From c06bc0086f1ee3a492f455b8d65cbe4885207a2a Mon Sep 17 00:00:00 2001 From: ritter_t Date: Wed, 7 Jan 2026 11:53:26 +0100 Subject: [PATCH 01/55] chore(v4.0): update frontend and backend container (#25) Co-authored-by: tom.ritter Reviewed-on: https://gitea.psi.ch/linux/WebHosting/pulls/25 Co-authored-by: ritter_t Co-committed-by: ritter_t --- docker-compose.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index 02cff27..4e39411 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -180,7 +180,7 @@ services: # It-Strategy monitoring dashboard it-strategy-dashboard-frontend: - image: gitea.psi.ch/9501/it-strategy-dashboard-frontend:3.0 + image: gitea.psi.ch/9501/it-strategy-dashboard-frontend:4.0 container_name: it-strategy-dashboard-frontend command: ["sh","-c","/usr/local/bin/copyData.sh"] volumes: @@ -190,7 +190,7 @@ services: - it_strategy_dashboard_backend it-strategy-dashboard-backend: - image: gitea.psi.ch/9501/it-strategy-dashboard-backend:3.0.1 + image: gitea.psi.ch/9501/it-strategy-dashboard-backend:4.0 container_name: it-strategy-dashboard-backend restart: always environment: From 183b9039cbee14c46c325b222a0870d9901d6f8d Mon Sep 17 00:00:00 2001 From: flechsig Date: Thu, 8 Jan 2026 15:41:28 +0100 Subject: [PATCH 02/55] add conf and logs --- docker-compose.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker-compose.yaml b/docker-compose.yaml index 02cff27..74e9274 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -152,6 +152,8 @@ services: - /opt/webcontent/opticswiki/pub:/usr/local/apache2/Foswiki-2.1.9/pub - /opt/webcontent/opticswiki/working:/usr/local/apache2/Foswiki-2.1.9/working - /opt/webcontent/opticswiki/lib:/usr/local/apache2/Foswiki-2.1.9/lib + - /opt/webcontent/opticswiki/conf:/usr/local/apache2/conf + - /opt/webcontent/opticswiki/logs:/var/log/apache2 networks: - backend From b453de1e321220c9d83beb83948ebc23d4c46cf4 Mon Sep 17 00:00:00 2001 From: ebner Date: Tue, 13 Jan 2026 15:16:29 +0100 Subject: [PATCH 03/55] new service actris-test.psi.ch --- conf.d/actris-test.conf | 30 ++++++++++++++++++++++++++++++ docker-compose.yaml | 1 + 2 files changed, 31 insertions(+) create mode 100644 conf.d/actris-test.conf diff --git a/conf.d/actris-test.conf b/conf.d/actris-test.conf new file mode 100644 index 0000000..156de38 --- /dev/null +++ b/conf.d/actris-test.conf @@ -0,0 +1,30 @@ +# INC0150202 Kohlbrecher Joachim & Wall Edward Owen +server { + listen 80; + server_name actris-test.psi.ch; + + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl; + server_name actris-test.psi.ch; + + root /opt/webcontent/actris-test; + index index.html; + + ssl_certificate /etc/nginx/certs/actris-test.psi.ch.crt; + ssl_certificate_key /etc/nginx/private/actris-test.psi.ch.key; + + access_log /var/log/nginx/actris-test.access.log; + error_log /var/log/nginx/actris-test.error.log; + + location / { + autoindex on; + autoindex_exact_size off; + autoindex_localtime on; + + try_files $uri $uri/ =404; + } +} + diff --git a/docker-compose.yaml b/docker-compose.yaml index 4e39411..fd91354 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -18,6 +18,7 @@ services: - /etc/nginx/nginx.conf:/etc/nginx/nginx.conf:ro - /etc/nginx/conf.d:/etc/nginx/conf.d:ro - /opt/webcontent/sinqstatus-test:/opt/webcontent/sinqstatus-test:ro + - /mount/actris:/opt/webcontent/actris-test:ro - /opt/webcontent/it-strategy-dashboard/frontend/:/opt/webcontent/it-strategy-dashboard/:ro networks: - public From 9333c15cba62e18c6a32afee9810b7f24e8d89de Mon Sep 17 00:00:00 2001 From: ebner Date: Tue, 13 Jan 2026 15:25:19 +0100 Subject: [PATCH 04/55] retrofit a change that was done manually on the hosting server --- apache/conf/gfa-status.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apache/conf/gfa-status.conf b/apache/conf/gfa-status.conf index 23bf340..ada1487 100644 --- a/apache/conf/gfa-status.conf +++ b/apache/conf/gfa-status.conf @@ -15,7 +15,7 @@ php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -fwebmaster@gfa-status.web.psi.ch" php_admin_value upload_tmp_dir /var/www/clients/client45/web70/tmp php_admin_value session.save_path /var/www/clients/client45/web70/tmp - php_admin_value open_basedir /var/www/clients/client45/web70/web:/var/www/clients/client45/web70/private:/var/www/clients/client45/web70/tmp:/var/www/gfa-status.web.psi.ch/web:/tmp:/usr/share/php:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/var/www/error/ + php_admin_value open_basedir /var/www/clients/client45/web70/web:/var/www/clients/client45/web70/private:/var/www/clients/client45/web70/tmp:/var/www/gfa-status/web:/tmp:/usr/share/php:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/var/www/error/ Options +FollowSymLinks +Includes From 965882045cb72366abe45ff110a1d987195d8012 Mon Sep 17 00:00:00 2001 From: ebner Date: Tue, 13 Jan 2026 15:26:33 +0100 Subject: [PATCH 05/55] apparantely on the hosting server ther is a .env with secrets - so we should ignore this --- .gitignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4c49bd7 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.env From dd0407dbb0a5dc33aa8bc4544fcc9b1aed6d29fd Mon Sep 17 00:00:00 2001 From: flechsig Date: Wed, 14 Jan 2026 13:21:02 +0100 Subject: [PATCH 06/55] forward http cookie --- conf.d/opticswiki.conf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/conf.d/opticswiki.conf b/conf.d/opticswiki.conf index 9401843..a8ea359 100644 --- a/conf.d/opticswiki.conf +++ b/conf.d/opticswiki.conf @@ -19,5 +19,8 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; + # UF add + proxy_set_header Cookie $http_cookie; + proxy_set_header Authorization $http_authorization; } } From 90b8e594920a391a25f30bd868b4c64c63b88cb7 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Wed, 14 Jan 2026 14:59:34 +0100 Subject: [PATCH 07/55] =?UTF-8?q?initial=20commit=20f=C3=BCr=20tia=20core?= =?UTF-8?q?=20mit=20schmidt=20michael?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Basil Bruhn --- conf.d/archivsap.conf | 21 +++++++++++++++++++++ docker-compose.yaml | 23 +++++++++++++++++++++++ 2 files changed, 44 insertions(+) create mode 100644 conf.d/archivsap.conf diff --git a/conf.d/archivsap.conf b/conf.d/archivsap.conf new file mode 100644 index 0000000..9ad257d --- /dev/null +++ b/conf.d/archivsap.conf @@ -0,0 +1,21 @@ +server { + listen 80; + server_name saparchive.psi.ch; + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl; + server_name saparchive.psi.ch; + + ssl_certificate /etc/nginx/certs/saparchive.psi.ch.crt; + ssl_certificate_key /etc/nginx/private/saparchive.psi.ch.key; + + location / { + proxy_pass http://tiacore-test:9443; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} diff --git a/docker-compose.yaml b/docker-compose.yaml index c8a456f..203feca 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -283,6 +283,29 @@ services: - backend - panda_maintenance_backend + tiacore: + container_name: tiacore-test + image: images.kgs-cloud.de/tia/core/saphttp:3.17.1 + volumes: + - /opt/webcontent/tiacore-test/config/license:/application/license + # - /opt/kgs/docker/tiacore-P/config/keystore:/application/ssl/keystore + - /opt/webcontent/tiacore-test/config:/application/config/ + # - /opt/kgs/docker/tiacore-P/data:/application/data + # - /opt/kgs/docker/certificates:/application/ssl + environment: + LOGGING_LEVEL_ROOT: INFO + # Authentifizierung für WebUI + WEBAPP_SECURITY_AUTH_BASIC_USERNAME: admin + WEBAPP_SECURITY_AUTH_BASIC_PASSWORD: "$$2a$$10$$5E1KpGIKSq6xuWmGf92bheB17V0l4fEMnVmYPqhWiazKddcx1TF/e" + + # SSL Keystore + # SERVER_PORT: 9443 + # SERVER_SSL_KEYSTORE: /application/ssl/core_keystore.p12 + # SERVER_SSL_KEYSTOREPASSWORD: changeme + # SERVER_SSL_KEYALIAS: kgs + # SERVER_SSL_ENABLED: "true" + networks: + - backend networks: public: From 0fe66cfdbf27d136c340eca0e46e598e600069fd Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Wed, 14 Jan 2026 15:50:38 +0100 Subject: [PATCH 08/55] port wrong in documentation Signed-off-by: Basil Bruhn --- conf.d/archivsap.