Merge pull request #291 from jembi/CU-86by26xnx_Add-a-new-package-for…

…-Traefik-as-a-reverse-proxy Cu 86by26xnx add a new package for traefik as a reverse proxy
jembi · Jul 25, 2024 · eec78aa · eec78aa
2 parents c62d307 + 3f21567
commit eec78aa
Show file tree

Hide file tree

Showing 28 changed files with 516 additions and 17 deletions.
diff --git a/.env.cluster b/.env.cluster
@@ -37,6 +37,9 @@ SUBDOMAINS=openhimcomms.domain,openhimcore.domain,openhimconsole.domain,kibana.d
 STAGING=true
 INSECURE=false
 
+# Reverse Proxy - Traefik
+DOMAIN_NAME_HOST_TRAEFIK=domain
+
 # Analytics Datastore - Elastic Search
 ES_HEAP_SIZE=-Xms8192m -Xmx8192m
 ES_LEADER_NODE=analytics-datastore-elastic-search-01

diff --git a/.env.local b/.env.local
@@ -24,3 +24,8 @@ JS_REPORT_PACKAGE_PATH=
 #  !NOTE: Topics should comma seperated, optional include partion and repliction values
 #   e.g. <topic>:<partions>:<replicationFactor> -> test:3:2 (defaults to <topics>:3:1)
 # KAFKA_TOPICS=2xx,reprocess,3xx,metrics:3:1
+
+# Reverse Proxy - Traefik
+PLACEMENT_ROLE_CONSTRAINTS=manager
+ENABLE_TRAEFIK_DASHBOARD=true
+DOMAIN_NAME_HOST_TRAEFIK=domain
diff --git a/client-registry-jempi/docker-compose.api.yml b/client-registry-jempi/docker-compose.api.yml
@@ -1,4 +1,4 @@
-version: '3.9'
+version: "3.9"
 
 services:
   jempi-api:
@@ -24,6 +24,12 @@ services:
       - "jempi-shared-data:/app/csv"
     deploy:
       replicas: ${JEMPI_API_INSTANCES}
+      labels:
+        - traefik.enable=true
+        - traefik.docker.network=reverse-proxy-traefik_public
+        - traefik.http.routers.jempi-api.service=jempi-api
+        - traefik.http.services.jempi-api.loadbalancer.server.port=50000
+        - traefik.http.routers.jempi-api.rule=Host(`${JEMPI_API_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME_HOST_TRAEFIK}`)
       resources:
         limits:
           memory: ${JEMPI_API_MEMORY_LIMIT}
@@ -32,11 +38,11 @@ services:
     networks:
       reverse-proxy:
       kafka:
+      traefik:
       default:
       jempi:
       postgres:
 
-
   jempi-api-kc:
     image: jembi/jempi-api-kc:${JEMPI_API_KC_IMAGE_TAG}
     environment:
@@ -78,19 +84,21 @@ services:
     networks:
       reverse-proxy:
       kafka:
+      traefik:
       default:
       jempi:
       postgres:
 
-
 volumes:
   jempi-shared-data:
 
-
 networks:
   reverse-proxy:
     name: reverse-proxy_public
     external: true
+  traefik:
+    name: reverse-proxy-traefik_public
+    external: true
   jempi:
     name: jempi_public
     external: true

diff --git a/client-registry-jempi/docker-compose.web.yml b/client-registry-jempi/docker-compose.web.yml
@@ -1,4 +1,4 @@
-version: '3.9'
+version: "3.9"
 
 services:
   jempi-web:
@@ -15,6 +15,12 @@ services:
       REACT_APP_SHOW_BRAND_LOGO: "false"
     deploy:
       replicas: ${JEMPI_WEB_INSTANCES}
+      labels:
+        - traefik.enable=true
+        - traefik.docker.network=reverse-proxy-traefik_public
+        - traefik.http.routers.jempi-web.service=jempi-web
+        - traefik.http.services.jempi-web.loadbalancer.server.port=3000
+        - traefik.http.routers.jempi-web.rule=Host(`${JEMPI_WEB_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME_HOST_TRAEFIK}`)
       placement:
         max_replicas_per_node: 1
       resources:
@@ -24,14 +30,17 @@ services:
           memory: ${JEMPI_WEB_MEMORY_RESERVE}
     networks:
       reverse-proxy:
+      traefik:
       keycloak:
       default:
 
