diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4c49bd7 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.env diff --git a/apache/conf/gfa-status.conf b/apache/conf/cas-status-test.conf similarity index 67% rename from apache/conf/gfa-status.conf rename to apache/conf/cas-status-test.conf index 23bf340..2c3a670 100644 --- a/apache/conf/gfa-status.conf +++ b/apache/conf/cas-status-test.conf @@ -1,6 +1,6 @@ - ServerName gfa-status-test.psi.ch - DocumentRoot /var/www/gfa-status/web + ServerName cas-status-test.psi.ch + DocumentRoot /var/www/cas-status/web ErrorLog /proc/self/fd/2 CustomLog /proc/self/fd/1 combined @@ -12,12 +12,11 @@ SetHandler application/x-httpd-php - php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -fwebmaster@gfa-status.web.psi.ch" php_admin_value upload_tmp_dir /var/www/clients/client45/web70/tmp php_admin_value session.save_path /var/www/clients/client45/web70/tmp - php_admin_value open_basedir /var/www/clients/client45/web70/web:/var/www/clients/client45/web70/private:/var/www/clients/client45/web70/tmp:/var/www/gfa-status.web.psi.ch/web:/tmp:/usr/share/php:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/var/www/error/ + php_admin_value open_basedir /var/www/clients/client45/web70/web:/var/www/clients/client45/web70/private:/var/www/clients/client45/web70/tmp:/var/www/cas-status/web:/tmp:/usr/share/php:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/var/www/error/ - + Options +FollowSymLinks +Includes AllowOverride All Require all granted diff --git a/apache/conf/megwiki-test.conf b/apache/conf/megwiki-test.conf new file mode 100644 index 0000000..78ed878 --- /dev/null +++ b/apache/conf/megwiki-test.conf @@ -0,0 +1,14 @@ + + ServerName megwiki-test.psi.ch + DocumentRoot /var/www/megwiki + + + Options FollowSymLinks + AllowOverride All + Require all granted + + + ErrorLog /proc/self/fd/2 + CustomLog /proc/self/fd/1 combined + + diff --git a/apache/conf/niagadm.conf b/apache/conf/niagadm.conf new file mode 100644 index 0000000..0797b18 --- /dev/null +++ b/apache/conf/niagadm.conf @@ -0,0 +1,28 @@ + + ServerName niagadm.psi.ch + DocumentRoot /var/www/niagadm + + # Allow CGI everywhere if needed + Options +ExecCGI + AddHandler cgi-script .pl .cgi .x .py + + + Options +ExecCGI + AllowOverride None + Require all granted + + + # Explicit CGI directories + ScriptAlias /cgi-bin/ /var/www/niagadm/cgi-bin/ + + Options +ExecCGI + Require all granted + + + ScriptAlias /cgibin/ /var/www/niagadm/cgibin/ + + Options +ExecCGI + Require all granted + + + diff --git a/apache/conf/omny.conf b/apache/conf/omny.conf new file mode 100644 index 0000000..284416c --- /dev/null +++ b/apache/conf/omny.conf @@ -0,0 +1,11 @@ + + ServerName omny-test.psi.ch + DocumentRoot /var/www/omny + + + Options +ExecCGI + AllowOverride None + Require all granted + + + diff --git a/conf.d/gfa-status-test.conf b/conf.d/cas-status-test.conf similarity index 64% rename from conf.d/gfa-status-test.conf rename to conf.d/cas-status-test.conf index 6c991a0..ea7e523 100644 --- a/conf.d/gfa-status-test.conf +++ b/conf.d/cas-status-test.conf @@ -1,15 +1,15 @@ server { listen 80; - server_name gfa-status-test.psi.ch; + server_name cas-status-test.psi.ch; return 301 https://$host$request_uri; } server { listen 443 ssl; - server_name gfa-status-test.psi.ch; + server_name cas-status-test.psi.ch; - ssl_certificate /etc/nginx/certs/gfa-status-test.psi.ch.crt; - ssl_certificate_key /etc/nginx/private/gfa-status-test.psi.ch.key; + ssl_certificate /etc/nginx/certs/cas-status-test.psi.ch.crt; + ssl_certificate_key /etc/nginx/private/cas-status-test.psi.ch.key; location / { proxy_pass http://apache_app:80; diff --git a/conf.d/lbr-scheduler.conf b/conf.d/lbr-scheduler.conf new file mode 100644 index 0000000..3c32b83 --- /dev/null +++ b/conf.d/lbr-scheduler.conf @@ -0,0 +1,21 @@ +server { + listen 80; + server_name lbr-scheduler.psi.ch; + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl; + server_name