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf.d/archivsap.conf b/conf.d/archivsap.conf index 9ad257d..a10b29f 100644 --- a/conf.d/archivsap.conf +++ b/conf.d/archivsap.conf @@ -12,7 +12,7 @@ server { ssl_certificate_key /etc/nginx/private/saparchive.psi.ch.key; location / { - proxy_pass http://tiacore-test:9443; + proxy_pass http://tiacore-test:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; From 09b0d7c5353df6ccb553519aa73ee2262927d351 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Wed, 14 Jan 2026 15:53:36 +0100 Subject: [PATCH 09/55] rename to keep names consistent Signed-off-by: Basil Bruhn --- conf.d/{archivsap.conf => saparchive-test.conf} | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) rename conf.d/{archivsap.conf => saparchive-test.conf} (63%) diff --git a/conf.d/archivsap.conf b/conf.d/saparchive-test.conf similarity index 63% rename from conf.d/archivsap.conf rename to conf.d/saparchive-test.conf index a10b29f..8a0cae0 100644 --- a/conf.d/archivsap.conf +++ b/conf.d/saparchive-test.conf @@ -1,15 +1,15 @@ server { listen 80; - server_name saparchive.psi.ch; + server_name saparchive-test.psi.ch; return 301 https://$host$request_uri; } server { listen 443 ssl; - server_name saparchive.psi.ch; + server_name saparchive-test.psi.ch; - ssl_certificate /etc/nginx/certs/saparchive.psi.ch.crt; - ssl_certificate_key /etc/nginx/private/saparchive.psi.ch.key; + ssl_certificate /etc/nginx/certs/saparchive-test.psi.ch.crt; + ssl_certificate_key /etc/nginx/private/saparchive-test.psi.ch.key; location / { proxy_pass http://tiacore-test:8080; From bee369a7b762b973dbf0ea5fd1745eb08c8332d5 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Wed, 14 Jan 2026 16:52:37 +0100 Subject: [PATCH 10/55] add keystore configuration to tiacore-test application, key var is saved in .env Signed-off-by: Basil Bruhn --- docker-compose.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index d24b9d2..bc0533c 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -290,7 +290,7 @@ services: image: images.kgs-cloud.de/tia/core/saphttp:3.17.1 volumes: - /opt/webcontent/tiacore-test/config/license:/application/license - # - /opt/kgs/docker/tiacore-P/config/keystore:/application/ssl/keystore + - /opt/webcontent/tiacore-test/config/keystore:/application/ssl - /opt/webcontent/tiacore-test/config:/application/config/ # - /opt/kgs/docker/tiacore-P/data:/application/data # - /opt/kgs/docker/certificates:/application/ssl @@ -301,11 +301,11 @@ services: WEBAPP_SECURITY_AUTH_BASIC_PASSWORD: "$$2a$$10$$5E1KpGIKSq6xuWmGf92bheB17V0l4fEMnVmYPqhWiazKddcx1TF/e" # SSL Keystore - # SERVER_PORT: 9443 - # SERVER_SSL_KEYSTORE: /application/ssl/core_keystore.p12 - # SERVER_SSL_KEYSTOREPASSWORD: changeme - # SERVER_SSL_KEYALIAS: kgs - # SERVER_SSL_ENABLED: "true" + SERVER_PORT: 8080 + SERVER_SSL_KEYSTORE: /application/ssl/tiacore-test + SERVER_SSL_KEYSTOREPASSWORD: ${KGS_KEYSTORE_PASS} + SERVER_SSL_KEYALIAS: tiacore-test + SERVER_SSL_ENABLED: "true" networks: - backend From 9194336074a9284cf012b033a02bb540f36b2737 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Wed, 14 Jan 2026 16:54:05 +0100 Subject: [PATCH 11/55] no alias for keystore Signed-off-by: Basil Bruhn --- docker-compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index bc0533c..ef9d091 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -304,7 +304,7 @@ services: SERVER_PORT: 8080 SERVER_SSL_KEYSTORE: /application/ssl/tiacore-test SERVER_SSL_KEYSTOREPASSWORD: ${KGS_KEYSTORE_PASS} - SERVER_SSL_KEYALIAS: tiacore-test + # SERVER_SSL_KEYALIAS: tiacore-test SERVER_SSL_ENABLED: "true" networks: - backend From e07b683a16dba557d403a6276d34aee297536265 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Wed, 14 Jan 2026 17:01:29 +0100 Subject: [PATCH 12/55] change java app port Signed-off-by: Basil Bruhn --- docker-compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index ef9d091..7011108 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -301,7 +301,7 @@ services: WEBAPP_SECURITY_AUTH_BASIC_PASSWORD: "$$2a$$10$$5E1KpGIKSq6xuWmGf92bheB17V0l4fEMnVmYPqhWiazKddcx1TF/e" # SSL Keystore - SERVER_PORT: 8080 + SERVER_PORT: 443 SERVER_SSL_KEYSTORE: /application/ssl/tiacore-test SERVER_SSL_KEYSTOREPASSWORD: ${KGS_KEYSTORE_PASS} # SERVER_SSL_KEYALIAS: tiacore-test From db1509f30006e62e5af4381496afb33c83cb208f Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Wed, 14 Jan 2026 17:05:14 +0100 Subject: [PATCH 13/55] remove port mapping, take default Signed-off-by: Basil Bruhn --- docker-compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index 7011108..d9b761a 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -301,7 +301,7 @@ services: WEBAPP_SECURITY_AUTH_BASIC_PASSWORD: "$$2a$$10$$5E1KpGIKSq6xuWmGf92bheB17V0l4fEMnVmYPqhWiazKddcx1TF/e" # SSL Keystore - SERVER_PORT: 443 + # SERVER_PORT: 443 SERVER_SSL_KEYSTORE: /application/ssl/tiacore-test SERVER_SSL_KEYSTOREPASSWORD: ${KGS_KEYSTORE_PASS} # SERVER_SSL_KEYALIAS: tiacore-test From a94eee6872409a755f74d3713757e3c39df38b55 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Wed, 14 Jan 2026 17:09:01 +0100 Subject: [PATCH 14/55] no SSL? Signed-off-by: Basil Bruhn --- docker-compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index d9b761a..e4f460e 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -305,7 +305,7 @@ services: SERVER_SSL_KEYSTORE: /application/ssl/tiacore-test SERVER_SSL_KEYSTOREPASSWORD: ${KGS_KEYSTORE_PASS} # SERVER_SSL_KEYALIAS: tiacore-test - SERVER_SSL_ENABLED: "true" + # SERVER_SSL_ENABLED: "true" networks: - backend From a5b7164a22f486bc495d73971d3d4497970d57ab Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Wed, 14 Jan 2026 17:10:47 +0100 Subject: [PATCH 15/55] no JAVA opts, we handle everything in nginx conifg Signed-off-by: Basil Bruhn --- docker-compose.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index e4f460e..f6bfd40 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -302,8 +302,8 @@ services: # SSL Keystore # SERVER_PORT: 443 - SERVER_SSL_KEYSTORE: /application/ssl/tiacore-test - SERVER_SSL_KEYSTOREPASSWORD: ${KGS_KEYSTORE_PASS} + # SERVER_SSL_KEYSTORE: /application/ssl/tiacore-test + # SERVER_SSL_KEYSTOREPASSWORD: ${KGS_KEYSTORE_PASS} # SERVER_SSL_KEYALIAS: tiacore-test # SERVER_SSL_ENABLED: "true" networks: From 5e0770093ba7bf0a3e94d453699f9eb432befea8 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Wed, 14 Jan 2026 17:18:54 +0100 Subject: [PATCH 16/55] create storage configuration for live data to be mounted by all tia core containers Signed-off-by: Basil Bruhn --- docker-compose.