-
 networks:
   reverse-proxy:
     name: reverse-proxy_public
     external: true
+  traefik:
+    name: reverse-proxy-traefik_public
+    external: true
   keycloak:
     name: keycloak_public
     external: true

diff --git a/client-registry-jempi/package-metadata.json b/client-registry-jempi/package-metadata.json
@@ -95,6 +95,9 @@
     "KAFKA_APPLICATION_ID_CTRL": "app-id-ctrl",
     "KAFKA_CLIENT_ID_CTRL": "client-id-ctrl",
     "KAFKA_APPLICATION_ID_BOOTSTRAPPER": "app-id-bootstrapper",
-    "JEMPI_BOOTSTRAPPER_IMAGE_TAG": "1.0.1-beta"
+    "JEMPI_BOOTSTRAPPER_IMAGE_TAG": "1.0.1-beta",
+    "JEMPI_API_KC_TRAEFIK_SUBDOMAIN": "jempi-api-kc",
+    "JEMPI_API_TRAEFIK_SUBDOMAIN": "jempi-api",
+    "JEMPI_WEB_TRAEFIK_SUBDOMAIN": "jempi-web"
   }
 }
diff --git a/client-registry-santempi/docker-compose.yml b/client-registry-santempi/docker-compose.yml
@@ -7,6 +7,7 @@ services:
       mpi:
       public:
       reverse-proxy:
+      traefik:
       default:
       postgres:
     environment:
@@ -23,14 +24,28 @@ services:
       - SDB_DELAY_START=5000
     deploy:
       replicas: ${SANTEMPI_INSTANCES}
+      labels:
+        - traefik.enable=true
+        - traefik.docker.network=reverse-proxy-traefik_public
+        - traefik.http.routers.santedb-mpi.service=santedb-mpi
+        - traefik.http.services.santedb-mpi.loadbalancer.server.port=8080
+        - traefik.http.routers.santedb-mpi.rule=Host(`${SANTEDB_MPI_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME_HOST_TRAEFIK}`)
     volumes:
       - santedb-data:/santedb
 
   santedb-www:
     image: ${SANTEDB_WWW_IMAGE}
+    deploy:
+      labels:
+        - traefik.enable=true
+        - traefik.docker.network=reverse-proxy-traefik_public
+        - traefik.http.routers.santedb-www.service=santedb-www
+        - traefik.http.services.santedb-www.loadbalancer.server.port=9200
+        - traefik.http.routers.santedb-www.rule=Host(`${SANTEDB_WWW_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME_HOST_TRAEFIK}`)
     networks:
       default:
       reverse-proxy:
+      traefik:
 
 # Sante's Match configuration is stored in the container. This will prevent the matching rules of the client registry from being lost. A docker config cannot be used for this case as the settings can be changed on Sante's UI.
 volumes:
@@ -46,6 +61,9 @@ networks:
   reverse-proxy:
     name: reverse-proxy_public
     external: true
+  traefik:
+    name: reverse-proxy-traefik_public
+    external: true
   default:
   postgres:
     name: postgres_public

