From 6c6842c5038ea48c1413ab36066a4926d7343b33 Mon Sep 17 00:00:00 2001
From: Ricardo Garcia Silva <ricardo.garcia.silva@gmail.com>
Date: Tue, 11 Jun 2024 17:58:53 +0100
Subject: [PATCH] Added traefik to compose files

---
 arpav_ppcv/webapp/api_v2/app.py               |  8 ---
 .../webapp/api_v2/routers/tileserverproxy.py  | 54 -------------------
 docker/compose.dev.yaml                       | 14 ++++-
 docker/compose.staging.yaml                   | 17 +++++-
 docker/compose.yaml                           | 17 ++++++
 docker/traefik/dev-config.toml                | 24 +++++++++
 docker/traefik/staging-config.toml            | 34 ++++++++++++
 7 files changed, 103 insertions(+), 65 deletions(-)
 delete mode 100644 arpav_ppcv/webapp/api_v2/routers/tileserverproxy.py
 create mode 100644 docker/traefik/dev-config.toml
 create mode 100644 docker/traefik/staging-config.toml

diff --git a/arpav_ppcv/webapp/api_v2/app.py b/arpav_ppcv/webapp/api_v2/app.py
index c65e7893..815e5255 100644
--- a/arpav_ppcv/webapp/api_v2/app.py
+++ b/arpav_ppcv/webapp/api_v2/app.py
@@ -5,7 +5,6 @@
 from .routers.coverages import router as coverages_router
 from .routers.observations import router as observations_router
 from .routers.base import router as base_router
-from .routers.tileserverproxy import router as tile_server_proxy_router
 
 
 def create_app(settings: config.ArpavPpcvSettings) -> fastapi.FastAPI:
@@ -51,11 +50,4 @@ def create_app(settings: config.ArpavPpcvSettings) -> fastapi.FastAPI:
             "observations",
         ],
     )
-    app.include_router(
-        tile_server_proxy_router,
-        prefix="/vector-tiles",
-        tags=[
-            "vector-tiles",
-        ],
-    )
     return app
diff --git a/arpav_ppcv/webapp/api_v2/routers/tileserverproxy.py b/arpav_ppcv/webapp/api_v2/routers/tileserverproxy.py
deleted file mode 100644
index 8c026a86..00000000
--- a/arpav_ppcv/webapp/api_v2/routers/tileserverproxy.py
+++ /dev/null
@@ -1,54 +0,0 @@
-"""A FastAPI router that proxies requests to the tileserver."""
-
-import logging
-from typing import (
-    Annotated,
-)
-
-import httpx
-from fastapi import (
-    APIRouter,
-    Depends,
-)
-from fastapi.responses import (
-    JSONResponse,
-    Response,
-)
-
-from ... import dependencies
-from ....config import ArpavPpcvSettings
-
-logger = logging.getLogger(__name__)
-router = APIRouter()
-
-
-@router.get("/catalog")
-async def get_vector_tiles_catalog(
-    settings: Annotated[ArpavPpcvSettings, Depends(dependencies.get_settings)],
-    http_client: Annotated[httpx.AsyncClient, Depends(dependencies.get_http_client)],
-):
-    response = await http_client.get(f"{settings.martin_tile_server_base_url}/catalog")
-    return JSONResponse(
-        status_code=response.status_code,
-        content=response.json(),
-    )
-
-
-@router.get("/{layer}/{z}/{x}/{y}")
-async def vector_tiles_endpoint(
-    settings: Annotated[ArpavPpcvSettings, Depends(dependencies.get_settings)],
-    http_client: Annotated[httpx.AsyncClient, Depends(dependencies.get_http_client)],
-    layer: str,
-    z: int,
-    x: int,
-    y: int,
-):
-    """Serve vector tiles."""
-    response = await http_client.get(
-        f"{settings.martin_tile_server_base_url}/{layer}/{z}/{x}/{y}"
-    )
-    return Response(
-        status_code=response.status_code,
-        content=response.content,
-        headers=response.headers,
-    )
diff --git a/docker/compose.dev.yaml b/docker/compose.dev.yaml
index 0a1c65b7..0fdaf3e0 100644
--- a/docker/compose.dev.yaml
+++ b/docker/compose.dev.yaml
@@ -14,7 +14,7 @@ x-common-env: &common-env
   ARPAV_PPCV__DEBUG: true
   ARPAV_PPCV__BIND_HOST: 0.0.0.0
   ARPAV_PPCV__BIND_PORT: 5001
-  ARPAV_PPCV__PUBLIC_URL: http://localhost:5001
+  ARPAV_PPCV__PUBLIC_URL: http://localhost:8877
   ARPAV_PPCV__DB_DSN: postgresql://arpav:arpavpassword@db:5432/arpav_ppcv
   ARPAV_PPCV__TEST_DB_DSN: postgresql://arpavtest:arpavtestpassword@test-db:5432/arpav_ppcv_test
   ARPAV_PPCV__SESSION_SECRET_KEY: some-key
@@ -41,6 +41,18 @@ x-common-volumes: &common-volumes
 
 services:
 
