH_OPENID_ENABLED}
SECURITY_AUTH_FACEBOOK_ENABLED: ${SECURITY_AUTH_FACEBOOK_ENABLED}
SECURITY_AUTH_GITHUB_ENABLED: ${SECURITY_AUTH_GITHUB_ENABLED}
SECURITY_AUTH_GOOGLE_ENABLED: ${SECURITY_AUTH_GOOGLE_ENABLED}
SECURITY_AUTH_JDBC_ENABLED: ${SECURITY_AUTH_JDBC_ENABLED}
SECURITY_AUTH_LDAP_ENABLED: ${SECURITY_AUTH_LDAP_ENABLED}
SECURITY_AUTH_AD_ENABLED: ${SECURITY_AUTH_AD_ENABLED}
SECURITY_AUTH_CAS_ENABLED: ${SECURITY_AUTH_CAS_ENABLED}
SECURITY_AUTH_GOOGLEIAP_ENABLED: ${SECURITY_AUTH_GOOGLEIAP_ENABLED}

# Security env variables - Basic

SECURITY_DB_DATASOURCE_SCHEMA: ${SECURITY_DB_DATASOURCE_SCHEMA}
SECURITY_DB_DATASOURCE_URL: ${SECURITY_DB_DATASOURCE_URL}
SECURITY_DB_DATASOURCE_DRIVERCLASSNAME: ${SECURITY_DB_DATASOURCE_DRIVERCLASSNAME}
SECURITY_DB_DATASOURCE_USERNAME: ${SECURITY_DB_DATASOURCE_USERNAME}
SECURITY_DB_DATASOURCE_PASSWORD: ${SECURITY_DB_DATASOURCE_PASSWORD}

# Security env variables - LDAP

SECURITY_LDAP_DN: ${SECURITY_LDAP_DN}
SECURITY_LDAP_URL: ${SECURITY_LDAP_URL}
SECURITY_LDAP_BASEDN: ${SECURITY_LDAP_BASEDN}
SECURITY_LDAP_SYSTEM_USERNAME: ${SECURITY_LDAP_SYSTEM_USERNAME}
SECURITY_LDAP_SYSTEM_PASSWORD: ${SECURITY_LDAP_SYSTEM_PASSWORD}
SECURITY_LDAP_SEARCHSTRING: ${SECURITY_LDAP_SEARCHSTRING}
SECURITY_LDAP_SEARCHBASE: ${SECURITY_LDAP_SEARCHBASE}

# Security env variables - AD

SECURITY_AD_URL: ${SECURITY_AD_URL}
SECURITY_AD_SEARCHBASE: ${SECURITY_AD_SEARCHBASE}
SECURITY_AD_SEARCHFILTER: ${SECURITY_AD_SEARCHFILTER}
SECURITY_AD_PRINCIPALSUFFIX: ${SECURITY_AD_PRINCIPALSUFFIX}
SECURITY_AD_SEARCHSTRING: ${SECURITY_AD_SEARCHSTRING}
SECURITY_AD_USERMAPPING_DISPLAYNAMEATTR: ${SECURITY_AD_USERMAPPING_DISPLAYNAMEATTR}
SECURITY_AD_USERMAPPING_USERNAMEATTR: ${SECURITY_AD_USERMAPPING_USERNAMEATTR}
SECURITY_AD_SYSTEM_USERNAME: ${SECURITY_AD_SYSTEM_USERNAME}
SECURITY_AD_SYSTEM_PASSWORD: ${SECURITY_AD_SYSTEM_PASSWORD}

