From 56b70032ea71a7964b05543dbfe35fa0d7a4a4a9 Mon Sep 17 00:00:00 2001
From: Florian Necas <florian.necas@camptocamp.com>
Date: Thu, 13 Jun 2024 11:03:06 +0200
Subject: [PATCH 1/3] feat: Use gateway as default "proxy"

---
 .envs-rabbitmq              |  5 +++
 config                      |  2 +-
 docker-compose.override.yml | 30 +++++++-------
 docker-compose.yml          | 83 ++++++++++++++++++++-----------------
 4 files changed, 68 insertions(+), 52 deletions(-)
 create mode 100644 .envs-rabbitmq

diff --git a/.envs-rabbitmq b/.envs-rabbitmq
new file mode 100644
index 0000000..8e2fac0
--- /dev/null
+++ b/.envs-rabbitmq
@@ -0,0 +1,5 @@
+# envs-rabbitmq
+RABBITMQ_USERNAME=georchestra
+RABBITMQ_PASSWORD=georchestra
+# Only apply to applications consuming rabbitmq, doesn't change the port rabbitmq server running in Docker.
+RABBITMQ_PORT=5672
diff --git a/config b/config
index 7c70aaa..127388c 160000
--- a/config
+++ b/config
@@ -1 +1 @@
-Subproject commit 7c70aaa3bb03b443e336052b81705a0a67facf23
+Subproject commit 127388c9c4e14e30b104025877705951d70a8e01
diff --git a/docker-compose.override.yml b/docker-compose.override.yml
index e409bf5..3d9ca20 100644
--- a/docker-compose.override.yml
+++ b/docker-compose.override.yml
@@ -56,13 +56,13 @@ services:
       - "traefik.http.routers.static.rule=Host(`georchestra-127-0-1-1.traefik.me`)"
       - "traefik.http.routers.static.priority=1"
 
-  proxy:
+  gateway:
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.proxy.tls=true"
-      - "traefik.http.routers.proxy.priority=2"
+      - "traefik.http.routers.gateway.tls=true"
+      - "traefik.http.routers.gateway.priority=2"
       - >-
-        traefik.http.routers.proxy.rule=Host(`georchestra-127-0-1-1.traefik.me`) && (
+        traefik.http.routers.gateway.rule=Host(`georchestra-127-0-1-1.traefik.me`) && (
         PathPrefix(`/analytics`)
         || PathPrefix(`/datafeeder`)
         || PathPrefix(`/datahub`)
@@ -74,21 +74,22 @@ services:
         || PathPrefix(`/import`)
         || PathPrefix(`/login`)
         || PathPrefix(`/logout`)
+        || PathPrefix(`/oauth2`)
         || PathPrefix(`/mapstore`)
         || PathPrefix(`/ogc-api-records`)
         || PathPrefix(`/_static`)
         || PathPrefix(`/whoami`)
         || Query(`login=`)
         )
-      - "traefik.http.services.proxy.loadbalancer.server.port=8080"
+      - "traefik.http.services.gateway.loadbalancer.server.port=8080"
       # CORS related. Open everything to the world.
-      - "traefik.http.routers.proxy.middlewares=corsheader@docker"
+      - "traefik.http.routers.gateway.middlewares=corsheader@docker"
       - "traefik.http.middlewares.corsheader.headers.accesscontrolallowmethods=GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH"
       - "traefik.http.middlewares.corsheader.headers.accesscontrolalloworiginlist=*"
       - "traefik.http.middlewares.corsheader.headers.accesscontrolmaxage=1800"
       - "traefik.http.middlewares.corsheader.headers.addvaryheader=true"
       - "traefik.http.middlewares.corsheader.headers.accesscontrolallowcredentials=true"
-      - "traefik.http.routers.proxy.middlewares=corsheader@docker,static-errors-middleware@docker"
+      - "traefik.http.routers.gateway.middlewares=corsheader@docker,static-errors-middleware@docker"
       # handle downstream errors
       - "traefik.http.middlewares.static-errors-middleware.errors.status=500-599"
       - "traefik.http.middlewares.static-errors-middleware.errors.service=static-docker@docker"
@@ -110,15 +111,16 @@ services:
         )
       - "traefik.http.routers.traefik-redirect.priority=10"
       - "traefik.http.routers.traefik-redirect.middlewares=add-trailing-slash@docker"
-      - "traefik.http.middlewares.add-trailing-slash.redirectregex.regex=^https?://(.*)/(.+)"
-      - "traefik.http.middlewares.add-trailing-slash.redirectregex.replacement=https://$${1}/$${2}/"
+      - "traefik.http.middlewares.add-trailing-slash.redirectregex.regex=^https?://(.+)/([^?]+)(\\?.*)?"
+      - "traefik.http.middlewares.add-trailing-slash.redirectregex.replacement=https://$${1}/$${2}/$${3}"
       - "traefik.http.middlewares.add-trailing-slash.redirectregex.permanent=false"
 
-  cas:
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.cas.tls=true"
-      - "traefik.http.routers.cas.rule=Host(`georchestra-127-0-1-1.traefik.me`) && PathPrefix(`/cas`)"
+# uncomment for oauth 2.0
+#  cas:
+#    labels:
+#      - "traefik.enable=true"
+#      - "traefik.http.routers.cas.tls=true"
+#      - "traefik.http.routers.cas.rule=Host(`georchestra-127-0-1-1.traefik.me`) && PathPrefix(`/cas`)"
 
   smtp:
     image: camptocamp/smtp-sink:latest
diff --git a/docker-compose.yml b/docker-compose.yml
index 47d1cc6..6feaf6e 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -14,6 +14,7 @@ volumes:
   datafeeder_postgis_data:
   esdata:
   georchestra_datadir:
+  rabbitmq_data:
 
 secrets:
   slapd_password:
@@ -79,53 +80,43 @@ services:
       - ldap_config:/etc/ldap
     restart: always
 
