Added config files

c88357cd · Martin Weise · 9f7edb8e · c88357cd · c88357cd · c88357cd
Verified Commit c88357cd authored 10 months ago by Martin Weise
--- a/.docker/.env
+++ b/.docker/.env
+# UNCOMMENT THE LINES BELOW TO OVERRIDE
+#BASE_URL=http://example.com
+#ADMIN_EMAIL=noreply@example.com
+#LOG_LEVEL=debug
+#IDENTITY_SERVICE_ADMIN_PASSWORD=admin
+#AUTH_SERVICE_ADMIN_PASSWORD=admin
+#METADATA_DB_PASSWORD=dbrepo
+#DATA_DB_PASSWORD=dbrepo
+#AUTH_DB_PASSWORD=dbrepo
+#S3_ACCESS_KEY_ID=seaweedfsadmin
+#S3_SECRET_ACCESS_KEY=seaweedfsadmin
+#SYSTEM_PASSWORD=admin
--- a/.docker/config/1_setup-schema.sql
+++ b/.docker/config/1_setup-schema.sql
--- a/.docker/config/2_setup-data.sql
+++ b/.docker/config/2_setup-data.sql
+BEGIN;
+
+INSERT INTO `mdb_containers` (name, internal_name, image_id, host, port, ui_host, ui_port, sidecar_host, sidecar_port,
+                              privileged_username, privileged_password)
+VALUES ('mariadb:11.1.3-debian-11-r6', 'mariadb_11_1_3', 1, 'data-db', 3306, 'localhost', 3306, 'data-db-sidecar', 8080,
+        'root', 'dbrepo');
+
+COMMIT;
--- a/.docker/config/advanced.config
+++ b/.docker/config/advanced.config
+[
+  {
+    rabbitmq_auth_backend_ldap,
+    [
+      {
+        tag_queries, [
+          {
+            administrator, {in_group_nested, "cn=system,ou=users,dc=dbrepo,dc=at", "member"}
+          },
+          {
+            management, {constant, true}
+          }
+        ]
+      }
+    ]
+  }
+].
\ No newline at end of file
--- a/.docker/config/dbrepo.conf
+++ b/.docker/config/dbrepo.conf
+client_max_body_size 20G;
+
+resolver 127.0.0.11 valid=30s; # docker dns
+
+upstream auth {
+    server auth-service:8080;
+}
+
+upstream broker {
+    server broker-service:15672;
+}
+
+upstream analyse {
+    server analyse-service:8080;
+}
+
+upstream data {
+    server data-service:8080;
+}
+
+upstream metadata {
+    server metadata-service:8080;
+}
+
+upstream search {
+    server search-service:8080;
+}
+
+upstream ui {
+    server ui:3000;
+}
+
+upstream upload {
+    server upload-service:8080;
+}
+
+server {
+    listen 80 default_server;
+    server_name _;
+
+    location /admin/broker {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://broker;
+        proxy_read_timeout      90;
+    }
+
+    location /api/search {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://search;
+        proxy_read_timeout      90;
+    }
+
+    location /api/broker {
+        rewrite /api/broker/(.*) /admin/broker/api/$1 break;
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://broker;
+        proxy_read_timeout      90;
+    }
+
+    location /api/upload {
+#         allow 128.130.0.0/16;
+#         deny all;
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_set_header        X-Forwarded-Host $host;
+        proxy_pass              http://upload;
+        proxy_read_timeout      90;
+        # Disable request and response buffering
+        proxy_request_buffering off;
+        proxy_buffering         off;
+        proxy_http_version      1.1;
+    }
+
+    location /api/analyse {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://analyse;
+        proxy_read_timeout      90;
+    }
+
+    location /api/auth {
+        rewrite /api/auth/(.*) /$1 break;
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://auth;
+        proxy_read_timeout      90;
+    }
+
+    location ~ /api/database/([0-9]+)/table/([0-9]+)/(data|history|export|statistic) {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://data;
+        proxy_read_timeout      90;
+    }
+
+    location ~ /api/database/([0-9]+)/view/([0-9]+)/data {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://data;
+        proxy_read_timeout      90;
+    }
+
+    location ~ /api/database/([0-9]+)/view {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://metadata;