# Security env variables - Kerberos

SECURITY_KERBEROS_SPN: ${SECURITY_KERBEROS_SPN}
SECURITY_KERBEROS_KEYTABPATH: ${SECURITY_KERBEROS_KEYTABPATH}

# Security env variables - OAuth

SECURITY_OAUTH_CALLBACK_UI: ${SECURITY_OAUTH_CALLBACK_UI}
SECURITY_OAUTH_CALLBACK_API: ${SECURITY_OAUTH_CALLBACK_API}
SECURITY_OAUTH_CALLBACK_URLRESOLVER: ${SECURITY_OAUTH_CALLBACK_URLRESOLVER}
SECURITY_OAUTH_GOOGLE_APIKEY: ${SECURITY_OAUTH_GOOGLE_APIKEY}
SECURITY_OAUTH_GOOGLE_APISECRET: ${SECURITY_OAUTH_GOOGLE_APISECRET}
SECURITY_OAUTH_FACEBOOK_APIKEY: ${SECURITY_OAUTH_FACEBOOK_APIKEY}
SECURITY_OAUTH_FACEBOOK_APISECRET: ${SECURITY_OAUTH_FACEBOOK_APISECRET}
SECURITY_OAUTH_GITHUB_APIKEY: ${SECURITY_OAUTH_GITHUB_APIKEY}
SECURITY_OAUTH_GITHUB_APISECRET: ${SECURITY_OAUTH_GITHUB_APISECRET}

# Security env variables - OpenID

SECURITY_OID_CLIENTID: ${SECURITY_OID_CLIENTID}
SECURITY_OID_APISECRET: ${SECURITY_OID_APISECRET}
SECURITY_OID_URL: ${SECURITY_OID_URL}
SECURITY_OID_LOGOUTURL: ${SECURITY_OID_LOGOUTURL}
SECURITY_OID_EXTRASCOPES: ${SECURITY_OID_EXTRASCOPES}
SECURITY_OID_REDIRECTURL: ${SECURITY_OID_REDIRECTURL}

# Security env variables - IAP

SECURITY_GOOGLEIAP_CLOUDPROJECTID: ${SECURITY_GOOGLEIAP_CLOUDPROJECTID}
SECURITY_GOOGLEIAP_BACKENDSERVICEID: ${SECURITY_GOOGLEIAP_BACKENDSERVICEID}
SECURITY_GOOGLE_ACCESSTOKEN_ENABLED: ${SECURITY_GOOGLE_ACCESSTOKEN_ENABLED}

# Security env variables - CAS

SECURITY_CAS_LOGINURL: ${HTTP_TYPE}://${WEBAPI_SECURITY_CAS_SERVER}/idp/profile/cas/login
SECURITY_CAS_CALLBACKURL: ${HTTP_TYPE}://${BROADSEA_HOST}/WebAPI/user/cas/callback?client_name=CasClient
SECURITY_CAS_SERVERURL: ${HTTP_TYPE}://${WEBAPI_SECURITY_CAS_SERVER}/idp/profile/cas
SECURITY_CAS_CASTICKET: ticket

# Security env variables - SAML

SECURITY_SAML_ENTITYID: ${SECURITY_SAML_ENTITYID}
SECURITY_SAML_IDPMETADATALOCATION: ${SECURITY_SAML_IDPMETADATALOCATION}
SECURITY_SAML_KEYMANAGER_KEYSTOREFILE: ${SECURITY_SAML_KEYMANAGER_KEYSTOREFILE}
SECURITY_SAML_KEYMANAGER_STOREPASSWORD: ${SECURITY_SAML_KEYMANAGER_STOREPASSWORD}
SECURITY_SAML_KEYMANAGER_DEFAULTKEY: ${SECURITY_SAML_KEYMANAGER_DEFAULTKEY}
SECURITY_SAML_KEYMANAGER_PASSWORDS_ARACHNENETWORK: ${SECURITY_SAML_KEYMANAGER_PASSWORDS_ARACHNENETWORK}
SECURITY_SAML_METADATALOCATION: ${SECURITY_SAML_METADATALOCATION}
SECURITY_SAML_CALLBACKURL: ${SECURITY_SAML_CALLBACKURL}
SECURITY_SAML_SLOURL: ${SECURITY_SAML_SLOURL}
SECURITY_SAML_MAXIMUMAUTHENTICATIONLIFETIME: ${SECURITY_SAML_MAXIMUMAUTHENTICATIONLIFETIME}

labels:
- "traefik.enable=true"
10 changes: 10 additions & 0 deletions postgres-load.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
version: '3.9'

services:

broadsea-postgres-load:
image: alpine:3.17.2
platform: ${DOCKER_ARCH}
ipc: none
privileged: false

