Merge branch 'main' into it_strategy

2026-01-28 10:52:21 +01:00
parent 2f038c3189 d386cf9725
commit 3ca9e6259a
18 changed files with 427 additions and 10 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+.env
--- a/apache/conf/cas-status-test.conf
+++ b/apache/conf/cas-status-test.conf
@@ -1,6 +1,6 @@
 <VirtualHost *:80>
-    ServerName gfa-status-test.psi.ch
-    DocumentRoot /var/www/gfa-status/web
+    ServerName cas-status-test.psi.ch
+    DocumentRoot /var/www/cas-status/web

    ErrorLog /proc/self/fd/2
    CustomLog /proc/self/fd/1 combined
@@ -12,12 +12,11 @@
        SetHandler application/x-httpd-php
    </FilesMatch>

-    php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -fwebmaster@gfa-status.web.psi.ch"
    php_admin_value upload_tmp_dir /var/www/clients/client45/web70/tmp
    php_admin_value session.save_path /var/www/clients/client45/web70/tmp
-    php_admin_value open_basedir /var/www/clients/client45/web70/web:/var/www/clients/client45/web70/private:/var/www/clients/client45/web70/tmp:/var/www/gfa-status.web.psi.ch/web:/tmp:/usr/share/php:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/var/www/error/
+    php_admin_value open_basedir /var/www/clients/client45/web70/web:/var/www/clients/client45/web70/private:/var/www/clients/client45/web70/tmp:/var/www/cas-status/web:/tmp:/usr/share/php:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/var/www/error/

-    <Directory /var/www/gfa-status.web.psi.ch/web>
+    <Directory /var/www/cas-status/web>
        Options +FollowSymLinks +Includes
        AllowOverride All
        Require all granted
--- a/apache/conf/megwiki-test.conf
+++ b/apache/conf/megwiki-test.conf
@@ -0,0 +1,14 @@
+<VirtualHost *:80>
+    ServerName megwiki-test.psi.ch
+    DocumentRoot /var/www/megwiki
+
+    <Directory /var/www/megwiki>
+        Options FollowSymLinks
+        AllowOverride All
+        Require all granted
+    </Directory>
+
+    ErrorLog  /proc/self/fd/2
+    CustomLog /proc/self/fd/1 combined
+</VirtualHost>
+
--- a/apache/conf/niagadm.conf
+++ b/apache/conf/niagadm.conf
@@ -0,0 +1,28 @@
+<VirtualHost *:80>
+    ServerName niagadm.psi.ch
+    DocumentRoot /var/www/niagadm
+
+    # Allow CGI everywhere if needed
+    Options +ExecCGI
+    AddHandler cgi-script .pl .cgi .x .py
+
+    <Directory "/var/www/niagadm">
+        Options +ExecCGI
+        AllowOverride None
+        Require all granted
+    </Directory>
+
+    # Explicit CGI directories
+    ScriptAlias /cgi-bin/ /var/www/niagadm/cgi-bin/
+    <Directory "/var/www/niagadm/cgi-bin">
+        Options +ExecCGI
+        Require all granted
+    </Directory>
+
+    ScriptAlias /cgibin/ /var/www/niagadm/cgibin/
+    <Directory "/var/www/niagadm/cgibin">
+        Options +ExecCGI
+        Require all granted
+    </Directory>
+</VirtualHost>
+
--- a/apache/conf/omny.conf
+++ b/apache/conf/omny.conf
@@ -0,0 +1,11 @@
+<VirtualHost *:80>
+    ServerName omny-test.psi.ch
+    DocumentRoot /var/www/omny
+
+    <Directory "/var/www/omny">
+        Options +ExecCGI
+        AllowOverride None
+        Require all granted
+    </Directory>
+</VirtualHost>
+
--- a/conf.d/cas-status-test.conf
+++ b/conf.d/cas-status-test.conf
@@ -1,15 +1,15 @@
 server {
    listen 80;
-    server_name gfa-status-test.psi.ch;
+    server_name cas-status-test.psi.ch;
    return 301 https://$host$request_uri;
 }

 server {
    listen 443 ssl;
-    server_name gfa-status-test.psi.ch;
+    server_name cas-status-test.psi.ch;

