Updates

YuryHrytsuk · YuryHrytsuk · commit 9e734f2628df · 2024-10-22T15:00:21.000+02:00
diff --git a/services/traefik/docker-compose.yml.j2 b/services/traefik/docker-compose.yml.j2
@@ -132,7 +132,11 @@ services:
         - traefik.http.middlewares.ops_ratelimit.ratelimit.average=${TRAEFIK_RATELIMIT_AVG}
         - traefik.http.middlewares.ops_ratelimit.ratelimit.burst=${TRAEFIK_RATELIMIT_BURST}
         - traefik.http.middlewares.ops_ratelimit.ratelimit.sourcecriterion.ipstrategy.depth=1
-
+        # Platform user auth: Use this middleware to enforce only authenticated users
+        # https://doc.traefik.io/traefik/middlewares/http/forwardauth
+        - traefik.http.middlewares.authenticated_platform_user.forwardauth.address=http://${WEBSERVER_HOST}:${WEBSERVER_PORT}/v0/auth:check
+        - traefik.http.middlewares.authenticated_platform_user.forwardauth.trustForwardHeader=true
+        - traefik.http.middlewares.authenticated_platform_user.forwardauth.authResponseHeaders=Set-Cookie,osparc-sc2
     networks:
       public: null
       monitored: null
diff --git a/services/traefik/template.env b/services/traefik/template.env
@@ -34,3 +34,6 @@ OPS_TRAEFIK_LOGLEVEL=${OPS_TRAEFIK_LOGLEVEL}
 
 PUBLIC_NETWORK=${PUBLIC_NETWORK}
 MONITORED_NETWORK=${MONITORED_NETWORK}
+
+WEBSERVER_HOST=${WEBSERVER_HOST}
+WEBSERVER_PORT=${WEBSERVER_PORT}
diff --git a/services/vendors/docker-compose.yml b/services/vendors/docker-compose.yml
@@ -10,16 +10,11 @@ services:
       labels:
         - traefik.enable=true
         - traefik.docker.network=${PUBLIC_NETWORK}
-        # auth: https://doc.traefik.io/traefik/middlewares/http/forwardauth
-        - traefik.http.middlewares.vendor_manual_auth.forwardauth.address=http://${WEBSERVER_HOST}:${WEBSERVER_PORT}/v0/auth:check
-        - traefik.http.middlewares.vendor_manual_auth.forwardauth.trustForwardHeader=true
-        - traefik.http.middlewares.vendor_manual_auth.forwardauth.authResponseHeaders=Set-Cookie,osparc-sc2
-        # routing
         - traefik.http.services.vendor_manual.loadbalancer.server.port=80
         - traefik.http.routers.vendor_manual.entrypoints=https
         - traefik.http.routers.vendor_manual.tls=true
         - traefik.http.routers.vendor_manual.rule=Host(`${VENDOR_MANUAL_DOMAIN}`)
-        - traefik.http.routers.vendor_manual.middlewares=ops_gzip@swarm, vendor_manual_auth
+        - traefik.http.routers.vendor_manual.middlewares=ops_gzip@swarm, authenticated_platform_user@swarm
     networks:
       - public
 
diff --git a/services/vendors/template.env b/services/vendors/template.env
@@ -2,5 +2,3 @@ VENDOR_MANUAL_IMAGE=${VENDOR_MANUAL_IMAGE}
 VENDOR_MANUAL_REPLICAS=${VENDOR_MANUAL_REPLICAS}
 VENDOR_MANUAL_DOMAIN=${VENDOR_MANUAL_DOMAIN}
 PUBLIC_NETWORK=${PUBLIC_NETWORK}
-WEBSERVER_HOST=${WEBSERVER_HOST}
-WEBSERVER_PORT=${WEBSERVER_PORT}