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index f6bfd40..ed074d8 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -292,7 +292,8 @@ services: - /opt/webcontent/tiacore-test/config/license:/application/license - /opt/webcontent/tiacore-test/config/keystore:/application/ssl - /opt/webcontent/tiacore-test/config:/application/config/ - # - /opt/kgs/docker/tiacore-P/data:/application/data + - /opt/webcontent/tiacore-data/classic_archive:/application/data_classic + - /opt/webcontent/tiacore-data/core_archive:/application/data_core # - /opt/kgs/docker/certificates:/application/ssl environment: LOGGING_LEVEL_ROOT: INFO From 9a927b543c9073c00ffe7ffdccfca3e70dd52c9d Mon Sep 17 00:00:00 2001 From: Clemens Lange Date: Thu, 15 Jan 2026 15:03:35 +0100 Subject: [PATCH 17/55] Add summer-project-selection --- docker-compose.yaml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docker-compose.yaml b/docker-compose.yaml index ed074d8..3688357 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -310,6 +310,17 @@ services: networks: - backend + # Lange Clemens + # summer-project-selection.psi.ch + summer-project-selection: + image: gitea.psi.ch/lange_c/summer-project-selection:latest + restart: always + volumes: + - /opt/webcontent/summer-project-selection:/app + networks: + - backend + + networks: public: backend: From cc783a0c0a5c7160a81d7eb9e879d43e770b0381 Mon Sep 17 00:00:00 2001 From: Clemens Lange Date: Thu, 15 Jan 2026 15:13:04 +0100 Subject: [PATCH 18/55] Add nginx config for summer-project-selection --- conf.d/summer-project-selection.conf | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 conf.d/summer-project-selection.conf diff --git a/conf.d/summer-project-selection.conf b/conf.d/summer-project-selection.conf new file mode 100644 index 0000000..b376256 --- /dev/null +++ b/conf.d/summer-project-selection.conf @@ -0,0 +1,23 @@ +server { + listen 80; + server_name summer-project-selection-test.psi.ch; + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl; + server_name summer-project-selection-test.psi.ch; + + ssl_certificate /etc/nginx/certs/summer-project-selection-test.psi.ch.crt; + ssl_certificate_key /etc/nginx/private/summer-project-selection-test.psi.ch.key; + + location / { + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_pass https://summer-project-selection:5000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} From 56afc0e94a99ce9ad624563f1d9378b1a2a6e625 Mon Sep 17 00:00:00 2001 From: Clemens Lange Date: Fri, 16 Jan 2026 12:29:46 +0100 Subject: [PATCH 19/55] Use more fine-grained volume mounts for summer-project-selection --- docker-compose.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index 3688357..f52981c 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -316,7 +316,9 @@ services: image: gitea.psi.ch/lange_c/summer-project-selection:latest restart: always volumes: - - /opt/webcontent/summer-project-selection:/app + - /opt/webcontent/summer-project-selection/data:/app/data + - /opt/webcontent/summer-project-selection/projects:/app/projects + - /opt/webcontent/summer-project-selection/applicants:/app/applicants networks: - backend From a6c618f8414e4ffa177d299c86df12c124b5c324 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Fri, 16 Jan 2026 12:59:02 +0100 Subject: [PATCH 20/55] no https in docker backend Signed-off-by: Basil Bruhn --- conf.d/summer-project-selection.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf.d/summer-project-selection.conf b/conf.d/summer-project-selection.conf index b376256..326ef19 100644 --- a/conf.d/summer-project-selection.conf +++ b/conf.d/summer-project-selection.conf @@ -14,7 +14,7 @@ server { location / { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; - proxy_pass https://summer-project-selection:5000; + proxy_pass http://summer-project-selection:5000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; From c7971989d71d31ac65fd449685030a60a8b89fc8 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Mon, 19 Jan 2026 12:51:33 +0100 Subject: [PATCH 21/55] mountpoint for sap archival data Signed-off-by: Basil Bruhn --- docker-compose.yaml | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index f52981c..2b0714d 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -293,20 +293,14 @@ services: - /opt/webcontent/tiacore-test/config/keystore:/application/ssl - /opt/webcontent/tiacore-test/config:/application/config/ - /opt/webcontent/tiacore-data/classic_archive:/application/data_classic - - /opt/webcontent/tiacore-data/core_archive:/application/data_core + - /mount/saparchive:/application/data_core + # - /opt/webcontent/tiacore-data/core_archive:/application/data_core # - /opt/kgs/docker/certificates:/application/ssl environment: LOGGING_LEVEL_ROOT: INFO # Authentifizierung für WebUI WEBAPP_SECURITY_AUTH_BASIC_USERNAME: admin WEBAPP_SECURITY_AUTH_BASIC_PASSWORD: "$$2a$$10$$5E1KpGIKSq6xuWmGf92bheB17V0l4fEMnVmYPqhWiazKddcx1TF/e" - - # SSL Keystore - # SERVER_PORT: 443 - # SERVER_SSL_KEYSTORE: /application/ssl/tiacore-test - # SERVER_SSL_KEYSTOREPASSWORD: ${KGS_KEYSTORE_PASS} - # SERVER_SSL_KEYALIAS: tiacore-test - # SERVER_SSL_ENABLED: "true" networks: - backend @@ -322,7 +316,6 @@ services: networks: - backend - networks: public: backend: From ef1c18678c6192c0c9b234be7502c7bb3e090207 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Mon, 19 Jan 2026 13:09:41 +0100 Subject: [PATCH 22/55] remove old mountpoint from opt/webcontent Signed-off-by: Basil Bruhn --- docker-compose.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index 2b0714d..5cd9496 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -292,7 +292,6 @@ services: - /opt/webcontent/tiacore-test/config/license:/application/license - /opt/webcontent/tiacore-test/config/keystore:/application/ssl - /opt/webcontent/tiacore-test/config:/application/config/ - - /opt/webcontent/tiacore-data/classic_archive:/application/data_classic - /mount/saparchive:/application/data_core # - /opt/webcontent/tiacore-data/core_archive:/application/data_core # - /opt/kgs/docker/certificates:/application/ssl From 4534aaed182800a55c3e150a85579554dd9f452c Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Mon, 19 Jan 2026 13:13:52 +0100 Subject: [PATCH 23/55] rename core archive to classic and mount new core archive, path not final Signed-off-by: Basil Bruhn --- docker-compose.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index 5cd9496..5677f89 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -292,8 +292,8 @@ services: - /opt/webcontent/tiacore-test/config/license:/application/license - /opt/webcontent/tiacore-test/config/keystore:/application/ssl - /opt/webcontent/tiacore-test/config:/application/config/ - - /mount/saparchive:/application/data_core - # - /opt/webcontent/tiacore-data/core_archive:/application/data_core + - /mount/saparchive:/application/data_classic + - /opt/webcontent/tiacore-data/core_archive:/application/data_core # - /opt/kgs/docker/certificates:/application/ssl environment: LOGGING_LEVEL_ROOT: INFO From 07b38b10a92d2661dc08be3e36c9a43dcb527df7 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Mon, 19 Jan 2026 14:37:53 +0100 Subject: [PATCH 24/55] cleanup test system and deploy production container Signed-off-by: Basil Bruhn --- conf.d/saparchive.conf | 21 +++++++++++++++++++++ docker-compose.yaml | 26 ++++++++++++++++++++++---- 2 files changed, 43 insertions(+), 4 deletions(-) create mode 100644 conf.d/saparchive.conf diff --git a/conf.d/saparchive.conf b/conf.d/saparchive.conf new file mode 100644 index 0000000..09e2338 --- /dev/null +++ b/conf.d/saparchive.conf @@ -0,0 +1,21 @@ +server { + listen 80; + server_name saparchive.psi.ch; + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl; + server_name saparchive.psi.ch; + + ssl_certificate /etc/nginx/certs/saparchive.psi.ch.crt; + ssl_certificate_key /etc/nginx/private/saparchive.psi.ch.key; + + location / { + proxy_pass http://tiacore-prod:8080; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} diff --git a/docker-compose.yaml b/docker-compose.yaml index 5677f89..6c701b9 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -285,16 +285,34 @@ services: - backend - panda_maintenance_backend - tiacore: + # michael.schmidt@psi.ch + # SAP Archiv Programm von der Firma KGS supportabteilung@kgs-software.com + tiacore-test: container_name: tiacore-test image: images.kgs-cloud.de/tia/core/saphttp:3.17.1 volumes: - /opt/webcontent/tiacore-test/config/license:/application/license - /opt/webcontent/tiacore-test/config/keystore:/application/ssl - /opt/webcontent/tiacore-test/config:/application/config/ - - /mount/saparchive:/application/data_classic - - /opt/webcontent/tiacore-data/core_archive:/application/data_core - # - /opt/kgs/docker/certificates:/application/ssl + - /mount/saparchive/testdata:/application/data + environment: + LOGGING_LEVEL_ROOT: INFO + # Authentifizierung für WebUI + WEBAPP_SECURITY_AUTH_BASIC_USERNAME: admin + WEBAPP_SECURITY_AUTH_BASIC_PASSWORD: "$$2a$$10$$5E1KpGIKSq6xuWmGf92bheB17V0l4fEMnVmYPqhWiazKddcx1TF/e" + networks: + - backend + + # michael.schmidt@psi.ch + # SAP Archiv Programm von der Firma KGS supportabteilung@kgs-software.com + tiacore-prod: + container_name: tiacore-prod + image: images.kgs-cloud.de/tia/core/saphttp:3.17.1 + volumes: + - /opt/webcontent/tiacore-prod/config/license:/application/license + - /opt/webcontent/tiacore-prod/config/keystore:/application/ssl + - /opt/webcontent/tiacore-prod/config:/application/config/ + - /mount/saparchive:/application/data environment: LOGGING_LEVEL_ROOT: INFO # Authentifizierung für WebUI From 00cb196e95cff8c7fdfc4f04cc3cadc3d765eeef Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Mon, 19 Jan 2026 15:22:54 +0100 Subject: [PATCH 25/55] megiwiki run on apache php infra Signed-off-by: Basil Bruhn --- apache/conf/megwiki-test.conf | 14 ++++++++++++++ conf.d/megwiki-test.psi.ch | 21 +++++++++++++++++++++ docker-compose.yaml | 1 + 3 files changed, 36 insertions(+) create mode 100644 apache/conf/megwiki-test.conf create mode 100644 conf.d/megwiki-test.psi.ch diff --git a/apache/conf/megwiki-test.conf b/apache/conf/megwiki-test.conf new file mode 100644 index 0000000..78ed878 --- /dev/null +++ b/apache/conf/megwiki-test.conf @@ -0,0 +1,14 @@ + + ServerName megwiki-test.psi.ch + DocumentRoot /var/www/megwiki + + + Options FollowSymLinks + AllowOverride All + Require all granted + + + ErrorLog /proc/self/fd/2 + CustomLog /proc/self/fd/1 combined + + diff --git a/conf.d/megwiki-test.psi.ch b/conf.d/megwiki-test.psi.ch new file mode 100644 index 0000000..5b14dc0 --- /dev/null +++ b/conf.d/megwiki-test.psi.ch @@ -0,0 +1,21 @@ +server { + listen 80; + server_name megwiki-test.psi.ch; + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl; + server_name megwiki-test.psi.ch; + + ssl_certificate /etc/nginx/certs/megwiki-test.psi.ch.crt; + ssl_certificate_key /etc/nginx/private/megwiki-test.psi.ch.key; + + location / { + proxy_pass http://apache_app:80; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} diff --git a/docker-compose.yaml b/docker-compose.yaml index 6c701b9..406a37d 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -37,6 +37,7 @@ services: - /opt/webcontent/gfa-status:/var/www/gfa-status:rw - /opt/webcontent/fluid-eos:/var/www/fluid-eos:rw - /opt/webcontent/sls2:/var/www/sls2:rw + - /opt/webcontent/megwiki:/var/www/megwiki:rw - /mount/srem/webhosting:/var/www/srem:rw - ./apache/conf:/etc/apache2/sites-enabled:ro networks: From 33dda032f6c44f67d283bad27310763c031955b4 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Mon, 19 Jan 2026 15:27:26 +0100 Subject: [PATCH 26/55] whoopsie Signed-off-by: Basil Bruhn --- conf.d/{megwiki-test.psi.ch => megwiki-test.conf} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename conf.d/{megwiki-test.psi.ch => megwiki-test.conf} (100%) diff --git a/conf.d/megwiki-test.psi.ch b/conf.d/megwiki-test.conf similarity index 100% rename from conf.d/megwiki-test.psi.ch rename to conf.d/megwiki-test.conf From c2edc120817562290454f12ee74dbf65376caa38 Mon Sep 17 00:00:00 2001 From: ebner Date: Wed, 21 Jan 2026 12:02:48 +0100 Subject: [PATCH 27/55] add config for lbr scheduler - formerly lblims --- conf.d/lbr-scheduler.conf | 21 +++++++++++++++++++++ docker-compose.yaml | 1 + 2 files changed, 22 insertions(+) create mode 100644 conf.d/lbr-scheduler.conf diff --git a/conf.d/lbr-scheduler.conf b/conf.d/lbr-scheduler.conf new file mode 100644 index 0000000..e18859b --- /dev/null +++ b/conf.d/lbr-scheduler.conf @@ -0,0 +1,21 @@ +server { + listen 80; + server_name lbr-scheduler.psi.ch; + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl; + server_name lbr-scheduler.psi.ch; + + ssl_certificate /etc/nginx/certs/lbr-scheduler.psi.ch.crt; + ssl_certificate_key /etc/nginx/private/lbr-scheduler.psi.ch.key; + + location / { + proxy_pass http://apache_app:80; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} diff --git a/docker-compose.yaml b/docker-compose.yaml index 406a37d..5ef45a2 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -38,6 +38,7 @@ services: - /opt/webcontent/fluid-eos:/var/www/fluid-eos:rw - /opt/webcontent/sls2:/var/www/sls2:rw - /opt/webcontent/megwiki:/var/www/megwiki:rw + - /opt/webcontent/lbr-scheduler:/var/www/lbr-scheduler:rw - /mount/srem/webhosting:/var/www/srem:rw - ./apache/conf:/etc/apache2/sites-enabled:ro networks: From 20e1b98fefd786c8fb1cd801f34614d98e79f23c Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Wed, 21 Jan 2026 12:10:49 +0100 Subject: [PATCH 28/55] destinct between productive data and test data. Test data is always a copy ~1 day old of prod Signed-off-by: Basil Bruhn --- docker-compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index 406a37d..3403357 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -313,7 +313,7 @@ services: - /opt/webcontent/tiacore-prod/config/license:/application/license - /opt/webcontent/tiacore-prod/config/keystore:/application/ssl - /opt/webcontent/tiacore-prod/config:/application/config/ - - /mount/saparchive:/application/data + - /mount/saparchive/proddata:/application/data environment: LOGGING_LEVEL_ROOT: INFO # Authentifizierung für WebUI From 14c2916f57fe939a6456b4299b1d2ed2abaa7d1e Mon Sep 17 00:00:00 2001 From: ebner Date: Wed, 21 Jan 2026 12:19:53 +0100 Subject: [PATCH 29/55] add apache config --- apache/conf/lbr-scheduler.conf | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 apache/conf/lbr-scheduler.conf diff --git a/apache/conf/lbr-scheduler.conf b/apache/conf/lbr-scheduler.conf new file mode 100644 index 0000000..5658352 --- /dev/null +++ b/apache/conf/lbr-scheduler.conf @@ -0,0 +1,14 @@ + + ServerName lbr-scheduler.psi.ch + DocumentRoot /var/www/lbr-scheduler + + + Options FollowSymLinks + AllowOverride All + Require all granted + + + ErrorLog /proc/self/fd/2 + CustomLog /proc/self/fd/1 combined + + From 3de832b7b28e03d17f6e6e8396488041e92bb365 Mon Sep 17 00:00:00 2001 From: ebner Date: Wed, 21 Jan 2026 12:39:07 +0100 Subject: [PATCH 30/55] update --- apache/conf/lbr-scheduler.conf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/apache/conf/lbr-scheduler.conf b/apache/conf/lbr-scheduler.conf index 5658352..35d210c 100644 --- a/apache/conf/lbr-scheduler.conf +++ b/apache/conf/lbr-scheduler.conf @@ -5,7 +5,8 @@ Options FollowSymLinks AllowOverride All - Require all granted + Order allow,deny + Allow from all ErrorLog /proc/self/fd/2 From 0ebccfdec9a4c80a428b2a60b938400e647edbc2 Mon Sep 17 00:00:00 2001 From: ebner Date: Wed, 21 Jan 2026 15:10:57 +0100 Subject: [PATCH 31/55] test --- apache/conf/lbr-scheduler.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apache/conf/lbr-scheduler.conf b/apache/conf/lbr-scheduler.conf index 35d210c..5744909 100644 --- a/apache/conf/lbr-scheduler.conf +++ b/apache/conf/lbr-scheduler.conf @@ -9,7 +9,7 @@ Allow from all - ErrorLog /proc/self/fd/2 - CustomLog /proc/self/fd/1 combined + # ErrorLog /proc/self/fd/2 + # CustomLog /proc/self/fd/1 combined From 844a2be9d01e95530f95f636b628f33ce1023c1c Mon Sep 17 00:00:00 2001 From: ebner Date: Wed, 21 Jan 2026 15:14:25 +0100 Subject: [PATCH 32/55] test --- apache/conf/lbr-scheduler.conf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/apache/conf/lbr-scheduler.conf b/apache/conf/lbr-scheduler.conf index 5744909..0b0efa4 100644 --- a/apache/conf/lbr-scheduler.conf +++ b/apache/conf/lbr-scheduler.conf @@ -9,6 +9,8 @@ Allow from all + ErrorLog /var/log/apache2/lbr-scheduler-error.log + CustomLog /var/log/apache2/lbr-scheduler-access.log combined # ErrorLog /proc/self/fd/2 # CustomLog /proc/self/fd/1 combined From df2c05ba112c5b36e6690a25054641da0c773ce7 Mon Sep 17 00:00:00 2001 From: ebner Date: Wed, 21 Jan 2026 15:16:33 +0100 Subject: [PATCH 33/55] revert --- apache/conf/lbr-scheduler.conf | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/apache/conf/lbr-scheduler.conf b/apache/conf/lbr-scheduler.conf index 0b0efa4..35d210c 100644 --- a/apache/conf/lbr-scheduler.conf +++ b/apache/conf/lbr-scheduler.conf @@ -9,9 +9,7 @@ Allow from all - ErrorLog /var/log/apache2/lbr-scheduler-error.log - CustomLog /var/log/apache2/lbr-scheduler-access.log combined - # ErrorLog /proc/self/fd/2 - # CustomLog /proc/self/fd/1 combined + ErrorLog /proc/self/fd/2 + CustomLog /proc/self/fd/1 combined From 26ecd4f9f9098d11e289372f59ff8ecbfcacbd7d Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Thu, 22 Jan 2026 10:02:31 +0100 Subject: [PATCH 34/55] rename gfa status to cas-status and file location to cas_status Signed-off-by: Basil Bruhn --- apache/conf/{gfa-status.conf => cas-status-test.conf} | 9 ++++----- conf.d/{gfa-status-test.conf => cas-status-test.conf} | 8 ++++---- docker-compose.yaml | 2 +- 3 files changed, 9 insertions(+), 10 deletions(-) rename apache/conf/{gfa-status.conf => cas-status-test.conf} (74%) rename conf.d/{gfa-status-test.conf => cas-status-test.conf} (64%) diff --git a/apache/conf/gfa-status.conf b/apache/conf/cas-status-test.conf similarity index 74% rename from apache/conf/gfa-status.conf rename to apache/conf/cas-status-test.conf index ada1487..54ddfcc 100644 --- a/apache/conf/gfa-status.conf +++ b/apache/conf/cas-status-test.conf @@ -1,6 +1,6 @@ - ServerName gfa-status-test.psi.ch - DocumentRoot /var/www/gfa-status/web + ServerName cas-status-test.psi.ch + DocumentRoot /var/www/cas_status/web ErrorLog /proc/self/fd/2 CustomLog /proc/self/fd/1 combined @@ -12,12 +12,11 @@ SetHandler application/x-httpd-php - php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -fwebmaster@gfa-status.web.psi.ch" php_admin_value upload_tmp_dir /var/www/clients/client45/web70/tmp php_admin_value session.save_path /var/www/clients/client45/web70/tmp - php_admin_value open_basedir /var/www/clients/client45/web70/web:/var/www/clients/client45/web70/private:/var/www/clients/client45/web70/tmp:/var/www/gfa-status/web:/tmp:/usr/share/php:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/var/www/error/ + php_admin_value open_basedir /var/www/clients/client45/web70/web:/var/www/clients/client45/web70/private:/var/www/clients/client45/web70/tmp:/var/www/cas_status/web:/tmp:/usr/share/php:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/var/www/error/ - + Options +FollowSymLinks +Includes AllowOverride All Require all granted diff --git a/conf.d/gfa-status-test.conf b/conf.d/cas-status-test.conf similarity index 64% rename from conf.d/gfa-status-test.conf rename to conf.d/cas-status-test.conf index 6c991a0..ea7e523 100644 --- a/conf.d/gfa-status-test.conf +++ b/conf.d/cas-status-test.conf @@ -1,15 +1,15 @@ server { listen 80; - server_name gfa-status-test.psi.ch; + server_name cas-status-test.psi.ch; return 301 https://$host$request_uri; } server { listen 443 ssl; - server_name gfa-status-test.psi.ch; + server_name cas-status-test.psi.ch; - ssl_certificate /etc/nginx/certs/gfa-status-test.psi.ch.crt; - ssl_certificate_key /etc/nginx/private/gfa-status-test.psi.ch.key; + ssl_certificate /etc/nginx/certs/cas-status-test.psi.ch.crt; + ssl_certificate_key /etc/nginx/private/cas-status-test.psi.ch.key; location / { proxy_pass http://apache_app:80; diff --git a/docker-compose.yaml b/docker-compose.yaml index 64511c8..1e6d266 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -34,7 +34,7 @@ services: restart: always volumes: - /opt/webcontent/rfmwtools:/var/www/rfmwtools:ro - - /opt/webcontent/gfa-status:/var/www/gfa-status:rw + - /opt/webcontent/cas_status:/var/www/cas_status:rw - /opt/webcontent/fluid-eos:/var/www/fluid-eos:rw - /opt/webcontent/sls2:/var/www/sls2:rw - /opt/webcontent/megwiki:/var/www/megwiki:rw From c62532eb24b158ad9f1e2f622ac7ce5e2d3bf016 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Thu, 22 Jan 2026 12:52:06 +0100 Subject: [PATCH 35/55] always restart sap archive containers Signed-off-by: Basil Bruhn --- docker-compose.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker-compose.yaml b/docker-compose.yaml index 1e6d266..f45695f 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -292,6 +292,7 @@ services: tiacore-test: container_name: tiacore-test image: images.kgs-cloud.de/tia/core/saphttp:3.17.1 + restart: always volumes: - /opt/webcontent/tiacore-test/config/license:/application/license - /opt/webcontent/tiacore-test/config/keystore:/application/ssl @@ -310,6 +311,7 @@ services: tiacore-prod: container_name: tiacore-prod image: images.kgs-cloud.de/tia/core/saphttp:3.17.1 + restart: always volumes: - /opt/webcontent/tiacore-prod/config/license:/application/license - /opt/webcontent/tiacore-prod/config/keystore:/application/ssl From dde2521dc1881766f1f1221ce44366de7fdb2c00 Mon Sep 17 00:00:00 2001 From: ebner Date: Thu, 22 Jan 2026 12:55:02 +0100 Subject: [PATCH 36/55] remove obsolete stuff --- apache/conf/lbr-scheduler.conf | 15 --------------- conf.d/actris-test.conf | 30 ------------------------------ docker-compose.yaml | 2 -- 3 files changed, 47 deletions(-) delete mode 100644 apache/conf/lbr-scheduler.conf delete mode 100644 conf.d/actris-test.conf diff --git a/apache/conf/lbr-scheduler.conf b/apache/conf/lbr-scheduler.conf deleted file mode 100644 index 35d210c..0000000 --- a/apache/conf/lbr-scheduler.conf +++ /dev/null @@ -1,15 +0,0 @@ - - ServerName lbr-scheduler.psi.ch - DocumentRoot /var/www/lbr-scheduler - - - Options FollowSymLinks - AllowOverride All - Order allow,deny - Allow from all - - - ErrorLog /proc/self/fd/2 - CustomLog /proc/self/fd/1 combined - - diff --git a/conf.d/actris-test.conf b/conf.d/actris-test.conf deleted file mode 100644 index 156de38..0000000 --- a/conf.d/actris-test.conf +++ /dev/null @@ -1,30 +0,0 @@ -# INC0150202 Kohlbrecher Joachim & Wall Edward Owen -server { - listen 80; - server_name actris-test.psi.ch; - - return 301 https://$host$request_uri; -} - -server { - listen 443 ssl; - server_name actris-test.psi.ch; - - root /opt/webcontent/actris-test; - index index.html; - - ssl_certificate /etc/nginx/certs/actris-test.psi.ch.crt; - ssl_certificate_key /etc/nginx/private/actris-test.psi.ch.key; - - access_log /var/log/nginx/actris-test.access.log; - error_log /var/log/nginx/actris-test.error.log; - - location / { - autoindex on; - autoindex_exact_size off; - autoindex_localtime on; - - try_files $uri $uri/ =404; - } -} - diff --git a/docker-compose.yaml b/docker-compose.yaml index f45695f..991e3f3 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -18,7 +18,6 @@ services: - /etc/nginx/nginx.conf:/etc/nginx/nginx.conf:ro - /etc/nginx/conf.d:/etc/nginx/conf.d:ro - /opt/webcontent/sinqstatus-test:/opt/webcontent/sinqstatus-test:ro - - /mount/actris:/opt/webcontent/actris-test:ro - /opt/webcontent/it-strategy-dashboard/frontend/:/opt/webcontent/it-strategy-dashboard/:ro networks: - public @@ -38,7 +37,6 @@ services: - /opt/webcontent/fluid-eos:/var/www/fluid-eos:rw - /opt/webcontent/sls2:/var/www/sls2:rw - /opt/webcontent/megwiki:/var/www/megwiki:rw - - /opt/webcontent/lbr-scheduler:/var/www/lbr-scheduler:rw - /mount/srem/webhosting:/var/www/srem:rw - ./apache/conf:/etc/apache2/sites-enabled:ro networks: From 7785426e23cc7d1ed191d85e13c1fb060bfac87e Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Thu, 22 Jan 2026 13:19:00 +0100 Subject: [PATCH 37/55] update password for tiacore test Signed-off-by: Basil Bruhn --- docker-compose.