-    ssl_certificate /etc/nginx/certs/gfa-status-test.psi.ch.crt;
-    ssl_certificate_key /etc/nginx/private/gfa-status-test.psi.ch.key;
+    ssl_certificate /etc/nginx/certs/cas-status-test.psi.ch.crt;
+    ssl_certificate_key /etc/nginx/private/cas-status-test.psi.ch.key;

    location / {
        proxy_pass http://apache_app:80;
--- a/conf.d/lbr-scheduler.conf
+++ b/conf.d/lbr-scheduler.conf
@@ -0,0 +1,21 @@
+server {
+    listen 80;
+    server_name lbr-scheduler.psi.ch;
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl;
+    server_name lbr-scheduler.psi.ch;
+
+    ssl_certificate /etc/nginx/certs/lbr-scheduler.psi.ch.crt;
+    ssl_certificate_key /etc/nginx/private/lbr-scheduler.psi.ch.key;
+
+    location / {
+        proxy_pass http://legacy-scheduleit:80;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
--- a/conf.d/megwiki-test.conf
+++ b/conf.d/megwiki-test.conf
@@ -0,0 +1,21 @@
+server {
+    listen 80;
+    server_name megwiki-test.psi.ch;
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl;
+    server_name megwiki-test.psi.ch;
+
+    ssl_certificate /etc/nginx/certs/megwiki-test.psi.ch.crt;
+    ssl_certificate_key /etc/nginx/private/megwiki-test.psi.ch.key;
+
+    location / {
+        proxy_pass http://apache_app:80;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
--- a/conf.d/niagadm.conf
+++ b/conf.d/niagadm.conf
@@ -0,0 +1,30 @@
+server {
+    listen 80;
+    server_name niagadm.psi.ch;
+
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl;
+    server_name niagadm.psi.ch;
+
+    ssl_certificate     /etc/nginx/certs/niagadm.psi.ch.crt;
+    ssl_certificate_key /etc/nginx/private/niagadm.psi.ch.key;
+
+    access_log /var/log/nginx/niagadm.access.log;
+    error_log  /var/log/nginx/niagadm.error.log;
+
+    # Proxy EVERYTHING to the Apache container
+    location / {
+        proxy_pass http://apache_app:80;
+
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        # Important for CGI apps
+        proxy_buffering off;
+    }
+}
+
--- a/conf.d/omny.conf
+++ b/conf.d/omny.conf
@@ -0,0 +1,25 @@
+# omny-test conf for nginx
+
+server {
+    listen 80;
+    server_name omny-test.psi.ch;
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl;
+    server_name omny-test.psi.ch;
+
+    ssl_certificate /etc/nginx/certs/omny-test.psi.ch.crt;
+    ssl_certificate_key /etc/nginx/private/omny-test.psi.ch.key;
+
+    location / {
+        proxy_pass http://apache_app:80;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+	proxy_set_header Cookie $http_cookie;
+	proxy_set_header Authorization $http_authorization;
+    }
+}
--- a/conf.d/opticswiki.conf
+++ b/conf.d/opticswiki.conf
@@ -19,5 +19,8 @@ server {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
+	# UF add
+	proxy_set_header Cookie $http_cookie;
+	proxy_set_header Authorization $http_authorization;
    }
 }
--- a/conf.d/saparchive-test.conf
+++ b/conf.d/saparchive-test.conf
@@ -0,0 +1,21 @@
+server {
+    listen 80;
+    server_name saparchive-test.psi.ch;
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl;
+    server_name saparchive-test.psi.ch;
+
+    ssl_certificate /etc/nginx/certs/saparchive-test.psi.ch.crt;
+    ssl_certificate_key /etc/nginx/private/saparchive-test.psi.ch.key;
+
+    location / {
+        proxy_pass http://tiacore-test:8080;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
--- a/conf.d/saparchive.conf
+++ b/conf.d/saparchive.conf
@@ -0,0 +1,21 @@
+server {
+    listen 80;
+    server_name saparchive.psi.ch;
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl;
+    server_name saparchive.psi.ch;
+
+    ssl_certificate /etc/nginx/certs/saparchive.psi.ch.crt;
+    ssl_certificate_key /etc/nginx/private/saparchive.psi.ch.key;
+
+    location / {
+        proxy_pass http://tiacore-prod:8080;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
--- a/conf.d/sapdocrouter-test.conf
+++ b/conf.d/sapdocrouter-test.conf
@@ -0,0 +1,21 @@
+server {
+    listen 80;
+    server_name sapdocrouter-test.psi.ch;
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl;
+    server_name sapdocrouter-test.psi.ch;
+
+    ssl_certificate /etc/nginx/certs/sapdocrouter-test.psi.ch.crt;
+    ssl_certificate_key /etc/nginx/private/sapdocrouter-test.psi.ch.key;
+
+    location / {
+        proxy_pass http://tiadocrouter-test:8080;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
--- a/conf.d/sapdocrouter.conf
+++ b/conf.d/sapdocrouter.conf
@@ -0,0 +1,21 @@
+server {
+    listen 80;
+    server_name sapdocrouter.psi.ch;
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl;
+    server_name sapdocrouter.psi.ch;
+
+    ssl_certificate /etc/nginx/certs/sapdocrouter.psi.ch.crt;
+    ssl_certificate_key /etc/nginx/private/sapdocrouter.psi.ch.key;
+
+    location / {
+        proxy_pass http://tiadocrouter-prod:8080;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
--- a/conf.d/summer-project-selection.conf
+++ b/conf.d/summer-project-selection.conf
@@ -0,0 +1,23 @@
+server {
+    listen 80;
+    server_name summer-project-selection-test.psi.ch;
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl;
+    server_name summer-project-selection-test.psi.ch;
+    
+    ssl_certificate /etc/nginx/certs/summer-project-selection-test.psi.ch.crt;
+    ssl_certificate_key /etc/nginx/private/summer-project-selection-test.psi.ch.key;
+
+    location / {
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_pass http://summer-project-selection:5000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
--- a/conf.d/tomcatwiki.conf
+++ b/conf.d/tomcatwiki.conf
@@ -0,0 +1,21 @@
+server {
+    listen 80;
+    server_name tomcatwiki.psi.ch;
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl;
+    server_name tomcatwiki.psi.ch;
+
+    ssl_certificate /etc/nginx/certs/tomcatwiki.psi.ch.crt;
+    ssl_certificate_key /etc/nginx/private/tomcatwiki.psi.ch.key;
+
+    location / {
+        proxy_pass http://tomcatwiki:3000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -33,14 +33,28 @@ services:
    restart: always
    volumes:
      - /opt/webcontent/rfmwtools:/var/www/rfmwtools:ro
-      - /opt/webcontent/gfa-status:/var/www/gfa-status:rw
+      - /opt/webcontent/cas-status:/var/www/cas-status:rw
      - /opt/webcontent/fluid-eos:/var/www/fluid-eos:rw
      - /opt/webcontent/sls2:/var/www/sls2:rw
+      - /opt/webcontent/megwiki:/var/www/megwiki:rw
+      - /opt/webcontent/niagadm:/var/www/niagadm:rw
+      - /opt/webcontent/omny:/var/www/omny:rw
      - /mount/srem/webhosting:/var/www/srem:rw
      - ./apache/conf:/etc/apache2/sites-enabled:ro
    networks:
      - backend

