Service configuration
Now you have the applications ready to run, you can set up the service infrastructure using Docker.
Docker compose
To implement this in practice, the following docker compose structure is used:
services:
admin:
image: rems:dev
build: ./rems
depends_on:
- db
ports:
- "3000:3000"
volumes:
- ./config.ui.edn:/rems/config/config.edn
environment:
- CMD=migrate;run
restart: unless-stopped
clientapi:
image: rems:dev
build: ./rems
depends_on:
- db
volumes:
- ./config.edn:/rems/config/config.edn
restart: unless-stopped
db:
image: postgres:13
volumes:
- ./pgdata:/var/lib/postgresql/data
environment:
POSTGRES_USER: rems
POSTGRES_PASSWORD: rems
restart: unless-stopped
client:
image: cadreclient:dev
build: ./cadreclient
depends_on:
- clientapi
restart: unless-stopped
nginx:
image: nginx:1.25
depends_on:
- clientapi
- client
volumes:
- ./nginx.conf:/etc/nginx/conf.d/default.conf
restart: unless-stopped
ports:
- "3010:80"
nginx.conf
Where nginx.conf is used to pass requests to the backend via the /rems subdirectory. Below is the nginx.conf used:
upstream client {
server client:3000;
}
upstream rems {
server clientapi:5001;
}
server {
listen 80;
location / {
proxy_pass http://client;
}
location /ws {
proxy_pass http://client;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /rems {
rewrite /rems/(.*) /$1 break;
proxy_pass http://rems;
}
}
config.edn
Each of the backend applications has a configuration file. The first, config.edn describes the configuration that applies to the backend that is running on the same domain as the front end. This configuration file extends the default REMS configuration file to include the services integrated with REMS.
{:port 5001
:database-url "postgresql://db:5432/rems?user=rems&password=rems"
:search-index-path "/tmp/rems-search-index"
:authentication :oidc
:public-url "https://dev.cadre.ada.edu.au/rems/"
:cadre-url "https://dev.cadre.ada.edu.au/"
:dev false
:log-authentication-details true
:oidc-metadata-url "https://test.cilogon.aaf.edu.au/.well-known/openid-configuration"
:oidc-client-id "clientid"
:oidc-client-secret "clientsecret"
:oidc-logout-redirect-url "https://dev.cadre.ada.edu.au/login"
:oidc-perform-revoke-in-logout true
:revocation_endpoint "https://cilogon.aaf.edu.au/oauth2/revoke"
:userinfo_endpoint "https://test.cilogon.aaf.edu.au/oauth2/userinfo"
:oidc-extra-attributes [{:attribute "eduPersonOrcid"}{:attribute "eduPersonAffiliation"}{:attribute "homeOrganization"}]
:oidc-scopes "openid profile email org.cilogon.userinfo"
:cadre-moodle-app-wstoken "token"
:cadre-moodle-app-api-url "https://learning.cadre5safes.org.au/webservice/rest/server.php"
:comanage-registry-url "https://registry-test.cadre5safes.org.au/registry"
:comanage-registry-coid "2"
:comanage-core-api-userid "co_2.test"
:comanage-core-api-key "apikey"
:rg-augment-api-key "apikey"
:rg-augment-api-url "https://augmentapi.researchgraph.com/v1/orcid/"
:smtp-host "smtp"
:smtp-port 25
:mail-from "admin@cadre5safes.org.au"
:entitlement-push [{:id "comanage"
:type :comanage
:comanage-registry-url "https://registry-test.cadre5safes.org.au/registry"
:comanage-registry-coid "2"
:comanage-core-api-userid "co_2.test"
:comanage-core-api-key "apikey"}]
}
config.edn breakdown
Firstly, the port is 5001 which nginx then rewrites to be in the /rems subdirectory of the front end application
{:port 5001
Database details to match what is set in the postgres container (host db, port 5432, etc)
:database-url "postgresql://db:5432/rems?user=rems&password=rems"
Default REMS config when using an OIDC auth backend
:search-index-path "/tmp/rems-search-index"
:authentication :oidc
New config options specific to CADRE. These URL's allow for correct URL rewriting inside email messages. The public-url is of the rewritten address, and the cadre-url is the frontend main address