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index 991e3f3..5e51055 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -299,8 +299,8 @@ services: environment: LOGGING_LEVEL_ROOT: INFO # Authentifizierung für WebUI - WEBAPP_SECURITY_AUTH_BASIC_USERNAME: admin - WEBAPP_SECURITY_AUTH_BASIC_PASSWORD: "$$2a$$10$$5E1KpGIKSq6xuWmGf92bheB17V0l4fEMnVmYPqhWiazKddcx1TF/e" + WEBAPP_SECURITY_AUTH_BASIC_USERNAME: psiadmin + WEBAPP_SECURITY_AUTH_BASIC_PASSWORD: ${tiacore_test_adminpw} networks: - backend From 6d6b18f3d5947fcb210d7374d505ededcfc9b16d Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Thu, 22 Jan 2026 13:26:01 +0100 Subject: [PATCH 38/55] tiacore admin password Signed-off-by: Basil Bruhn --- docker-compose.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index 5e51055..30fad08 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -300,7 +300,7 @@ services: LOGGING_LEVEL_ROOT: INFO # Authentifizierung für WebUI WEBAPP_SECURITY_AUTH_BASIC_USERNAME: psiadmin - WEBAPP_SECURITY_AUTH_BASIC_PASSWORD: ${tiacore_test_adminpw} + WEBAPP_SECURITY_AUTH_BASIC_PASSWORD: ${tiacore_admin_password} networks: - backend @@ -318,8 +318,8 @@ services: environment: LOGGING_LEVEL_ROOT: INFO # Authentifizierung für WebUI - WEBAPP_SECURITY_AUTH_BASIC_USERNAME: admin - WEBAPP_SECURITY_AUTH_BASIC_PASSWORD: "$$2a$$10$$5E1KpGIKSq6xuWmGf92bheB17V0l4fEMnVmYPqhWiazKddcx1TF/e" + WEBAPP_SECURITY_AUTH_BASIC_USERNAME: psiadmin + WEBAPP_SECURITY_AUTH_BASIC_PASSWORD: ${tiacore_admin_password} networks: - backend From 3e4d343ae93259a9dc58eee01ebf197fea4eb405 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Thu, 22 Jan 2026 13:29:33 +0100 Subject: [PATCH 39/55] escape pw Signed-off-by: Basil Bruhn --- docker-compose.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index 30fad08..92fa6c0 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -300,7 +300,7 @@ services: LOGGING_LEVEL_ROOT: INFO # Authentifizierung für WebUI WEBAPP_SECURITY_AUTH_BASIC_USERNAME: psiadmin - WEBAPP_SECURITY_AUTH_BASIC_PASSWORD: ${tiacore_admin_password} + WEBAPP_SECURITY_AUTH_BASIC_PASSWORD: "${tiacore_admin_password}" networks: - backend @@ -319,7 +319,7 @@ services: LOGGING_LEVEL_ROOT: INFO # Authentifizierung für WebUI WEBAPP_SECURITY_AUTH_BASIC_USERNAME: psiadmin - WEBAPP_SECURITY_AUTH_BASIC_PASSWORD: ${tiacore_admin_password} + WEBAPP_SECURITY_AUTH_BASIC_PASSWORD: "${tiacore_admin_password}" networks: - backend From b4af114141125ed6b3cd43707a5f5aa2c6283cee Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Thu, 22 Jan 2026 14:36:37 +0100 Subject: [PATCH 40/55] stupid pw Signed-off-by: Basil Bruhn --- docker-compose.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index 92fa6c0..89b8abe 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -300,7 +300,7 @@ services: LOGGING_LEVEL_ROOT: INFO # Authentifizierung für WebUI WEBAPP_SECURITY_AUTH_BASIC_USERNAME: psiadmin - WEBAPP_SECURITY_AUTH_BASIC_PASSWORD: "${tiacore_admin_password}" + WEBAPP_SECURITY_AUTH_BASIC_PASSWORD: "$$2y$$10$$LA.TjBKRIDM/c6AJ86BZ/elpa9InzVbzqzLsyfc1Wt7h3S3N8MUPm" networks: - backend @@ -319,7 +319,7 @@ services: LOGGING_LEVEL_ROOT: INFO # Authentifizierung für WebUI WEBAPP_SECURITY_AUTH_BASIC_USERNAME: psiadmin - WEBAPP_SECURITY_AUTH_BASIC_PASSWORD: "${tiacore_admin_password}" + WEBAPP_SECURITY_AUTH_BASIC_PASSWORD: "$$2y$$10$$LA.TjBKRIDM/c6AJ86BZ/elpa9InzVbzqzLsyfc1Wt7h3S3N8MUPm" networks: - backend From faf235ef74788e046b11302f2aac2653c95e4cac Mon Sep 17 00:00:00 2001 From: ebner Date: Thu, 22 Jan 2026 15:51:26 +0100 Subject: [PATCH 41/55] updated config --- conf.d/lbr-scheduler.conf | 2 +- docker-compose.yaml | 13 +++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/conf.d/lbr-scheduler.conf b/conf.d/lbr-scheduler.conf index e18859b..fa02120 100644 --- a/conf.d/lbr-scheduler.conf +++ b/conf.d/lbr-scheduler.conf @@ -12,7 +12,7 @@ server { ssl_certificate_key /etc/nginx/private/lbr-scheduler.psi.ch.key; location / { - proxy_pass http://apache_app:80; + proxy_pass http://legacy_scheduleit:80; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/docker-compose.yaml b/docker-compose.yaml index 89b8abe..ef1e6ef 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -42,6 +42,19 @@ services: networks: - backend + legacy_scheduleit: + # image: gitea.psi.ch/images/php-apache:latest + image: gitea.psi.ch/images/legacy_scheduleit:latest + restart: always + container_name: legacy_scheduleit + ports: + - "80:80" + volumes: + - /opt/webcontent/lbr-scheduler/code:/var/www/lbr-scheduler:rw + - /opt/webcontent/lbr-scheduler/apache/conf:/etc/apache2/sites-enabled:ro + - /etc/timezone:/etc/timezone:ro + + # linux-eng@psi.ch # Test app excalidraw: From c0f961a7da50a64098179b48131741bfb36429e3 Mon Sep 17 00:00:00 2001 From: ebner Date: Thu, 22 Jan 2026 15:56:46 +0100 Subject: [PATCH 42/55] fixes ? --- conf.d/lbr-scheduler.conf | 2 +- docker-compose.yaml | 6 +----- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/conf.d/lbr-scheduler.conf b/conf.d/lbr-scheduler.conf index fa02120..3c32b83 100644 --- a/conf.d/lbr-scheduler.conf +++ b/conf.d/lbr-scheduler.conf @@ -12,7 +12,7 @@ server { ssl_certificate_key /etc/nginx/private/lbr-scheduler.psi.ch.key; location / { - proxy_pass http://legacy_scheduleit:80; + proxy_pass http://legacy-scheduleit:80; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/docker-compose.yaml b/docker-compose.yaml index ef1e6ef..e160e10 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -46,14 +46,10 @@ services: # image: gitea.psi.ch/images/php-apache:latest image: gitea.psi.ch/images/legacy_scheduleit:latest restart: always - container_name: legacy_scheduleit - ports: - - "80:80" + container_name: legacy-scheduleit volumes: - /opt/webcontent/lbr-scheduler/code:/var/www/lbr-scheduler:rw - /opt/webcontent/lbr-scheduler/apache/conf:/etc/apache2/sites-enabled:ro - - /etc/timezone:/etc/timezone:ro - # linux-eng@psi.ch # Test app From 1c9daca7c6df2529e427fe4a58d8e021e1691e65 Mon Sep 17 00:00:00 2001 From: ebner Date: Thu, 22 Jan 2026 16:05:18 +0100 Subject: [PATCH 43/55] add backend network --- docker-compose.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker-compose.yaml b/docker-compose.yaml index e160e10..732a37d 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -50,6 +50,8 @@ services: volumes: - /opt/webcontent/lbr-scheduler/code:/var/www/lbr-scheduler:rw - /opt/webcontent/lbr-scheduler/apache/conf:/etc/apache2/sites-enabled:ro + networks: + - backend # linux-eng@psi.ch # Test app From a89cdd3129b7d2e4dd1e4499d01c5e2f21fbfd14 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Fri, 23 Jan 2026 13:49:32 +0100 Subject: [PATCH 44/55] deploy niagadm Signed-off-by: Basil Bruhn --- apache/conf/niagadm.conf | 28 ++++++++++++++++++++++++++++ conf.d/niagadm.conf | 30 ++++++++++++++++++++++++++++++ docker-compose.yaml | 1 + 3 files changed, 59 insertions(+) create mode 100644 apache/conf/niagadm.conf create mode 100644 conf.d/niagadm.conf diff --git a/apache/conf/niagadm.conf b/apache/conf/niagadm.conf new file mode 100644 index 0000000..0797b18 --- /dev/null +++ b/apache/conf/niagadm.conf @@ -0,0 +1,28 @@ + + ServerName niagadm.psi.ch + DocumentRoot /var/www/niagadm + + # Allow CGI everywhere if needed + Options +ExecCGI + AddHandler cgi-script .pl .cgi .x .py + + + Options +ExecCGI + AllowOverride None + Require all granted + + + # Explicit CGI directories + ScriptAlias /cgi-bin/ /var/www/niagadm/cgi-bin/ + + Options +ExecCGI + Require all granted + + + ScriptAlias /cgibin/ /var/www/niagadm/cgibin/ + + Options +ExecCGI + Require all granted + + + diff --git a/conf.d/niagadm.conf b/conf.d/niagadm.conf new file mode 100644 index 0000000..505626c --- /dev/null +++ b/conf.d/niagadm.conf @@ -0,0 +1,30 @@ +server { + listen 80; + server_name niagadm.psi.ch; + + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl; + server_name niagadm.psi.ch; + + ssl_certificate /etc/nginx/certs/niagadm.psi.ch.crt; + ssl_certificate_key /etc/nginx/private/niagadm.psi.ch.key; + + access_log /var/log/nginx/niagadm.access.log; + error_log /var/log/nginx/niagadm.error.log; + + # Proxy EVERYTHING to the Apache container + location / { + proxy_pass