lbr-scheduler.psi.ch; + + ssl_certificate /etc/nginx/certs/lbr-scheduler.psi.ch.crt; + ssl_certificate_key /etc/nginx/private/lbr-scheduler.psi.ch.key; + + location / { + proxy_pass http://legacy-scheduleit:80; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} diff --git a/conf.d/megwiki-test.conf b/conf.d/megwiki-test.conf new file mode 100644 index 0000000..5b14dc0 --- /dev/null +++ b/conf.d/megwiki-test.conf @@ -0,0 +1,21 @@ +server { + listen 80; + server_name megwiki-test.psi.ch; + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl; + server_name megwiki-test.psi.ch; + + ssl_certificate /etc/nginx/certs/megwiki-test.psi.ch.crt; + ssl_certificate_key /etc/nginx/private/megwiki-test.psi.ch.key; + + location / { + proxy_pass http://apache_app:80; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} diff --git a/conf.d/niagadm.conf b/conf.d/niagadm.conf new file mode 100644 index 0000000..505626c --- /dev/null +++ b/conf.d/niagadm.conf @@ -0,0 +1,30 @@ +server { + listen 80; + server_name niagadm.psi.ch; + + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl; + server_name niagadm.psi.ch; + + ssl_certificate /etc/nginx/certs/niagadm.psi.ch.crt; + ssl_certificate_key /etc/nginx/private/niagadm.psi.ch.key; + + access_log /var/log/nginx/niagadm.access.log; + error_log /var/log/nginx/niagadm.error.log; + + # Proxy EVERYTHING to the Apache container + location / { + proxy_pass http://apache_app:80; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # Important for CGI apps + proxy_buffering off; + } +} + diff --git a/conf.d/omny.conf b/conf.d/omny.conf new file mode 100644 index 0000000..657b76e --- /dev/null +++ b/conf.d/omny.conf @@ -0,0 +1,25 @@ +# omny-test conf for nginx + +server { + listen 80; + server_name omny-test.psi.ch; + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl; + server_name omny-test.psi.ch; + + ssl_certificate /etc/nginx/certs/omny-test.psi.ch.crt; + ssl_certificate_key /etc/nginx/private/omny-test.psi.ch.key; + + location / { + proxy_pass http://apache_app:80; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Cookie $http_cookie; + proxy_set_header Authorization $http_authorization; + } +} diff --git a/conf.d/opticswiki.conf b/conf.d/opticswiki.conf index 9401843..a8ea359 100644 --- a/conf.d/opticswiki.conf +++ b/conf.d/opticswiki.conf @@ -19,5 +19,8 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; + # UF add + proxy_set_header Cookie $http_cookie; + proxy_set_header Authorization $http_authorization; } } diff --git a/conf.d/saparchive-test.conf b/conf.d/saparchive-test.conf new file mode 100644 index 0000000..8a0cae0 --- /dev/null +++ b/conf.d/saparchive-test.conf @@ -0,0 +1,21 @@ +server { + listen 80; + server_name saparchive-test.psi.ch; + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl; + server_name saparchive-test.psi.ch; + + ssl_certificate /etc/nginx/certs/saparchive-test.psi.ch.crt; + ssl_certificate_key /etc/nginx/private/saparchive-test.psi.ch.key; + + location / { + proxy_pass http://tiacore-test:8080; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} diff --git a/conf.d/saparchive.conf b/conf.d/saparchive.conf new file mode 100644 index 0000000..09e2338 --- /dev/null +++ b/conf.d/saparchive.conf @@ -0,0 +1,21 @@ +server { + listen 80; + server_name saparchive.psi.ch; + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl; + server_name saparchive.psi.ch; + + ssl_certificate /etc/nginx/certs/saparchive.psi.ch.crt; + ssl_certificate_key /etc/nginx/private/saparchive.psi.ch.key; + + location / { + proxy_pass http://tiacore-prod:8080; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} diff --git a/conf.d/sapdocrouter-test.conf b/conf.d/sapdocrouter-test.conf new file mode 100644 index 0000000..5233f5c --- /dev/null +++ b/conf.d/sapdocrouter-test.conf @@ -0,0 +1,21 @@ +server { + listen 80; + server_name sapdocrouter-test.psi.ch; + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl; + server_name