95 changes: 95 additions & 0 deletions traefik/config.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@

tls:
stores:
default:
defaultCertificate:
certFile: /etc/certs/broadsea.crt
keyFile: /etc/certs/broadsea.key

http:
routers:
traefik:
entryPoints: '{{ env "HTTP_TYPE" }}'
service: "traefik"
rule: 'Host(`{{ env "BROADSEA_HOST" }}`)'

broadsea-content:
entryPoints: '{{ env "HTTP_TYPE" }}'
service: "broadsea-content"
rule: 'Host(`{{ env "BROADSEA_HOST" }}`) && PathPrefix(`/`)'

ohdsi-atlas:
entryPoints: '{{ env "HTTP_TYPE" }}'
service: "ohdsi-atlas"
rule: 'Host(`{{ env "BROADSEA_HOST" }}`) && PathPrefix(`/atlas`)'

ohdsi-webapi:
entryPoints: '{{ env "HTTP_TYPE" }}'
service: "ohdsi-webapi"
rule: 'Host(`{{ env "BROADSEA_HOST" }}`) && PathPrefix(`/WebAPI`)'

broadsea-hades:
entryPoints: '{{ env "HTTP_TYPE" }}'
service: "broadsea-hades"
rule: 'Host(`{{ env "BROADSEA_HOST" }}`) && PathPrefix(`/hades`)'
middlewares:
- "broadsea-hades-root-path-header"
- "broadsea-hades-path-strip"

broadsea-solr-vocab:
entryPoints: '{{ env "HTTP_TYPE" }}'
service: "broadsea-solr-vocab"
rule: 'Host(`{{ env "BROADSEA_HOST" }}`) && PathPrefix(`/solr`)'

broadsea-ares:
entryPoints: '{{ env "HTTP_TYPE" }}'
service: "broadsea-ares"
rule: 'Host(`{{ env "BROADSEA_HOST" }}`) && PathPrefix(`/ares`)'

middlewares:
broadsea-hades-path-strip:
stripPrefix:
prefixes:
- "/hades"
forceSlash: false

broadsea-hades-root-path-header:
headers:
customRequestHeaders:
X-RStudio-Root-Path: "/hades"

services:
traefik:
loadBalancer:
servers:
- url: http://traefik

broadsea-content:
loadBalancer:
servers:
- url: http://broadsea-content

ohdsi-atlas:
loadBalancer:
servers:
- url: http://ohdsi-atlas:8080

ohdsi-webapi:
loadBalancer:
servers:
- url: http://ohdsi-webapi:8080

broadsea-hades:
loadBalancer:
servers:
- url: http://broadsea-hades:8787

broadsea-solr-vocab:
loadBalancer:
servers:
- url: http://broadsea-solr-vocab:8983

broadsea-ares:
loadBalancer:
servers:
- url: http://broadsea-ares
24 changes: 24 additions & 0 deletions traefik/traefik-http.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
######################################
# HTTP Traefik (No SSL)
######################################

global:
sendAnonymousUsage: false

providers:
docker:
endpoint: "unix:///var/run/docker.sock"
watch: true
exposedByDefault: false

file:
filename: /etc/traefik/config.yml
watch: true

log:
level: INFO
format: common

entryPoints:
http:
address: ":80"
34 changes: 34 additions & 0 deletions traefik/traefik-https.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
######################################
# HTTPS Traefik (with SSL)
######################################

global:
sendAnonymousUsage: false

providers:
docker:
endpoint: "unix:///var/run/docker.sock"
watch: true
exposedByDefault: false

file:
filename: /etc/traefik/config.yml
watch: true

log:
level: INFO
format: common

entryPoints:
http:
address: ":80"
http:
tls: false
redirections:
entryPoint:
to: https
scheme: https
https:
address: ":443"
http:
tls: true

0 comments on commit 11c7eee

Please sign in to comment.