+  legacy_scheduleit:
+    # image: gitea.psi.ch/images/php-apache:latest
+    image: gitea.psi.ch/images/legacy_scheduleit:latest
+    restart: always
+    container_name: legacy-scheduleit
+    volumes:
+      - /opt/webcontent/lbr-scheduler/code:/var/www/lbr-scheduler:rw
+      - /opt/webcontent/lbr-scheduler/apache/conf:/etc/apache2/sites-enabled:ro
+    networks:
+      - backend
+
  # linux-eng@psi.ch
  # Test app
  excalidraw:
@@ -152,6 +166,8 @@ services:
      - /opt/webcontent/opticswiki/pub:/usr/local/apache2/Foswiki-2.1.9/pub
      - /opt/webcontent/opticswiki/working:/usr/local/apache2/Foswiki-2.1.9/working
      - /opt/webcontent/opticswiki/lib:/usr/local/apache2/Foswiki-2.1.9/lib
+      - /opt/webcontent/opticswiki/conf:/usr/local/apache2/conf
+      - /opt/webcontent/opticswiki/logs:/var/log/apache2
    networks:
      - backend

@@ -282,6 +298,125 @@ services:
      - backend
      - panda_maintenance_backend

+  # michael.schmidt@psi.ch
+  # SAP Archiv Programm von der Firma KGS supportabteilung@kgs-software.com
+  tiacore-test:
+    container_name: tiacore-test
+    image: images.kgs-cloud.de/tia/core/saphttp:3.17.1
+    restart: always
+    volumes:
+      - /opt/webcontent/tiacore-test/config/license:/application/license
+      - /opt/webcontent/tiacore-test/config/keystore:/application/ssl
+      - /opt/webcontent/tiacore-test/config:/application/config/
+      - /mount/saparchive/testdata:/application/data
+    environment:
+      LOGGING_LEVEL_ROOT: INFO
+      # Authentifizierung für WebUI
+      WEBAPP_SECURITY_AUTH_BASIC_USERNAME: psiadmin
+      WEBAPP_SECURITY_AUTH_BASIC_PASSWORD: "$$2y$$10$$LA.TjBKRIDM/c6AJ86BZ/elpa9InzVbzqzLsyfc1Wt7h3S3N8MUPm"
+    networks:
+      - backend
+
+  # michael.schmidt@psi.ch
+  # SAP Archiv Programm von der Firma KGS supportabteilung@kgs-software.com
+  tiacore-prod:
+    container_name: tiacore-prod
+    image: images.kgs-cloud.de/tia/core/saphttp:3.17.1
+    restart: always
+    volumes:
+      - /opt/webcontent/tiacore-prod/config/license:/application/license
+      - /opt/webcontent/tiacore-prod/config/keystore:/application/ssl
+      - /opt/webcontent/tiacore-prod/config:/application/config/
+      - /mount/saparchive/proddata:/application/data
+    environment:
+      LOGGING_LEVEL_ROOT: INFO
+      # Authentifizierung für WebUI
+      WEBAPP_SECURITY_AUTH_BASIC_USERNAME: psiadmin
+      WEBAPP_SECURITY_AUTH_BASIC_PASSWORD: "$$2y$$10$$LA.TjBKRIDM/c6AJ86BZ/elpa9InzVbzqzLsyfc1Wt7h3S3N8MUPm"
+    networks:
+      - backend
+
+  # michael.schmidt@psi.ch
+  # SAP Document Router von der Firma KGS supportabteilung@kgs-software.com
+  documentrouter-prod:
+    container_name: tiadocrouter-prod
+    image: images.kgs-cloud.de/tia-documentrouter/tia-documentrouter:5.1.3
+    restart: always