-  proxy:
-    image: georchestra/security-proxy:latest
-    healthcheck:
-      test: ["CMD-SHELL", "curl -s -f http://localhost:8080/_static/bootstrap_3.0.0/css/bootstrap-theme.min.css >/dev/null || exit 1"]
-      interval: 30s
-      timeout: 10s
-      retries: 10
+  gateway:
+    image: georchestra/gateway:latest
     depends_on:
-      ldap:
-        condition: service_healthy
-      database:
-        condition: service_healthy
+      - database
     volumes:
       - georchestra_datadir:/etc/georchestra
     environment:
-      - JAVA_OPTIONS=-Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF
-      - XMS=256M
-      - XMX=1G
+      - JAVA_TOOL_OPTIONS=-Dgeorchestra.datadir=/etc/georchestra
     env_file:
       - .envs-common
       - .envs-ldap
       - .envs-hosts
       - .envs-database-georchestra
-    restart: always
-
-  cas:
-    image: georchestra/cas:latest
-    healthcheck:
-      test: ["CMD-SHELL", "curl -s -f http://localhost:8080/cas/login >/dev/null || exit 1"]
-      interval: 30s
-      timeout: 10s
-      retries: 10
-    depends_on:
-      ldap:
-        condition: service_healthy
-    volumes:
-      - georchestra_datadir:/etc/georchestra
-    environment:
-      - JAVA_OPTIONS=-Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF
-      - XMS=256M
-      - XMX=1G
-    env_file:
-      - .envs-common
-      - .envs-ldap
-      - .envs-database-georchestra
-    restart: always
 
+# uncomment for oauth 2.0
+#  cas:
+#    image: georchestra/cas:latest
+#    healthcheck:
+#      test: [ "CMD-SHELL", "curl -s -f http://localhost:8080/cas/login >/dev/null || exit 1" ]
+#      interval: 30s
+#      timeout: 10s
+#      retries: 10
+#    depends_on:
+#      ldap:
+#        condition: service_healthy
+#    volumes:
+#      - georchestra_datadir:/etc/georchestra
+#    environment:
+#      - JAVA_OPTIONS=-Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF
+#      - XMS=256M
+#      - XMX=1G
+#    env_file:
+#      - .envs-common
+#      - .envs-ldap
+#      - .envs-database-georchestra
+#    restart: always
+  
   header:
     image: georchestra/header:latest
     healthcheck:
@@ -186,6 +177,8 @@ services:
         condition: service_healthy
       database:
         condition: service_healthy
+      rabbitmq:
+        condition: service_healthy
     volumes:
       - georchestra_datadir:/etc/georchestra
     environment:
@@ -195,6 +188,7 @@ services:
     env_file:
       - .envs-common
       - .envs-ldap
+      - .envs-rabbitmq
       - .envs-database-georchestra
       - .envs-hosts
     restart: always
@@ -401,5 +395,20 @@ services:
     volumes:
       - georchestra_datadir:/etc/georchestra
     restart: always
+      
+  rabbitmq:
+    image: docker.io/bitnami/rabbitmq:3.12
+    healthcheck:
+      test: rabbitmq-diagnostics -q ping && rabbitmq-diagnostics -q check_local_alarms
+      interval: 60s
+      timeout: 30s
+      retries: 3
+    env_file:
+      - .envs-rabbitmq
+    environment:
+      - RABBITMQ_LOGS=-
+    volumes:
+      - 'rabbitmq_data:/bitnami/rabbitmq/mnesia'
+    restart: always
 
       

From 9edb7a0b09f6836faa73cdea77a4bc4fafd80e1e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 13 Jun 2024 14:03:41 +0000
Subject: [PATCH 2/3] Bump resources/static from `5a3b88a` to `3f6e244`

Bumps [resources/static](https://github.com/georchestra/htdocs) from `5a3b88a` to `3f6e244`.
- [Commits](https://github.com/georchestra/htdocs/compare/5a3b88a3860a92e32a789a43a96235d4c661fe2e...3f6e24402f4f013c02bb1a505e79edbec707e073)

---
updated-dependencies:
- dependency-name: resources/static
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 resources/static | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/resources/static b/resources/static
index 5a3b88a..3f6e244 160000
--- a/resources/static
+++ b/resources/static
@@ -1 +1 @@
-Subproject commit 5a3b88a3860a92e32a789a43a96235d4c661fe2e
+Subproject commit 3f6e24402f4f013c02bb1a505e79edbec707e073

From 300f7ada4fe47532bacf18e4e88178841a25858b Mon Sep 17 00:00:00 2001
From: Florian Necas <florian.necas@camptocamp.com>
Date: Thu, 13 Jun 2024 16:04:42 +0200
Subject: [PATCH 3/3] chore: update submodules

---
 config           | 2 +-
 resources/static | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/config b/config
index 127388c..1d38340 160000
--- a/config
+++ b/config
@@ -1 +1 @@
-Subproject commit 127388c9c4e14e30b104025877705951d70a8e01
+Subproject commit 1d383402a002a162992779c749f0074f1c4653ab
diff --git a/resources/static b/resources/static
index 5a3b88a..3f6e244 160000
--- a/resources/static
+++ b/resources/static
@@ -1 +1 @@
-Subproject commit 5a3b88a3860a92e32a789a43a96235d4c661fe2e
+Subproject commit 3f6e24402f4f013c02bb1a505e79edbec707e073