http://apache_app:80; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # Important for CGI apps + proxy_buffering off; + } +} + diff --git a/docker-compose.yaml b/docker-compose.yaml index 732a37d..5df878b 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -37,6 +37,7 @@ services: - /opt/webcontent/fluid-eos:/var/www/fluid-eos:rw - /opt/webcontent/sls2:/var/www/sls2:rw - /opt/webcontent/megwiki:/var/www/megwiki:rw + - /opt/webcontent/niagadm:/var/www/niagadm:rw - /mount/srem/webhosting:/var/www/srem:rw - ./apache/conf:/etc/apache2/sites-enabled:ro networks: From b281e3a01bda0ab9cdc44aa7b0446442876b977d Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Mon, 26 Jan 2026 13:33:51 +0100 Subject: [PATCH 45/55] KGS document router deployment Signed-off-by: Basil Bruhn --- conf.d/sapdocrouter-test.conf | 21 ++++++++++++++++++++ conf.d/sapdocrouter.conf | 21 ++++++++++++++++++++ docker-compose.yaml | 36 +++++++++++++++++++++++++++++++++++ 3 files changed, 78 insertions(+) create mode 100644 conf.d/sapdocrouter-test.conf create mode 100644 conf.d/sapdocrouter.conf diff --git a/conf.d/sapdocrouter-test.conf b/conf.d/sapdocrouter-test.conf new file mode 100644 index 0000000..5233f5c --- /dev/null +++ b/conf.d/sapdocrouter-test.conf @@ -0,0 +1,21 @@ +server { + listen 80; + server_name sapdocrouter-test.psi.ch; + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl; + server_name sapdocrouter-test.psi.ch; + + ssl_certificate /etc/nginx/certs/sapdocrouter-test.psi.ch.crt; + ssl_certificate_key /etc/nginx/private/sapdocrouter-test.psi.ch.key; + + location / { + proxy_pass http://tiadocrouter-test:8080; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} diff --git a/conf.d/sapdocrouter.conf b/conf.d/sapdocrouter.conf new file mode 100644 index 0000000..346adda --- /dev/null +++ b/conf.d/sapdocrouter.conf @@ -0,0 +1,21 @@ +server { + listen 80; + server_name sapdocrouter.psi.ch; + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl; + server_name sapdocrouter.psi.ch; + + ssl_certificate /etc/nginx/certs/sapdocrouter.psi.ch.crt; + ssl_certificate_key /etc/nginx/private/sapdocrouter.psi.ch.key; + + location / { + proxy_pass http://tiadocrouter-prod:8080; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} diff --git a/docker-compose.yaml b/docker-compose.yaml index 5df878b..129ae68 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -335,6 +335,42 @@ services: networks: - backend + # michael.schmidt@psi.ch + # SAP Document Router von der Firma KGS supportabteilung@kgs-software.com + documentrouter-prod: + container_name: tiadocrouter-prod + image: images.docker.kgs-cloud.de/tia-documentrouter/tia-documentrouter:5.1.3 + volumes: + - /opt/webcontent/tiadocrouter-prod/work:/application/work + - /opt/webcontent/tiadocrouter-prod/lib:/application/lib + - /opt/webcontent/tiadocrouter-prod/config:/application/config +# - :/application/dr-instance-01-input + environment: + LOGGING_LEVEL_ROOT: INFO + # Authentifizierung für WebUI + WEBAPP_SECURITY_AUTH_BASIC_USERNAME: psiadmin + WEBAPP_SECURITY_AUTH_BASIC_PASSWORD: "$$2y$$10$$LA.TjBKRIDM/c6AJ86BZ/elpa9InzVbzqzLsyfc1Wt7h3S3N8MUPm" + networks: + - backend + + # michael.schmidt@psi.ch + # SAP Document Router von der Firma KGS supportabteilung@kgs-software.com + documentrouter-test: + container_name: tiadocrouter-test + image: images.docker.kgs-cloud.de/tia-documentrouter/tia-documentrouter:5.1.3 + volumes: + - /opt/webcontent/tiadocrouter-test/work:/application/work + - /opt/webcontent/tiadocrouter-test/lib:/application/lib + - /opt/webcontent/tiadocrouter-test/config:/application/config +# - :/application/dr-instance-01-input + environment: + LOGGING_LEVEL_ROOT: INFO + # Authentifizierung für WebUI + WEBAPP_SECURITY_AUTH_BASIC_USERNAME: psiadmin + WEBAPP_SECURITY_AUTH_BASIC_PASSWORD: "$$2y$$10$$LA.TjBKRIDM/c6AJ86BZ/elpa9InzVbzqzLsyfc1Wt7h3S3N8MUPm" + networks: + - backend + # Lange Clemens # summer-project-selection.psi.ch summer-project-selection: From 735b8ea0dadefb6862b220bbe60b336769393931 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Mon, 26 Jan 2026 13:44:35 +0100 Subject: [PATCH 46/55] always restart container Signed-off-by: Basil Bruhn --- docker-compose.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker-compose.yaml b/docker-compose.yaml index 129ae68..3cbd4d7 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -340,6 +340,7 @@ services: documentrouter-prod: container_name: tiadocrouter-prod image: images.docker.kgs-cloud.de/tia-documentrouter/tia-documentrouter:5.1.3 + restart: always volumes: - /opt/webcontent/tiadocrouter-prod/work:/application/work - /opt/webcontent/tiadocrouter-prod/lib:/application/lib @@ -358,6 +359,7 @@ services: documentrouter-test: container_name: tiadocrouter-test image: images.docker.kgs-cloud.de/tia-documentrouter/tia-documentrouter:5.1.3 + restart: always volumes: - /opt/webcontent/tiadocrouter-test/work:/application/work - /opt/webcontent/tiadocrouter-test/lib:/application/lib From baaaee4199c5f55d1a74292fd92b6f1d2f70551f Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Mon, 26 Jan 2026 13:46:52 +0100 Subject: [PATCH 47/55] wrong registry URL in documentation Signed-off-by: Basil Bruhn --- docker-compose.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index 3cbd4d7..8a8e32b 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -339,7 +339,7 @@ services: # SAP Document Router von der Firma KGS supportabteilung@kgs-software.com documentrouter-prod: container_name: tiadocrouter-prod - image: images.docker.kgs-cloud.de/tia-documentrouter/tia-documentrouter:5.1.3 + image: images.kgs-cloud.de/tia-documentrouter/tia-documentrouter:5.1.3 restart: always volumes: - /opt/webcontent/tiadocrouter-prod/work:/application/work @@ -358,7 +358,7 @@ services: # SAP Document Router von der Firma KGS supportabteilung@kgs-software.com documentrouter-test: container_name: tiadocrouter-test - image: images.docker.kgs-cloud.de/tia-documentrouter/tia-documentrouter:5.1.3 + image: images.kgs-cloud.de/tia-documentrouter/tia-documentrouter:5.1.3 restart: always volumes: - /opt/webcontent/tiadocrouter-test/work:/application/work From 44bf788ec2e7646ed88815a5bb1625a6bf977a07 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 27 Jan 2026 09:11:20 +0100 Subject: [PATCH 48/55] folder location Signed-off-by: Basil Bruhn --- apache/conf/cas-status-test.conf | 2 +- docker-compose.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apache/conf/cas-status-test.conf b/apache/conf/cas-status-test.conf index 54ddfcc..90e83b8 100644 --- a/apache/conf/cas-status-test.conf +++ b/apache/conf/cas-status-test.conf @@ -1,6 +1,6 @@ ServerName cas-status-test.psi.ch - DocumentRoot /var/www/cas_status/web + DocumentRoot /var/www/cas-status/web ErrorLog /proc/self/fd/2 CustomLog /proc/self/fd/1 combined diff --git a/docker-compose.yaml b/docker-compose.yaml index 8a8e32b..9ffc232 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -33,7 +33,7 @@ services: restart: always volumes: - /opt/webcontent/rfmwtools:/var/www/rfmwtools:ro - - /opt/webcontent/cas_status:/var/www/cas_status:rw + - /opt/webcontent/cas-status:/var/www/cas-status:rw - /opt/webcontent/fluid-eos:/var/www/fluid-eos:rw - /opt/webcontent/sls2:/var/www/sls2:rw - /opt/webcontent/megwiki:/var/www/megwiki:rw From cd4ed024df377581a50183cf51ecf29cf015be35 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 27 Jan 2026 09:14:36 +0100 Subject: [PATCH 49/55] location in apache config Signed-off-by: Basil Bruhn --- apache/conf/cas-status-test.