+        proxy_read_timeout      90;
+    }
+
+    location ~ /api/database/([0-9]+)/subset {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://data;
+        proxy_read_timeout      600;
+    }
+
+    location ~ /api/(database|concept|container|identifier|image|message|license|oai|ontology|unit|user) {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://metadata;
+        proxy_read_timeout      90;
+    }
+
+    location ~ /pid/([0-9]+) {
+        rewrite /pid/(.*) /api/identifier/$1 break;
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://metadata;
+        proxy_read_timeout      90;
+    }
+
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://ui;
+        proxy_read_timeout      90;
+    }
+}
--- a/.docker/config/definitions.json
+++ b/.docker/config/definitions.json
+{
+  "bindings": [
+    {
+      "arguments": {},
+      "destination": "dbrepo",
+      "destination_type": "queue",
+      "routing_key": "dbrepo.#",
+      "source": "dbrepo",
+      "vhost": "dbrepo"
+    }
+  ],
+  "exchanges": [
+    {
+      "arguments": {},
+      "auto_delete": false,
+      "durable": true,
+      "name": "dbrepo",
+      "type": "topic",
+      "vhost": "dbrepo"
+    }
+  ],
+  "global_parameters": [],
+  "parameters": [],
+  "permissions": [],
+  "policies": [],
+  "queues": [
+    {
+      "arguments": {
+        "x-queue-type": "quorum"
+      },
+      "auto_delete": false,
+      "durable": true,
+      "name": "dbrepo",
+      "type": "quorum",
+      "vhost": "dbrepo"
+    }
+  ],
+  "rabbit_version": "3.10.25",
+  "rabbitmq_version": "3.10.25",
+  "topic_permissions": [],
+  "users": [],
+  "vhosts": [
+    {
+      "limits": [],
+      "metadata": {
+        "description": "Default virtual host",
+        "tags": []
+      },
+      "name": "dbrepo"
+    }
+  ]
+}
\ No newline at end of file
--- a/.docker/config/enabled_plugins
+++ b/.docker/config/enabled_plugins
+[rabbitmq_prometheus,rabbitmq_auth_backend_ldap,rabbitmq_auth_mechanism_ssl,rabbitmq_management].
\ No newline at end of file
--- a/.docker/config/rabbitmq.conf
+++ b/.docker/config/rabbitmq.conf
+# user
+default_vhost = dbrepo
+default_user_tags.administrator = false
+
+# enable http outside localhost
+listeners.tcp.1 = 0.0.0.0:5672
+
+# management prefix (https://www.rabbitmq.com/management.html#path-prefix)
+management.path_prefix = /admin/broker
+management.load_definitions = /app/definitions.json
+
+# logging
+log.console = true
+log.console.level = warning
+auth_ldap.log = true
+
+# Obviously your authentication server cannot vouch for itself, so you'll need another backend with at least one user in
+# it. You should probably use the internal database
+auth_backends.1.authn = ldap
+auth_backends.1.authz = ldap
+auth_backends.2 = internal
+
+# LDAP
+auth_ldap.servers.1 = identity-service
+auth_ldap.port = 1389
+auth_ldap.user_dn_pattern = ${username}
+auth_ldap.dn_lookup_base = dc=dbrepo,dc=at
+auth_ldap.dn_lookup_attribute = uid
+auth_ldap.dn_lookup_bind.user_dn = cn=admin,dc=dbrepo,dc=at
+auth_ldap.dn_lookup_bind.password = admin
--- a/.docker/config/s3_config.json
+++ b/.docker/config/s3_config.json
+{
+  "identities": [
+    {
+      "name": "admin",
+      "credentials": [
+        {
+          "accessKey": "seaweedfsadmin",
+          "secretKey": "seaweedfsadmin"
+        }
+      ],
+      "actions": [
+        "Read",
+        "Write",
+        "List",
+        "Tagging",
+        "Admin"
+      ]
+    }
+  ]
+}
\ No newline at end of file
--- a/.docker/dist.tar.gz
+++ b/.docker/dist.tar.gz
--- a/.env.unix.example
+++ b/.env.unix.example
-LOG_LEVEL=trace # error, warning, info, debug, trace
\ No newline at end of file
--- a/.gitignore
+++ b/.gitignore
@@ -13,7 +13,6 @@ build/
 tmp.yaml
 .docs/.swagger/api-*
 .scannerwork/
-.docker/config/*

 # docs
 .docs/.swagger/dist/