diff --git a/docker/conf.allow b/docker/conf.allow new file mode 100644 index 000000000..971d212a3 --- /dev/null +++ b/docker/conf.allow @@ -0,0 +1,8 @@ +rule.libms.action=allow +rule.libms.rule=PathPrefix(`/lib`) + +rule.onlyu1.action=allow +rule.onlyu1.rule=PathPrefix(`/user1`) + +rule.onlyu2.action=allow +rule.onlyu2.rule=PathPrefix(`/user2`) \ No newline at end of file diff --git a/docker/conf.auth b/docker/conf.auth new file mode 100644 index 000000000..32add3506 --- /dev/null +++ b/docker/conf.auth @@ -0,0 +1,10 @@ +rule.libms.action=auth +rule.libms.rule=PathPrefix(`/lib`) + +rule.onlyu1.action=auth +rule.onlyu1.rule=PathPrefix(`/user1`) +rule.onlyu1.whitelist = user1@emailservice.com + +rule.onlyu2.action=auth +rule.onlyu2.rule=PathPrefix(`/user2`) +rule.onlyu2.whitelist = user2@emailservice.com \ No newline at end of file diff --git a/servers/config/gateway/README.md b/servers/config/gateway/README.md deleted file mode 100644 index 204e61a5a..000000000 --- a/servers/config/gateway/README.md +++ /dev/null @@ -1,64 +0,0 @@ -# The gateway server - -Run the Traefik gateway server in HTTP mode to experience the DTaaS application. -HTTPS mode is disabled for now. - -## The background services - -The gateway requires background services to serve the URLs. These background -services must be running in order for the gateway to service user requests. -The default configuration uses two services at the following URLs: - -| Route / URL | Background Service | Service URL | -| :-------------- | :----------------- | :------------- | -| localhost | React Website | localhost:4000 | -| localhost/lib | Lib Microservice | localhost:4001 | -| localhost/user1 | ML Workspace | localhost:8090 | -| localhost/user2 | ML Workspace | localhost:8091 | -| | - -## Start the Gateway - -```bash -docker run -d \ - --name "traefik-gateway" \ - --network=host -v "$PWD/traefik.yml:/etc/traefik/traefik.yml" \ - -v "$PWD/auth:/etc/traefik/auth" \ - -v "$PWD/dynamic:/etc/traefik/dynamic" \ - -v /var/run/docker.sock:/var/run/docker.sock \ - --restart always \ - traefik:v2.10 -``` - -## Authorization - -The dummy username is `foo` and the password is `bar`. -Please change this before starting the gateway. - -```bash -rm auth -htpasswd -c auth -password: -``` - -The change in password becomes effective upon restart of **traefik-gateway** container. - -## Update Configuration - -The gateway serves routes specified in _dynamic/fileConfig.yml_ file. -The **traefik-gateway** gateway comes with ability to receive dynamic configuration. -You can update the configuration in this file to reflect your local setup. -See [Traefik help docs](https://doc.traefik.io/traefik/providers/file/) -for more information. - -The routes / URLs need to be updated for your local setup. -The current version of software only works for non-localhost -setting, i.e. URL other than the localhost. Here is an example, - -| Route / URL | Background Service | Service URL | -| :------------ | :----------------- | :------------- | -| foo.com | React Website | localhost:4000 | -| foo.com/lib | Lib Microservice | localhost:4001 | -| foo.com/user1 | ML Workspace | localhost:8090 | -| foo.com/user2 | ML Workspace | localhost:8091 | -| | diff --git a/servers/config/gateway/auth b/servers/config/gateway/auth deleted file mode 100644 index 2e468b945..000000000 --- a/servers/config/gateway/auth +++ /dev/null @@ -1 +0,0 @@ -foo:$apr1$fGdMVLcl$dMzJW.JF8Rn6Vzrf5uxaU/ diff --git a/servers/config/gateway/dynamic/fileConfig.docker.yml b/servers/config/gateway/dynamic/fileConfig.docker.yml deleted file mode 100644 index 359314a0b..000000000 --- a/servers/config/gateway/dynamic/fileConfig.docker.yml +++ /dev/null @@ -1,48 +0,0 @@ -http: - routers: - dtaas: - entryPoints: - - http - rule: 'Host(`localhost`)' - middlewares: - - basic-auth - service: dtaas - - user1: - entryPoints: - - http - rule: 'Host(`localhost`) && PathPrefix(`/user1`)' - middlewares: - - basic-auth - service: user1 - - libms: - entryPoints: - - http - rule: 'Host(`localhost`) && PathPrefix(`/lib`)' - service: libms - - - # Middleware: Basic authentication - middlewares: - basic-auth: - basicAuth: - usersFile: "/etc/traefik/auth" - removeHeader: true - - - services: - dtaas: - loadBalancer: - servers: - - url: "http://client:4000" - - user1: - loadBalancer: - servers: - - url: "http://ml-workspace-user1:8080" - - libms: - loadBalancer: - servers: - - url: "http://libms:4001" \ No newline at end of file diff --git a/servers/config/gateway/dynamic/fileConfig.yml b/servers/config/gateway/dynamic/fileConfig.yml deleted file mode 100644 index 86c2d0ba7..000000000 --- a/servers/config/gateway/dynamic/fileConfig.yml +++ /dev/null @@ -1,61 +0,0 @@ -http: - routers: - dtaas: - entryPoints: - - http - rule: 'Host(`localhost`)' - middlewares: - - basic-auth - service: dtaas - - user1: - entryPoints: - - http - rule: 'Host(`localhost`) && PathPrefix(`/user1`)' - middlewares: - - basic-auth - service: user1 - - user2: - entryPoints: - - http - rule: 'Host(`localhost`) && PathPrefix(`/user2`)' - middlewares: - - basic-auth - service: user2 - - libms: - entryPoints: - - http - rule: 'Host(`localhost`) && PathPrefix(`/lib`)' - service: libms - - - # Middleware: Basic authentication - middlewares: - basic-auth: - basicAuth: - usersFile: "/etc/traefik/auth" - removeHeader: true - - - services: - dtaas: - loadBalancer: - servers: - - url: "http://localhost:4000" - - user1: - loadBalancer: - servers: - - url: "http://localhost:8090" - - user2: - loadBalancer: - servers: - - url: "http://localhost:8091" - - libms: - loadBalancer: - servers: - - url: "http://localhost:4001" \ No newline at end of file diff --git a/servers/config/gateway/traefik.yml b/servers/config/gateway/traefik.yml deleted file mode 100644 index 4f79c1d6f..000000000 --- a/servers/config/gateway/traefik.yml +++ /dev/null @@ -1,20 +0,0 @@ -entryPoints: - http: - address: :80 - -providers: - providersThrottleDuration: 2s - - # File provider for connecting things that are outside of docker / defining middleware - file: - filename: /etc/traefik/dynamic/fileConfig.yml - watch: true - -# Enable traefik ui -#dapi: -# dashboard: true -# insecure: true - -# Log level INFO|DEBUG|ERROR -log: - level: DEBUG