feat: ACME settings should be attached to Traefik (close #177) [skip …

…build] chore: updated gateway template to use MapCache
kalisio · Oct 1, 2020 · 3b5e599 · 3b5e599
1 parent f40b6f0
commit 3b5e599
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 12 deletions.
diff --git a/.env.default b/.env.default
@@ -137,6 +137,7 @@ SEEDER_MAPPROXY_CONFIG_PATH=/home/ubuntu/kargo/.kargo/configs/mapproxy
 # Traefik
 TRAEFIK_IMAGE=traefik
 TRAEFIK_TAG=1.7-alpine
+TRAEFIK_ACME_SERVER=https://acme-v02.api.letsencrypt.org/directory
 TRAEFIK_REPLICAS=1
 
 # Teleray

diff --git a/configs/express-gateway/gateway.config.yml.tpl b/configs/express-gateway/gateway.config.yml.tpl
@@ -39,11 +39,11 @@ serviceEndpoints:
   admin: 
     url: 'http://localhost:9876'
   wms:
-    url: 'http://mapproxy:80/service'
+    url: 'http://mapcache:80/mapcache'
   wmts:
-    url: 'http://mapproxy:80/wmts'    
+    url: 'http://mapcache:80/mapcache/wmts/1.0.0'    
   tms:
-    url: 'http://mapcache:80/tms/1.0.0'
+    url: 'http://mapcache:80/mapcache/tms/1.0.0'
   wfs:
     url: 'http://mapserver:80/cgi-bin/wfs'
   wcs:
@@ -97,12 +97,7 @@ pipelines:
               secretOrPublicKey: ${EXPRESS_GATEWAY_KEY_SECRET}
               checkCredentialExistence: true            
               audience: ${SUBDOMAIN}
-      - scopes:
-      - request-transformer:
-          - action:
-              headers:
-                add:
-                  X-Script-Name: "'/wms'"      
+      - scopes:     
       - proxy:
           - action:
               serviceEndpoint: wms 

diff --git a/deploy/traefik.yml b/deploy/traefik.yml
@@ -3,7 +3,7 @@ version: '3.5'
 services: 
   traefik:
     image: ${TRAEFIK_IMAGE}:${TRAEFIK_TAG}
-    command: --api --acme.email=${CONTACT} --acme.caServer=${CA_SERVER}
+    command: --api --acme.email=${TRAEFIK_ACME_EMAIL} --acme.caServer=${TRAEFIK_ACME_SERVER}
     volumes:
       - ./../configs/traefik/traefik.toml:/traefik.toml    
       - ./../logs:/logs
@@ -40,12 +40,13 @@ services:
       restart_policy:
         condition: on-failure
     networks:
-      - kargo-network
       - docker-socket-proxy-network
+      - kargo-network
 
 networks:
+  docker-socket-proxy-network:
   kargo-network:
     name: ${DOCKER_NETWORK}
     external: true
-  docker-socket-proxy-network:
+
 
diff --git a/docs/reference/environment.md b/docs/reference/environment.md
@@ -10,6 +10,7 @@ sidebarDepth: 3
 | --- | --- | --- | 
 | `DOMAIN` | The domain where to access the services. It should be similar to `kalisio.xyz`. | - |
 | `SUBDOMAIN` | The subdomain where to access the service. It should be similar to `kargo.kalisio.xyz`. | - |
+| `CONTACT` | The common email address to be used. | - |
 | `AUTH_USER` | The authentication identity to access the services. | - |
 | `AUTH_PASSWORD` | The authentication password to access the services. It can be encoded in **MD5**, **SHA1** and **BCrypt**: you can use [htpasswd](http://www.htaccesstools.com/htpasswd-generator/) to generate it. | - |
 | `SECRET` | The secret key to generate JWT. It is mainly used by **Kano**, **Weacast** and **express-gateway** to validate authentication tokens. | - |
@@ -248,6 +249,8 @@ The **MapProxy** service is preconfigured to run [Gunicorn](https://gunicorn.org
 | --- | --- | --- |
 | `TRAEFIK_IMAGE` | The image to be used. | `traefik` |
 | `TRAEFIK_TAG` | The version to be used. | `1.7-alpine` |
+| `TRAEFIK_ACME_SERVER` | The url of the **Let's Encrypt** ACME CA server. | `https://acme-v02.api.letsencrypt.org/directory` |
+| `TRAEFIK_ACME_EMAIL` | The email address to be used by **Let's Encrypt** ACME server. | `$CONTACT` |
 | `TRAEFIK_REPLICAS` | The number of replicas. | `1` |
 
 ### TileServer GL