+  reverse-proxy:
+    ports:
+      - target: 80
+        published: 8877
+      - target: 8080
+        published: 8878
+    command: --configFile /traefik.toml
+    volumes:
+      - type: bind
+        source: $PWD/docker/traefik/dev-config.toml
+        target: /traefik.toml
+
   webapp:
     image: *webapp-image
     environment:
diff --git a/docker/compose.staging.yaml b/docker/compose.staging.yaml
index 9a86550a..91997b54 100644
--- a/docker/compose.staging.yaml
+++ b/docker/compose.staging.yaml
@@ -23,16 +23,24 @@ name: arpav-ppcv-staging
 
 services:
 
+  reverse-proxy:
+    command: --configFile /opt/traefik/traefik.toml
+    volumes:
+      - type: bind
+        source: home/arpav/docker/traefik/staging-config.toml
+        target: /opt/traefik/traefik.toml
+      - type: bind
+        source: /opt/traefik/certs
+        target: /opt/traefik/certs
+
   webapp:
     env_file:
       - *env-file-webapp
     labels:
-      - "traefik.enable=true"
       - "traefik.http.routers.arpav-backend.entrypoints=webSecure"
       - "traefik.http.routers.arpav-backend.tls=true"
       - "traefik.http.routers.arpav-backend.tls.certResolver=letsEncryptResolver"
       - "traefik.http.routers.arpav-backend.rule=Host(`arpav.geobeyond.dev`)"
-      - "traefik.http.services.arpav-backend-service.loadbalancer.server.port=5001"
     volumes:
       - type: bind
         source: $HOME/data/arpav-ppcv/datasets
@@ -59,6 +67,11 @@ services:
   martin:
     env_file:
       - *env-file-webapp
+    labels:
+      - "traefik.http.routers.martin-router.entrypoints=webSecure"
+      - "traefik.http.routers.martin-router.tls=true"
+      - "traefik.http.routers.martin-router.tls.certResolver=letsEncryptResolver"
+      - "traefik.http.routers.martin-router.rule=Host(`arpav.geobeyond.dev`)"
     restart: unless-stopped
 
   thredds:
diff --git a/docker/compose.yaml b/docker/compose.yaml
index d6b403d6..ecb7dca0 100644
--- a/docker/compose.yaml
+++ b/docker/compose.yaml
@@ -41,8 +41,19 @@ name: arpav-ppcv
 
 services:
 
+  reverse-proxy:
+    image: traefik:3.0.2
+    volumes:
+      - type: bind
+        source: /var/run/docker.sock
+        target: /var/run/docker.sock
+
   webapp:
     image: "ghcr.io/geobeyond/arpav-ppcv-backend/arpav-ppcv-backend:latest"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.arpav-backend-router.rule=PathRegexp(`^/(api|admin)`)"
+      - "traefik.http.services.arpav-backend-service.loadbalancer.server.port=5001"
     depends_on:
       legacy-db:
         condition: service_healthy
@@ -67,6 +78,12 @@ services:
 
   martin:
     image: 'ghcr.io/maplibre/martin:v0.13.0'
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.martin-router.rule=PathPrefix(`/vector-tiles`)"
+      - "traefik.http.services.martin-service.loadbalancer.server.port=3000"
+      - "traefik.http.middlewares.strip-martin-prefix-middleware.stripprefix.prefixes=/vector-tiles"
+      - "traefik.http.routers.martin-router.middlewares=strip-martin-prefix-middleware@docker"
     depends_on:
       db:
         condition: service_healthy
diff --git a/docker/traefik/dev-config.toml b/docker/traefik/dev-config.toml
new file mode 100644
index 00000000..32883508
--- /dev/null
+++ b/docker/traefik/dev-config.toml
@@ -0,0 +1,24 @@
+# Static configuration file for traefik
+#
+# In this file we mostly configure providers, entrypoints and security.
+# Routers, the other major part of a traefik configuration,  form the
+# so-called 'dynamic configuration' and in this case are gotten from
+# the labels associated with the docker provider
+#
+# More info:
+#
+# https://doc.traefik.io/traefik/
+
+[accessLog]
+
+[entryPoints]
+[entryPoints.web]
+address = ":80"
+
+[providers]
+
+[providers.docker]
+exposedByDefault = false
+
+[api]
+insecure = true
diff --git a/docker/traefik/staging-config.toml b/docker/traefik/staging-config.toml
new file mode 100644
index 00000000..94993230
--- /dev/null
+++ b/docker/traefik/staging-config.toml
@@ -0,0 +1,34 @@
+# Static configuration file for traefik
+#
+# In this file we mostly configure providers, entrypoints and security.
+# Routers, the other major part of a traefik configuration,  form the
+# so-called 'dynamic configuration' and in this case are gotten from
+# the labels associated with the docker provider
+#
+# More info:
+#
+# https://doc.traefik.io/traefik/
+
+[accessLog]
+
+[entryPoints]
+[entryPoints.webSecure]
+address = ":443"
+
+[entryPoints.webSecure.forwardedHeaders]
+insecure = true
+
+[providers]
+
+[providers.docker]
+exposedByDefault = false
+
+[certificatesResolvers.letsEncryptResolver.acme]
+email = "francesco.bartoli@geobeyond.it"
+storage = "/opt/traefik/certs/acme.json"
+
+# Default: "https://acme-v02.api.letsencrypt.org/directory"
+# the default is the production lets encrypt server
+# caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
+
+[certificatesResolvers.letsEncryptResolver.acme.tlsChallenge]