:public-url "https://dev.cadre.ada.edu.au/rems/"
:cadre-url "https://dev.cadre.ada.edu.au/"
Default REMS config
:dev false
:log-authentication-details true
:oidc-metadata-url "https://test.cilogon.aaf.edu.au/.well-known/openid-configuration"
:oidc-client-id "clientid"
:oidc-client-secret "clientsecret"
This is added to ensure the front end redirects back to the login page on logout
:oidc-logout-redirect-url "https://dev.cadre.ada.edu.au/login"
Default OIDC config with some additions when using the CiLogon OIDC
:oidc-perform-revoke-in-logout true
:revocation_endpoint "https://cilogon.aaf.edu.au/oauth2/revoke"
:userinfo_endpoint "https://test.cilogon.aaf.edu.au/oauth2/userinfo"
:oidc-extra-attributes [{:attribute "eduPersonOrcid"}{:attribute "eduPersonAffiliation"}{:attribute "homeOrganization"}]
:oidc-scopes "openid profile email org.cilogon.userinfo"
This configuration allows the application to integrate with Moodle to determine training status. "token" needs to be replaced with the wstoken set in Moodle
:cadre-moodle-app-wstoken "token"
:cadre-moodle-app-api-url "https://learning.cadre5safes.org.au/webservice/rest/server.php"
This additional configuration allows the application to get user data from the CoManage registry
:comanage-registry-url "https://registry-test.cadre5safes.org.au/registry"
:comanage-registry-coid "2"
:comanage-core-api-userid "co_2.test"
:comanage-core-api-key "apikey"
Research graph api integration - set the apikey.
:rg-augment-api-key "apikey"
:rg-augment-api-url "https://augmentapi.researchgraph.com/v1/orcid/"
Default mail configuration
:smtp-host "smtp"
:smtp-port 25
:mail-from "admin@cadre5safes.org.au"
Including the following configuration will instruct the backend application to attempt to add users to CoManage groups that have a matching resource in the backend, once they have been granted approval for that resource. The application searches based on the group name in CoManage.
:entitlement-push [{:id "comanage"
:type :comanage
:comanage-registry-url "https://registry-test.cadre5safes.org.au/registry"
:comanage-registry-coid "2"
:comanage-core-api-userid "co_2.test"
:comanage-core-api-key "apikey"}]
}
config.ui.edn
Finally, the config.ui.edn file specifies the configuration for the backend service. It is basically the same as the application backend configuration, but excludes mail configuration (to avoid double mailing people) and runs on an alternate port
{:port 3000
:database-url "postgresql://db:5432/rems?user=rems&password=rems"
:search-index-path "/tmp/rems-search-index"
:authentication :oidc
:public-url "https://admin-dev.cadre.ada.edu.au/"
:cadre-url "/redirect"
:dev false
:oidc-metadata-url "https://test.cilogon.aaf.edu.au/.well-known/openid-configuration"
:oidc-client-id "clientid"
:userinfo_endpoint "https://test.cilogon.aaf.edu.au/oauth2/userinfo"
:oidc-extra-attributes [{:attribute "eduPersonOrcid"}{:attribute "eduPersonAffiliation"}{:attribute "homeOrganization"}]
:oidc-scopes "openid profile email org.cilogon.userinfo"
:oidc-client-secret "secret"
:oidc-logout-redirect-url "https://admin-dev.cadre.ada.edu.au/"
:oidc-perform-revoke-in-logout true
:revocation_endpoint "https://cilogon.aaf.edu.au/oauth2/revoke"
:languages [:en]
:cadre-moodle-app-wstoken "token"
:cadre-moodle-app-api-url "https://learning.cadre5safes.org.au/webservice/rest/server.php"
:comanage-registry-url "https://registry-test.cadre5safes.org.au/registry"
:comanage-registry-coid "2"
:comanage-core-api-userid "co_2.test"
:comanage-core-api-key "apikey"
:rg-augment-api-key "apikey"
:rg-augment-api-url "https://augmentapi.researchgraph.com/v1/orcid/"}
Once you have these configuration files in place, you can start the application by running:
docker compose up -d
Then accessing the front end on:
http://localhost:3010
or the backend directly on:
http://localhost:3000