diff --git a/client-registry-santempi/package-metadata.json b/client-registry-santempi/package-metadata.json
@@ -7,6 +7,9 @@
   "dependencies": ["database-postgres"],
   "environmentVariables": {
     "SANTEMPI_INSTANCES": "1",
+    "POSTGRESQL_PASSWORD": "instant101",
+    "POSTGRESQL_USERNAME": "postgres",
+    "SANTEMPI_DB_REP_SET": "postgres-1",
     "SANTE_POSTGRES_PASSWORD": "postgres",
     "SANTEMPI_POSTGRESQL_PASSWORD": "SanteDB123",
     "SANTEMPI_POSTGRESQL_USERNAME": "santedb",
@@ -17,6 +20,8 @@
     "SANTEMPI_PSQL_IMAGE": "bitnami/postgresql-repmgr:14",
     "PSQL_1_PLACEMENT": "node-1",
     "PSQL_2_PLACEMENT": "node-2",
-    "PSQL_3_PLACEMENT": "node-3"
+    "PSQL_3_PLACEMENT": "node-3",
+    "SANTEDB_WWW_TRAEFIK_SUBDOMAIN": "santewww-health.org",
+    "SANTEDB_MPI_TRAEFIK_SUBDOMAIN": "santempi-health.org"
   }
 }
diff --git a/config.yaml b/config.yaml
@@ -23,6 +23,7 @@ packages:
   - client-registry-jempi
   - identity-access-manager-keycloak
   - openhim-mapping-mediator
+  - reverse-proxy-traefik
   - database-postgres
   - reprocess-mediator
   - fhir-ig-importer

diff --git a/dashboard-visualiser-jsreport/docker-compose.yml b/dashboard-visualiser-jsreport/docker-compose.yml
@@ -13,6 +13,13 @@ services:
       placement:
         max_replicas_per_node: ${JS_REPORT_MAX_REPLICAS_PER_NODE}
       replicas: ${JS_REPORT_INSTANCES}
+      labels:
+        - traefik.enable=true
+        - traefik.docker.network=reverse-proxy-traefik_public
+        - traefik.http.routers.dashboard-visualiser-jsreport.rule=Host(`${DOMAIN_NAME_HOST_TRAEFIK}`) && PathPrefix(`${JS_REPORT_PATH_PREFIX}`)
+        - traefik.http.middlewares.jsreport-stripprefix.stripprefix.prefixes=${JS_REPORT_PATH_PREFIX}
+        - traefik.http.routers.dashboard-visualiser-jsreport.middlewares=jsreport-stripprefix
+        - traefik.http.services.dashboard-visualiser-jsreport.loadbalancer.server.port=5488
       resources:
         limits:
           cpus: ${JS_REPORT_CPU_LIMIT}
@@ -24,6 +31,7 @@ services:
       co.elastic.metrics/module: "docker"
       co.elastic.metrics/metricsets: "cpu,memory,diskio,info,healthcheck,container"
     environment:
+      appPath: ${JS_REPORT_PATH_PREFIX}
       allowLocalFilesAccess: "true"
       extensions_fsStore_dataDirectory: "jsreport/data"
       extensions_fsStore_externalModificationsSync: "true"
@@ -37,6 +45,7 @@ services:
       - jsreport-data:/jsreport
     networks:
       reverse-proxy:
+      traefik:
       elastic:
       default:
 