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apache/conf/cas-status-test.conf b/apache/conf/cas-status-test.conf index 90e83b8..eb88673 100644 --- a/apache/conf/cas-status-test.conf +++ b/apache/conf/cas-status-test.conf @@ -16,7 +16,7 @@ php_admin_value session.save_path /var/www/clients/client45/web70/tmp php_admin_value open_basedir /var/www/clients/client45/web70/web:/var/www/clients/client45/web70/private:/var/www/clients/client45/web70/tmp:/var/www/cas_status/web:/tmp:/usr/share/php:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/var/www/error/ - + Options +FollowSymLinks +Includes AllowOverride All Require all granted From 0c90f9933604267cafd8a7f298ee381bf902e083 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 27 Jan 2026 09:15:47 +0100 Subject: [PATCH 50/55] again Signed-off-by: Basil Bruhn --- apache/conf/cas-status-test.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apache/conf/cas-status-test.conf b/apache/conf/cas-status-test.conf index eb88673..2c3a670 100644 --- a/apache/conf/cas-status-test.conf +++ b/apache/conf/cas-status-test.conf @@ -14,7 +14,7 @@ php_admin_value upload_tmp_dir /var/www/clients/client45/web70/tmp php_admin_value session.save_path /var/www/clients/client45/web70/tmp - php_admin_value open_basedir /var/www/clients/client45/web70/web:/var/www/clients/client45/web70/private:/var/www/clients/client45/web70/tmp:/var/www/cas_status/web:/tmp:/usr/share/php:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/var/www/error/ + php_admin_value open_basedir /var/www/clients/client45/web70/web:/var/www/clients/client45/web70/private:/var/www/clients/client45/web70/tmp:/var/www/cas-status/web:/tmp:/usr/share/php:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/var/www/error/ Options +FollowSymLinks +Includes From f2e9e712c544405564f26c344e23af4eeae035ef Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 27 Jan 2026 14:14:45 +0100 Subject: [PATCH 51/55] add tomcat wiki to webhosting to test INC0159147 Signed-off-by: Basil Bruhn --- conf.d/tomcatwiki-test.conf | 21 +++++++++++++++++++++ docker-compose.yaml | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+) create mode 100644 conf.d/tomcatwiki-test.conf diff --git a/conf.d/tomcatwiki-test.conf b/conf.d/tomcatwiki-test.conf new file mode 100644 index 0000000..109e215 --- /dev/null +++ b/conf.d/tomcatwiki-test.conf @@ -0,0 +1,21 @@ +server { + listen 80; + server_name tomcatwiki-test.psi.ch; + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl; + server_name tomcatwiki-test.psi.ch; + + ssl_certificate /etc/nginx/certs/tomcatwiki-test.psi.ch.crt; + ssl_certificate_key /etc/nginx/private/tomcatwiki-test.psi.ch.key; + + location / { + proxy_pass http://tomcatwiki:3000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} diff --git a/docker-compose.yaml b/docker-compose.yaml index 9ffc232..72dc854 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -385,10 +385,43 @@ services: networks: - backend + # Tomcat Beamline Wiki INC0159147 tomcatwiki.psi.ch + # goran.lovric@psi.ch + tomcatwikidb: + image: postgres:15-alpine + container_name: tomcatwiki_db + restart: always + environment: + - POSTGRES_DB=wiki + - POSTGRES_PASSWORD=${TOMCATWIKI_DB_SECRET} + - POSTGRES_USER= wikijs + volumes: + - /opt/webcontent/tomcatwiki/db-data:/var/lib/postgresql/data + networks: + - tomcatwiki_backend + + tomcatwiki: + image: ghcr.io/requarks/wiki:2 + container_name: tomcatwiki + restart: always + depends_on: + - tomcatwikidb + environment: + - DB_TYPE=postgres + - DB_HOST=tomcatwikidb + - DB_PORT=5432 + - DB_USER=wikijs + - DB_PASS=${TOMCATWIKI_DB_SECRET} + - DB_NAME=wiki + networks: + - tomcatwiki_backend + - backend + networks: public: backend: hedgedoc_backend: it_strategy_dashboard_backend: panda_maintenance_backend: + tomcatwiki_backend: From 87b3d2a9e0b9ccf8f1944ace4c45207aacf794aa Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 27 Jan 2026 14:28:30 +0100 Subject: [PATCH 52/55] leading space in db username Signed-off-by: Basil Bruhn --- docker-compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index 72dc854..4c13f07 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -394,7 +394,7 @@ services: environment: - POSTGRES_DB=wiki - POSTGRES_PASSWORD=${TOMCATWIKI_DB_SECRET} - - POSTGRES_USER= wikijs + - POSTGRES_USER=wikijs volumes: - /opt/webcontent/tomcatwiki/db-data:/var/lib/postgresql/data networks: From d5157c1fe9de75a4c4da9373792b8f26290731f3 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 27 Jan 2026 14:35:36 +0100 Subject: [PATCH 53/55] rename user to wiki due to it being named like that in the backup dump Signed-off-by: Basil Bruhn --- docker-compose.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index 4c13f07..c0861ed 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -394,7 +394,7 @@ services: environment: - POSTGRES_DB=wiki - POSTGRES_PASSWORD=${TOMCATWIKI_DB_SECRET} - - POSTGRES_USER=wikijs + - POSTGRES_USER=wiki volumes: - /opt/webcontent/tomcatwiki/db-data:/var/lib/postgresql/data networks: @@ -410,7 +410,7 @@ services: - DB_TYPE=postgres - DB_HOST=tomcatwikidb - DB_PORT=5432 - - DB_USER=wikijs + - DB_USER=wiki - DB_PASS=${TOMCATWIKI_DB_SECRET} - DB_NAME=wiki networks: From 867acacec4bf8f4efac988d90101e5a1b1b52d6f Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 27 Jan 2026 15:45:52 +0100 Subject: [PATCH 54/55] deploy omny test Signed-off-by: Basil Bruhn --- apache/conf/omny.conf | 11 +++++++++++ conf.d/omny.conf | 25 +++++++++++++++++++++++++ docker-compose.yaml | 1 + 3 files changed, 37 insertions(+) create mode 100644 apache/conf/omny.conf create mode 100644 conf.d/omny.conf diff --git a/apache/conf/omny.conf b/apache/conf/omny.conf new file mode 100644 index 0000000..284416c --- /dev/null +++ b/apache/conf/omny.conf @@ -0,0 +1,11 @@ + + ServerName omny-test.psi.ch + DocumentRoot /var/www/omny + + + Options +ExecCGI + AllowOverride None + Require all granted + + + diff --git a/conf.d/omny.conf b/conf.d/omny.conf new file mode 100644 index 0000000..657b76e --- /dev/null +++ b/conf.d/omny.conf @@ -0,0 +1,25 @@ +# omny-test conf for nginx + +server { + listen 80; + server_name omny-test.psi.ch; + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl; + server_name omny-test.psi.ch; + + ssl_certificate /etc/nginx/certs/omny-test.psi.ch.crt; + ssl_certificate_key /etc/nginx/private/omny-test.psi.ch.key; + + location / { + proxy_pass http://apache_app:80; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Cookie $http_cookie; + proxy_set_header Authorization $http_authorization; + } +} diff --git a/docker-compose.yaml b/docker-compose.yaml index c0861ed..a0ba404 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -38,6 +38,7 @@ services: - /opt/webcontent/sls2:/var/www/sls2:rw - /opt/webcontent/megwiki:/var/www/megwiki:rw - /opt/webcontent/niagadm:/var/www/niagadm:rw + - /opt/webcontent/omny:/var/www/omny:rw - /mount/srem/webhosting:/var/www/srem:rw - ./apache/conf:/etc/apache2/sites-enabled:ro networks: From d386cf9725f4fbc8f458ab9eb9d9fe5df1b9fcf2 Mon Sep 17 00:00:00 2001 From: Basil Bruhn Date: Tue, 27 Jan 2026 16:25:36 +0100 Subject: [PATCH 55/55] rename to tomcatwiki WE GO LIVE BABY Signed-off-by: Basil Bruhn --- conf.d/{tomcatwiki-test.conf => tomcatwiki.conf} | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) rename conf.d/{tomcatwiki-test.conf => tomcatwiki.conf} (63%) diff --git a/conf.d/tomcatwiki-test.conf b/conf.d/tomcatwiki.conf similarity index 63% rename from conf.d/tomcatwiki-test.conf rename to conf.d/tomcatwiki.conf index 109e215..f7a7ec6 100644 --- a/conf.d/tomcatwiki-test.conf +++ b/conf.d/tomcatwiki.conf @@ -1,15 +1,15 @@ server { listen 80; - server_name tomcatwiki-test.psi.ch; + server_name tomcatwiki.psi.ch; return 301 https://$host$request_uri; } server { listen 443 ssl; - server_name tomcatwiki-test.psi.ch; + server_name tomcatwiki.psi.ch; - ssl_certificate /etc/nginx/certs/tomcatwiki-test.psi.ch.crt; - ssl_certificate_key /etc/nginx/private/tomcatwiki-test.psi.ch.key; + ssl_certificate /etc/nginx/certs/tomcatwiki.psi.ch.crt; + ssl_certificate_key /etc/nginx/private/tomcatwiki.psi.ch.key; location / { proxy_pass http://tomcatwiki:3000;