+    volumes:
+      - /opt/webcontent/tiadocrouter-prod/work:/application/work
+      - /opt/webcontent/tiadocrouter-prod/lib:/application/lib
+      - /opt/webcontent/tiadocrouter-prod/config:/application/config
+#      - <scanfolder01>:/application/dr-instance-01-input
+    environment:
+      LOGGING_LEVEL_ROOT: INFO
+      # Authentifizierung für WebUI
+      WEBAPP_SECURITY_AUTH_BASIC_USERNAME: psiadmin
+      WEBAPP_SECURITY_AUTH_BASIC_PASSWORD: "$$2y$$10$$LA.TjBKRIDM/c6AJ86BZ/elpa9InzVbzqzLsyfc1Wt7h3S3N8MUPm"
+    networks:
+      - backend
+
+  # michael.schmidt@psi.ch
+  # SAP Document Router von der Firma KGS supportabteilung@kgs-software.com
+  documentrouter-test:
+    container_name: tiadocrouter-test
+    image: images.kgs-cloud.de/tia-documentrouter/tia-documentrouter:5.1.3
+    restart: always
+    volumes:
+      - /opt/webcontent/tiadocrouter-test/work:/application/work
+      - /opt/webcontent/tiadocrouter-test/lib:/application/lib
+      - /opt/webcontent/tiadocrouter-test/config:/application/config
+#      - <scanfolder01>:/application/dr-instance-01-input
+    environment:
+      LOGGING_LEVEL_ROOT: INFO
+      # Authentifizierung für WebUI
+      WEBAPP_SECURITY_AUTH_BASIC_USERNAME: psiadmin
+      WEBAPP_SECURITY_AUTH_BASIC_PASSWORD: "$$2y$$10$$LA.TjBKRIDM/c6AJ86BZ/elpa9InzVbzqzLsyfc1Wt7h3S3N8MUPm"
+    networks:
+      - backend
+
+  # Lange Clemens <clemens.lange@psi.ch>
+  # summer-project-selection.psi.ch
+  summer-project-selection:
+    image: gitea.psi.ch/lange_c/summer-project-selection:latest
+    restart: always
+    volumes:
+      - /opt/webcontent/summer-project-selection/data:/app/data
+      - /opt/webcontent/summer-project-selection/projects:/app/projects
+      - /opt/webcontent/summer-project-selection/applicants:/app/applicants
+    networks:
+      - backend
+
+  # Tomcat Beamline Wiki INC0159147 tomcatwiki.psi.ch
+  # goran.lovric@psi.ch
+  tomcatwikidb:
+    image: postgres:15-alpine
+    container_name: tomcatwiki_db
+    restart: always
+    environment:
+      - POSTGRES_DB=wiki
+      - POSTGRES_PASSWORD=${TOMCATWIKI_DB_SECRET}
+      - POSTGRES_USER=wiki
+    volumes:
+      - /opt/webcontent/tomcatwiki/db-data:/var/lib/postgresql/data
+    networks:
+      - tomcatwiki_backend
+
+  tomcatwiki:
+    image: ghcr.io/requarks/wiki:2
+    container_name: tomcatwiki
+    restart: always
+    depends_on:
+      - tomcatwikidb
+    environment:
+      - DB_TYPE=postgres
+      - DB_HOST=tomcatwikidb
+      - DB_PORT=5432
+      - DB_USER=wiki
+      - DB_PASS=${TOMCATWIKI_DB_SECRET}
+      - DB_NAME=wiki
+    networks:
+      - tomcatwiki_backend
+      - backend

 networks:
  public:
@@ -289,4 +424,5 @@ networks:
  hedgedoc_backend:
  it_strategy_dashboard_backend:
  panda_maintenance_backend:
+  tomcatwiki_backend: