The "demo" compose file describes an early system meant to demonstrate some new technologies and services in PASS. In its current state, several services rely on local images not yet published.
Docker compose works as normal, but for the demo you need to specify both correct yml file and env file:
docker-compose -f demo.yml --env-file .demo_env up -d./demo.sh is a convenience script that runs docker-compose with the right compose and environment files. The following will do the same as above:
./demo.sh up -dIf you want to tail the proxy logs, for example, run ./demo.sh logs -f proxy
Setting up an alias would perform the same function.
Repository: https://github.com/jaredgalanis/pass-auth Package: https://github.com/orgs/eclipse-pass/packages/container/package/pass-auth
Currently configured to serve as a drop-in replacement of the old sp image. It provides authorization mechanisms to secure routes. Because of this, it also acts as a reverse proxy, ensuring the configured routes are protected appropriately.
Node based authentication service that currently integrates SAML authentication workflow in the demo environment.
Environment variables:
PASS_CORE_API_URL=http://pass-core:8080/PASS_CORE_NAMESPACE=data/PASS_UI_URL=http://pass-ui:81/PASSPORT_STRATEGY="multiSaml"NODE_ENV="development"AUTH_PORT=3000AUTH_LOGIN="/login/:idpId"AUTH_LOGIN_SUCCESS=/app/auth-callbackAUTH_LOGIN_FAILURE=/AUTH_LOGOUT=/logoutAUTH_LOGOUT_REDIRECT=/FORCE_AUTHN=trueSIGNING_CERT_IDP="..."SAML_ENTRY_POINT="https://pass.local/idp/profile/SAML2/Redirect/SSO": absolute URL must change for different environmentsSAML_ISSUER="https://sp.pass/shibboleth"ACS_URL="/Shibboleth.sso/SAML2/POST/:idpId"METADATA_URL="/metadata/:idpId"IDENTIFIER_FORMAT=""SESSION_SECRET="..."
The following are absolute URLs on a docker compose private network, should not need to change in other environments
FCREPO_URL="http://fcrepo:8080"USER_SERVICE_URL="http://fcrepo:8080"ELASTIC_SEARCH_URL="http://elasticsearch:9200/pass/_search"SCHEMA_SERVICE_URL="http://schemaservice:8086"POLICY_SERVICE_URL="http://policyservice:8088"DOI_SERVICE_URL="http://doiservice:8080/"DOWNLOAD_SERVICE_URL="http://downloadservice:6502"
Repository: https://github.com/eclipse-pass/pass-core Package: https://github.com/orgs/eclipse-pass/packages/container/package/pass-core-main
Presents a JSON:API window to the backend from behind the authentication layer. Swagger is not yet hooked up so is unreachable. Provides data and web APIs to the application.
Environment variables:
PASS_CORE_BASE_URL=https://pass.local: Used when generating JSON API relationship links. Needs to be absolute and must change to match deployment environmentPASS_CORE_POSTGRES_PORT=5432PASS_CORE_API_PORT=8080POSTGRES_USER=postgresPOSTGRES_PASSWORD=postgresJDBC_DATABASE_URL=jdbc:postgresql://postgres:5432/passJDBC_DATABASE_USERNAME=passJDBC_DATABASE_PASSWORD=moo
Pretty much an out-of-the-box PostgreSQL server. Only interacts with the pass-core service.
Repository: built out of this project Package: https://github.com/orgs/eclipse-pass/packages/container/package/proxy
Custom Apache server, copied from the previous non-demo environments top level proxy. Has a self-signed cert for pseudo "https" support. We should consider removing this in favor of simply exposing the auth service, since this proxy basically just forwards everything to auth anyway. This would require a more production-ready and robust auth service that handles https correctly and is easier to configure.
Repository: https://github.com/eclipse-pass/pass-ui Package: https://github.com/orgs/eclipse-pass/packages/container/package/pass-ui
User interface for the PASS application. Currently does not handle environment variables nicely - they are baked into images at build time due. The environment variables in the demo environment should not need to be adjusted between different deployment environments.
Environment variables:
PASS_UI_PORT=81PASS_API_NAMESPACE=dataPASS_UI_GIT_REPO=https://github.com/eclipse-pass/pass-uiPASS_UI_GIT_BRANCH=mainPASS_UI_ROOT_URL=/appSTATIC_CONFIG_URL=/app/config.jsonDOI_SERVICE_URL=/doiservice/journalMANUSCRIPT_SERVICE_LOOKUP_URL=/downloadservice/lookupMANUSCRIPT_SERVICE_DOWNLOAD_URL=/downloadservice/downloadPOLICY_SERVICE_POLICY_ENDPOINT=/policyservice/policiesPOLICY_SERVICE_REPOSITORY_ENDPOINT=/policyservice/repositoriesSCHEMA_SERVICE_URL=/schemaserviceUSER_SERVICE_URL=/pass-user-service/whoami
A bootstrap service that will dump a small set of testing data through the Elide endpoints. This will occur when the loader container starts up and shuts down when done. The service is currently too dumb to wait for pass-core to initialize the Postgres database and will run as soon as the postgres and pass-core services are started, so will fail its initial run. If you run the loader after the DB has been initialized properly, the data will be added through the JSON API based web API. It currently does this through the private back network, so avoids authentication issues.
This service should be removed or otherwise not be used when the "real" test assets is available.
Environment variables:
LOADER_API_HOST=http://pass-coreLOADER_API_PORT=8080LOADER_API_NAMESPACE=data
Other related images that work together with pass-auth to handle authentication. Based on services of the same name in the older docker-compose environment.
Environment variables:
MAIL_SMTP=11025MAIL_IMAPS=11993MAIL_MSP=11587OVERRIDE_HOSTNAME=mail.jhu.eduENABLE_SPAMASSASSIN=0ENABLE_CLAMAV=0ENABLE_FAIL2BAN=0ENABLE_POSTGREY=0SMTP_ONLY=0ONE_DIR=1DMS_DEBUG=0ENABLE_LDAP=1TLS_LEVEL=intermediateLDAP_SERVER_HOST=ldapLDAP_SEARCH_BASE=ou=People,dc=passLDAP_BIND_DN=cn=admin,dc=passLDAP_BIND_PW=passwordLDAP_QUERY_FILTER_USER=(&(objectClass=posixAccount)(mail=%s))LDAP_QUERY_FILTER_GROUP=(&(objectClass=posixAccount)(mailGroupMember=%s))LDAP_QUERY_FILTER_ALIAS=(&(objectClass=posixAccount)(mailAlias=%s))LDAP_QUERY_FILTER_DOMAIN=(|(mail=*@%s)(mailalias=*@%s)(mailGroupMember=*@%s))ENABLE_SASLAUTHD=0POSTMASTER_ADDRESS=rootSSL_TYPE=manualSSL_CERT_PATH=/tmp/docker-mailserver/cert.pemSSL_KEY_PATH=/tmp/docker-mailserver/key.rsa