sapdocrouter-test.psi.ch; + + ssl_certificate /etc/nginx/certs/sapdocrouter-test.psi.ch.crt; + ssl_certificate_key /etc/nginx/private/sapdocrouter-test.psi.ch.key; + + location / { + proxy_pass http://tiadocrouter-test:8080; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} diff --git a/conf.d/sapdocrouter.conf b/conf.d/sapdocrouter.conf new file mode 100644 index 0000000..346adda --- /dev/null +++ b/conf.d/sapdocrouter.conf @@ -0,0 +1,21 @@ +server { + listen 80; + server_name sapdocrouter.psi.ch; + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl; + server_name sapdocrouter.psi.ch; + + ssl_certificate /etc/nginx/certs/sapdocrouter.psi.ch.crt; + ssl_certificate_key /etc/nginx/private/sapdocrouter.psi.ch.key; + + location / { + proxy_pass http://tiadocrouter-prod:8080; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} diff --git a/conf.d/summer-project-selection.conf b/conf.d/summer-project-selection.conf new file mode 100644 index 0000000..326ef19 --- /dev/null +++ b/conf.d/summer-project-selection.conf @@ -0,0 +1,23 @@ +server { + listen 80; + server_name summer-project-selection-test.psi.ch; + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl; + server_name summer-project-selection-test.psi.ch; + + ssl_certificate /etc/nginx/certs/summer-project-selection-test.psi.ch.crt; + ssl_certificate_key /etc/nginx/private/summer-project-selection-test.psi.ch.key; + + location / { + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_pass http://summer-project-selection:5000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} diff --git a/conf.d/tomcatwiki.conf b/conf.d/tomcatwiki.conf new file mode 100644 index 0000000..f7a7ec6 --- /dev/null +++ b/conf.d/tomcatwiki.conf @@ -0,0 +1,21 @@ +server { + listen 80; + server_name tomcatwiki.psi.ch; + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl; + server_name tomcatwiki.psi.ch; + + ssl_certificate /etc/nginx/certs/tomcatwiki.psi.ch.crt; + ssl_certificate_key /etc/nginx/private/tomcatwiki.psi.ch.key; + + location / { + proxy_pass http://tomcatwiki:3000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} diff --git a/docker-compose.yaml b/docker-compose.yaml index 4e39411..a0ba404 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -33,14 +33,28 @@ services: restart: always volumes: - /opt/webcontent/rfmwtools:/var/www/rfmwtools:ro - - /opt/webcontent/gfa-status:/var/www/gfa-status:rw + - /opt/webcontent/cas-status:/var/www/cas-status:rw - /opt/webcontent/fluid-eos:/var/www/fluid-eos:rw - /opt/webcontent/sls2:/var/www/sls2:rw + - /opt/webcontent/megwiki:/var/www/megwiki:rw + - /opt/webcontent/niagadm:/var/www/niagadm:rw + - /opt/webcontent/omny:/var/www/omny:rw - /mount/srem/webhosting:/var/www/srem:rw - ./apache/conf:/etc/apache2/sites-enabled:ro networks: - backend + legacy_scheduleit: + # image: gitea.psi.ch/images/php-apache:latest + image: gitea.psi.ch/images/legacy_scheduleit:latest + restart: always + container_name: legacy-scheduleit + volumes: + - /opt/webcontent/lbr-scheduler/code:/var/www/lbr-scheduler:rw + - /opt/webcontent/lbr-scheduler/apache/conf:/etc/apache2/sites-enabled:ro + networks: + - backend + # linux-eng@psi.ch # Test app excalidraw: @@ -152,6 +166,8 @@ services: - /opt/webcontent/opticswiki/pub:/usr/local/apache2/Foswiki-2.1.9/pub - /opt/webcontent/opticswiki/working:/usr/local/apache2/Foswiki-2.1.9/working - /opt/webcontent/opticswiki/lib:/usr/local/apache2/Foswiki-2.1.9/lib + - /opt/webcontent/opticswiki/conf:/usr/local/apache2/conf + - /opt/webcontent/opticswiki/logs:/var/log/apache2 networks: - backend @@ -282,6 +298,125 @@ services: - backend - panda_maintenance_backend + # michael.schmidt@psi.ch + # SAP Archiv Programm von der Firma KGS supportabteilung@kgs-software.com + tiacore-test: + container_name: tiacore-test + image: images.kgs-cloud.de/tia/core/saphttp:3.17.1 + restart: always + volumes: + - /opt/webcontent/tiacore-test/config/license:/application/license + - /opt/webcontent/tiacore-test/config/keystore:/application/ssl + - /opt/webcontent/tiacore-test/config:/application/config/ + - /mount/saparchive/testdata:/application/data + environment: + LOGGING_LEVEL_ROOT: INFO + # Authentifizierung für WebUI + WEBAPP_SECURITY_AUTH_BASIC_USERNAME: psiadmin + WEBAPP_SECURITY_AUTH_BASIC_PASSWORD: "$$2y$$10$$LA.TjBKRIDM/c6AJ86BZ/elpa9InzVbzqzLsyfc1Wt7h3S3N8MUPm" + networks: + - backend + + # michael.schmidt@psi.ch + # SAP Archiv Programm von der Firma KGS supportabteilung@kgs-software.com + tiacore-prod: + container_name: tiacore-prod + image: images.kgs-cloud.de/tia/core/saphttp:3.17.1 + restart: always + volumes: + - /opt/webcontent/tiacore-prod/config/license:/application/license + - /opt/webcontent/tiacore-prod/config/keystore:/application/ssl + - /opt/webcontent/tiacore-prod/config:/application/config/ + - /mount/saparchive/proddata:/application/data + environment: + LOGGING_LEVEL_ROOT: INFO + # Authentifizierung für WebUI + WEBAPP_SECURITY_AUTH_BASIC_USERNAME: psiadmin + WEBAPP_SECURITY_AUTH_BASIC_PASSWORD: "$$2y$$10$$LA.TjBKRIDM/c6AJ86BZ/elpa9InzVbzqzLsyfc1Wt7h3S3N8MUPm" + networks: + - backend + + # michael.schmidt@psi.ch + # SAP Document Router von der Firma KGS supportabteilung@kgs-software.com + documentrouter-prod: + container_name: tiadocrouter-prod + image: images.kgs-cloud.de/tia-documentrouter/tia-documentrouter:5.1.3 + restart: always + volumes: + - /opt/webcontent/tiadocrouter-prod/work:/application/work + - /opt/webcontent/tiadocrouter-prod/lib:/application/lib + - /opt/webcontent/tiadocrouter-prod/config:/application/config +# - :/application/dr-instance-01-input + environment: + LOGGING_LEVEL_ROOT: INFO + # Authentifizierung für WebUI + WEBAPP_SECURITY_AUTH_BASIC_USERNAME: psiadmin + WEBAPP_SECURITY_AUTH_BASIC_PASSWORD: "$$2y$$10$$LA.TjBKRIDM/c6AJ86BZ/elpa9InzVbzqzLsyfc1Wt7h3S3N8MUPm" + networks: + - backend + + # michael.schmidt@psi.ch + # SAP Document Router von der Firma KGS supportabteilung@kgs-software.com + documentrouter-test: + container_name: tiadocrouter-test + image: images.kgs-cloud.de/tia-documentrouter/tia-documentrouter:5.1.3 + restart: always + volumes: + - /opt/webcontent/tiadocrouter-test/work:/application/work + - /opt/webcontent/tiadocrouter-test/lib:/application/lib + - /opt/webcontent/tiadocrouter-test/config:/application/config +# - :/application/dr-instance-01-input + environment: + LOGGING_LEVEL_ROOT: INFO + # Authentifizierung für WebUI + WEBAPP_SECURITY_AUTH_BASIC_USERNAME: psiadmin + WEBAPP_SECURITY_AUTH_BASIC_PASSWORD: "$$2y$$10$$LA.TjBKRIDM/c6AJ86BZ/elpa9InzVbzqzLsyfc1Wt7h3S3N8MUPm" + networks: + - backend + + # Lange Clemens + # summer-project-selection.psi.ch + summer-project-selection: + image: gitea.psi.ch/lange_c/summer-project-selection:latest + restart: always + volumes: + - /opt/webcontent/summer-project-selection/data:/app/data + - /opt/webcontent/summer-project-selection/projects:/app/projects + - /opt/webcontent/summer-project-selection/applicants:/app/applicants + networks: + - backend + + # Tomcat Beamline Wiki INC0159147 tomcatwiki.psi.ch + # goran.lovric@psi.ch + tomcatwikidb: + image: postgres:15-alpine + container_name: tomcatwiki_db + restart: always + environment: + - POSTGRES_DB=wiki + - POSTGRES_PASSWORD=${TOMCATWIKI_DB_SECRET} + - POSTGRES_USER=wiki + volumes: + - /opt/webcontent/tomcatwiki/db-data:/var/lib/postgresql/data + networks: + - tomcatwiki_backend + + tomcatwiki: + image: ghcr.io/requarks/wiki:2 + container_name: tomcatwiki + restart: always + depends_on: + - tomcatwikidb + environment: + - DB_TYPE=postgres + - DB_HOST=tomcatwikidb + - DB_PORT=5432 + - DB_USER=wiki + - DB_PASS=${TOMCATWIKI_DB_SECRET} + - DB_NAME=wiki + networks: + - tomcatwiki_backend + - backend networks: public: @@ -289,4 +424,5 @@ networks: hedgedoc_backend: it_strategy_dashboard_backend: panda_maintenance_backend: + tomcatwiki_backend: