From c2cdc228d4dd2a3dd44bc5ec05fe43e92d006571 Mon Sep 17 00:00:00 2001
From: Tibo De Peuter <tibo.depeuter@ugent.be>
Date: Fri, 16 May 2025 14:00:38 +0200
Subject: [PATCH 1/5] fix(frontend): Resolve common import

---
 frontend/vite.config.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/frontend/vite.config.ts b/frontend/vite.config.ts
index 61867714..523750b9 100644
--- a/frontend/vite.config.ts
+++ b/frontend/vite.config.ts
@@ -9,6 +9,7 @@ export default defineConfig({
     resolve: {
         alias: {
             "@": fileURLToPath(new URL("./src", import.meta.url)),
+            "@dwengo-1/common": fileURLToPath(new URL("../common/src", import.meta.url)),
         },
     },
     build: {

From 4e8a3d559e446cdc8bbdae17897fbaa255bc3482 Mon Sep 17 00:00:00 2001
From: Tibo De Peuter <tibo.depeuter@ugent.be>
Date: Fri, 16 May 2025 14:02:04 +0200
Subject: [PATCH 2/5] fix(frontend): Common in Dockerfile

---
 frontend/Dockerfile | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/frontend/Dockerfile b/frontend/Dockerfile
index 9cbb61ea..1ddb8dc0 100644
--- a/frontend/Dockerfile
+++ b/frontend/Dockerfile
@@ -3,22 +3,28 @@ FROM node:22 AS build-stage
 # install simple http server for serving static content
 RUN npm install -g http-server
 
-WORKDIR /app
+WORKDIR /app/dwengo
 
 # Install dependencies
 
 COPY package*.json ./
 COPY ./frontend/package.json ./frontend/
+# Frontend depends on common
+COPY common/package.json ./common/
 
 RUN npm install --silent
 
 # Build the frontend
 
 # Root tsconfig.json
-COPY tsconfig.json ./
-COPY assets ./assets/
+COPY tsconfig.json tsconfig.build.json ./
 
-WORKDIR /app/frontend
+COPY assets ./assets
+COPY common ./common
+
+RUN npm run build --workspace=common
+
+WORKDIR /app/dwengo/frontend
 
 COPY frontend ./
 
@@ -28,8 +34,8 @@ FROM nginx:stable AS production-stage
 
 COPY config/nginx/nginx.conf /etc/nginx/nginx.conf
 
-COPY --from=build-stage /app/assets /usr/share/nginx/html/assets
-COPY --from=build-stage /app/frontend/dist /usr/share/nginx/html
+COPY --from=build-stage /app/dwengo/assets /usr/share/nginx/html/assets
+COPY --from=build-stage /app/dwengo/frontend/dist /usr/share/nginx/html
 
 EXPOSE 8080
 

From fbab5c454f655ad0e97d3063ae927b6499058786 Mon Sep 17 00:00:00 2001
From: Tibo De Peuter <tibo.depeuter@ugent.be>
Date: Fri, 16 May 2025 19:33:06 +0200
Subject: [PATCH 3/5] feat: Grafana op subpath

---
 compose.production.yml     | 6 ++++--
 compose.staging.yml        | 4 ++++
 config/grafana/grafana.ini | 4 ++++
 3 files changed, 12 insertions(+), 2 deletions(-)
 create mode 100644 config/grafana/grafana.ini

diff --git a/compose.production.yml b/compose.production.yml
index 65dc199b..c9fec77c 100644
--- a/compose.production.yml
+++ b/compose.production.yml
@@ -137,8 +137,10 @@ services:
 
     dashboards:
         image: grafana/grafana:latest
-        ports:
-            - '9002:3000'
+        labels:
+            - 'traefik.enable=true'
+            - 'traefik.http.routers.graphs.rule=PathPrefix(`/graphs`)'
+            - 'traefik.http.services.graphs.loadbalancer.server.port=3000'
         restart: unless-stopped
         volumes:
             - dwengo_grafana_data:/var/lib/grafana
diff --git a/compose.staging.yml b/compose.staging.yml
index 253ab7d5..547a9235 100644
--- a/compose.staging.yml
+++ b/compose.staging.yml
@@ -82,8 +82,12 @@ services:
         image: grafana/grafana:latest
         ports:
             - '9002:3000'
+        labels:
+            - 'traefik.http.routers.graphs.rule=PathPrefix(`/graphs`)'
+            - 'traefik.http.services.graphs.loadbalancer.server.port=3000'
         volumes:
             - dwengo_grafana_data:/var/lib/grafana
+            - ./config/grafana/grafana.ini:/etc/grafana/grafana.ini
         restart: unless-stopped
 
 volumes:
diff --git a/config/grafana/grafana.ini b/config/grafana/grafana.ini
new file mode 100644
index 00000000..d1c7b40b
--- /dev/null
+++ b/config/grafana/grafana.ini
@@ -0,0 +1,4 @@
+[server]
+
+root_url = http://localhost:3000/graphs
+serve_from_sub_path = true

From f1f1f8119b36e2c1e247d6e63ab03393485f73e0 Mon Sep 17 00:00:00 2001
From: Tibo De Peuter <tibo.depeuter@ugent.be>
Date: Fri, 16 May 2025 20:47:18 +0200
Subject: [PATCH 4/5] chore: Setup klant wachtwoord

---
 compose.production.yml     | 14 ++++++++++++--
 compose.staging.yml        |  7 +++++++
 config/grafana/grafana.ini |  4 ++++
 3 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/compose.production.yml b/compose.production.yml
index c9fec77c..cf155c18 100644
--- a/compose.production.yml
+++ b/compose.production.yml
@@ -67,8 +67,6 @@ services:
             - 'traefik.enable=true'
             - 'traefik.http.routers.idp.rule=PathPrefix(`/idp`)'
             - 'traefik.http.services.idp.loadbalancer.server.port=7080'
-            - 'traefik.http.routers.block-admin.rule=PathPrefix(`/idp/admin`)'
-            - 'traefik.http.routers.block-admin.service=web'
         depends_on:
             - keycloak-db
         volumes:
@@ -95,6 +93,9 @@ services:
             - '80:80/tcp'
             - '443:443/tcp'
         command:
+            # Enable web UI
+            - '--api=true'
+
             # Add Docker provider
             - '--providers.docker=true'
             - '--providers.docker.exposedbydefault=false'
@@ -115,6 +116,15 @@ services:
             - '--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web'
             - '--certificatesresolvers.letsencrypt.acme.email=timo.demeyst@ugent.be'
             - '--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json'
+        labels:
+            # BasicAuth middleware
+            - 'traefik.http.middlewares.protected-sub-path.basicauth.users=dwengo.org:$$apr1$$FdALqAjI$$7ZhPq0I/qEQ6k3OYqxJKZ1'
+            # Proxying
+            - 'traefik.enable=true'
+            - 'traefik.http.routers.proxy.middlewares=protected-sub-path'
+            - 'traefik.http.routers.proxy.service=api@internal'
+            - 'traefik.http.routers.proxy.rule=PathPrefix(`/proxy`)'
+            - 'traefik.http.services.proxy.loadbalancer.server.port=8080'
         restart: unless-stopped
         volumes:
             - /var/run/docker.sock:/var/run/docker.sock:ro
diff --git a/compose.staging.yml b/compose.staging.yml
index 547a9235..3d833436 100644
--- a/compose.staging.yml
+++ b/compose.staging.yml
@@ -60,6 +60,13 @@ services:
 
             # Add web entrypoint
             - '--entrypoints.web.address=:80/tcp'
+
+            # Proxying the web UI on a sub-path
+            - '--api.basePath=/proxy'
+        labels:
+            - 'traefik.http.routers.proxy.service=api@internal'
+            - 'traefik.http.routers.proxy.rule=PathPrefix(`/proxy`)'
+            - 'traefik.http.services.proxy.loadbalancer.server.port=8080'
         ports:
             - '9000:8080'
             - '80:80/tcp'
diff --git a/config/grafana/grafana.ini b/config/grafana/grafana.ini
index d1c7b40b..7421cb3f 100644
--- a/config/grafana/grafana.ini
+++ b/config/grafana/grafana.ini
@@ -2,3 +2,7 @@
 
 root_url = http://localhost:3000/graphs
 serve_from_sub_path = true
+
+[security]
+
+admin_user = dwengo.org

From 0136bc813da3a8a24a8555df282a5d3ae11b9991 Mon Sep 17 00:00:00 2001
From: Tibo De Peuter <tibo.depeuter@ugent.be>
Date: Fri, 16 May 2025 20:54:19 +0200
Subject: [PATCH 5/5] docs: Hashed wachtwoord maken

---
 compose.production.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/compose.production.yml b/compose.production.yml
index cf155c18..f28e24ad 100644
--- a/compose.production.yml
+++ b/compose.production.yml
@@ -118,6 +118,8 @@ services:
             - '--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json'
         labels:
             # BasicAuth middleware
+            # To create a user:password pair, the following command can be used:
+            # echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g
             - 'traefik.http.middlewares.protected-sub-path.basicauth.users=dwengo.org:$$apr1$$FdALqAjI$$7ZhPq0I/qEQ6k3OYqxJKZ1'
             # Proxying
             - 'traefik.enable=true'