feat: migrate to new dnpm:dip node

[Threated]

The files under ccp/ are only copies of the files under minimal/.

I removed the /api path from traefik as it was conflicting with dnpms backend path.
I have never seen anyone of us actually use the traefik frontend but I think /dashboard is a better name anyway but if we want to keep it that way we might be able to do a bit of traefik path rewriting to make it work without this change.

Maybe we can even backport this to the dnpm-extra-broker branch?

[patrickskowronekdkfz]

I removed the /api path from traefik as it was conflicting with dnpms backend path. I have never seen anyone of us actually use the traefik frontend but I think /dashboard is a better name anyway but if we want to keep it that way we might be able to do a bit of traefik path rewriting to make it work without this change.

This is an old relic, I used it to debug traffic ages ago. I think we should have removed that long ago.

[TKussel]

Can we mount that to a folder instead of a volume? Docker volumes are always forgotten

[Threated]

I guess we could mount it to where it was before which is this DNPM_DATA_DIR path that was usually in /etc/bridgehead/dnpm somewhere but I am not a huge fan of that location. Not sure what data is actually stored there if its patient data I would not necessarily store it under /tmp/bridgehead or /var/cache/bridgehead

[TKussel]

/var/cache/ is not persistant enough for this kind of data, as it can't be reconstructed in case of a cache clearing. Obviously, /etc/bridgehead/... is a bad solution that was only used to use an already established path. I would propose to create a /var/bridgehead/ directory @lablans @torbrenner ?

[TKussel]

Can we mount that to a folder instead of a volume? Docker volumes are always forgotten

[Threated]

I mean I tend to say that random docker volume paths are also often forgotten but yeah lets keep it in the spirit of the bridgehead and map it somewhere. /var/cache/bridgehead/dnpm/mysql?

[TKussel]

If I see that correcly, there is still no way to expose the dnpm portal under a non-root path? Currently, it collides with the bridgehead landing page why I included all that override stuff in the dnpm-setup.sh logic.

[Threated]

Well I guess we might be able to make it work under a different path with some traefik magic.

[TKussel]

I'm not convinced, as we would need to adapt all the links and calls of the frontend as well.

[Threated]

But as you can see here the frontend actually lets you configure the public api url and the public auth url and for the calls to the frontend itself we could redirect those with traefiks StripPrefix middlewares I think. But of course we dont have to I just think it would be possible. If we want to actually do it I can try to figure something out

[TKussel]

Why does this have persistance as well? Again, maybe bind to a directory

[Threated]

Yeah I was also surprised by all the docker volumes. I just copied them as is to make it work quickly. This is the dnpm-backend tho which does contain patient data so we might want to have it in a docker volume as with blaze

[TKussel]

I assume whe have to expose the ETL endpoints as well. I forwarded you the configuration on the 5th of november.

[Threated]

Hm looking into the mail it seems they made it work with the old bwhc backend. There the endpoint was under /bwhc which now seems to be /api in most cases so they might be able to ask for <BK_URL>/api/etl which would work with this traefik rule?

[TKussel]

I was hoping to clamp the ETL-API acces more down by enforcing at least a basic auth. But I have to study the DNPM:DIP API description to give an answer.