@@ -50,4 +59,7 @@ networks:
   elastic:
     name: elastic_public
     external: true
+  traefik:
+    name: reverse-proxy-traefik_public
+    external: true
   default:
diff --git a/dashboard-visualiser-jsreport/package-metadata.json b/dashboard-visualiser-jsreport/package-metadata.json
@@ -22,6 +22,8 @@
     "JS_REPORT_MEMORY_RESERVE": "500M",
     "JS_REPORT_DEV_MOUNT": "false",
     "JS_REPORT_PACKAGE_PATH": "",
-    "JS_REPORT_LICENSE_KEY": ""
+    "JS_REPORT_LICENSE_KEY": "",
+    "JS_REPORT_TRAEFIK_HOST_NAME": "reports",
+    "JS_REPORT_PATH_PREFIX": ""
   }
 }
diff --git a/dashboard-visualiser-kibana/docker-compose.yml b/dashboard-visualiser-kibana/docker-compose.yml
@@ -13,6 +13,12 @@ services:
       ES_KIBANA_SYSTEM: ${ES_KIBANA_SYSTEM?:err}
     deploy:
       replicas: ${KIBANA_INSTANCES}
+      labels:
+        - traefik.enable=true
+        - traefik.docker.network=reverse-proxy-traefik_public
+        - traefik.http.routers.dashboard-visualiser-kibana.service=dashboard-visualiser-kibana
+        - traefik.http.routers.dashboard-visualiser-kibana.rule=Host(`${KIBANA_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME_HOST_TRAEFIK}`)
+        - traefik.http.services.dashboard-visualiser-kibana.loadbalancer.server.port=5601
       resources:
         limits:
           memory: ${KIBANA_MEMORY_LIMIT}
@@ -23,6 +29,7 @@ services:
         source: ${KIBANA_YML_CONFIG}
     networks:
       reverse-proxy:
+      traefik:
       elastic:
       default:
 
@@ -40,6 +47,9 @@ networks:
   reverse-proxy:
     name: reverse-proxy_public
     external: true
+  traefik:
+    name: reverse-proxy-traefik_public
+    external: true
   elastic:
     name: elastic_public
     external: true

diff --git a/dashboard-visualiser-kibana/package-metadata.json b/dashboard-visualiser-kibana/package-metadata.json
@@ -16,6 +16,7 @@
     "KIBANA_CONFIG_FILE": "kibana-export.ndjson",
     "KIBANA_SSL": "false",
     "KIBANA_MEMORY_LIMIT": "3G",
-    "KIBANA_MEMORY_RESERVE": "500M"
+    "KIBANA_MEMORY_RESERVE": "500M",
+    "KIBANA_TRAEFIK_SUBDOMAIN": "kibana"
   }
 }
diff --git a/dashboard-visualiser-superset/docker-compose.yml b/dashboard-visualiser-superset/docker-compose.yml
@@ -1,8 +1,14 @@
-version: '3.9'
+version: "3.9"
 
 services:
   dashboard-visualiser-superset:
     image: ${SUPERSET_IMAGE}
+    deploy:
+      labels:
+        - traefik.enable=true
+        - traefik.docker.network=reverse-proxy-traefik_public
+        - traefik.http.routers.dashboard-visualiser-superset.rule=Host(`${SUPERSET_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME_HOST_TRAEFIK}`)
+        - traefik.http.services.dashboard-visualiser-superset.loadbalancer.server.port=8088
     environment:
       KC_SUPERSET_SSO_ENABLED: ${KC_SUPERSET_SSO_ENABLED}
       KC_SUPERSET_CLIENT_ID: ${KC_SUPERSET_CLIENT_ID}
@@ -36,6 +42,7 @@ services:
       clickhouse:
       keycloak:
       reverse-proxy:
+      traefik:
       postgres:
       default:
 
@@ -74,6 +81,9 @@ networks:
   reverse-proxy:
     name: reverse-proxy_public
     external: true
+  traefik:
+    name: reverse-proxy-traefik_public
+    external: true
   postgres:
     name: postgres_public
     external: true

diff --git a/dashboard-visualiser-superset/package-metadata.json b/dashboard-visualiser-superset/package-metadata.json
@@ -32,6 +32,7 @@
     "SUPERSET_POSTGRESQL_USERNAME": "superset",
     "SUPERSET_POSTGRESQL_PASSWORD": "instant101",
     "SUPERSET_POSTGRESQL_DATABASE": "superset",
-    "SUPERSET_POSTGRESQL_URL": "postgres-1:5432"
+    "SUPERSET_POSTGRESQL_URL": "postgres-1:5432",
+    "SUPERSET_TRAEFIK_SUBDOMAIN": "superset"
   }
 }