From 5f4ad6cc82f3178c39ce4b4589e5af7694f29e39 Mon Sep 17 00:00:00 2001
From: William Miceli <9000802+WilliamMiceli@users.noreply.github.com>
Date: Tue, 11 Sep 2018 10:34:17 -0400
Subject: [PATCH] Added Traefik as public proxy and basic authentication

---
 .../EclipseChe-Single/0/docker-compose.yml    | 20 +++++++++++--
 .../EclipseChe-Single/0/rancher-compose.yml   | 28 +++++++++++++++----
 2 files changed, 40 insertions(+), 8 deletions(-)

diff --git a/templates/EclipseChe-Single/0/docker-compose.yml b/templates/EclipseChe-Single/0/docker-compose.yml
index 5e8d3a1..f809c85 100644
--- a/templates/EclipseChe-Single/0/docker-compose.yml
+++ b/templates/EclipseChe-Single/0/docker-compose.yml
@@ -7,14 +7,28 @@ services:
       - 1.0.0.1
     environment:
       CHE_DNS_RESOLVERS: 1.1.1.1,1.0.0.1
-      CHE_DOCKER_IP_EXTERNAL: ${HOST_IP}
-      CHE_HOST: ${HOST_IP}
+      CHE_DOCKER_IP_EXTERNAL: ${TRAEFIK_HOST}
+      CHE_HOST: ${TRAEFIK_HOST}
       CHE_IN_VM: true
     labels:
       io.rancher.container.pull_image: always
-      {{- if (.Values.HOST_LABEL)}}
+      {{- if .Values.HOST_LABEL}}
       io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
       {{- end}}
+      {{- if .Values.TRAEFIK_HOST}}
+      traefik.enable: true
+      traefik.port: "80"
+      {{- if .Values.TRAEFIK_BASIC_AUTH}}
+      traefik.frontend.auth.basic: ${TRAEFIK_BASIC_AUTH}
+      {{- end}}
+#      traefik.frontend.headers.SSLRedirect: true
+      traefik.frontend.entryPoints: http,https
+      traefik.frontend.redirect.entryPoint: https
+      traefik.frontend.redirect.permanent: true
+      traefik.frontend.rule: Host:${TRAEFIK_HOST}
+      {{- else}}
+      traefik.enable: false
+      {{- end}}
     ports:
       - "${CHE_PORT}:8080"
     restart: on-failure
diff --git a/templates/EclipseChe-Single/0/rancher-compose.yml b/templates/EclipseChe-Single/0/rancher-compose.yml
index 4038f95..2fbde24 100644
--- a/templates/EclipseChe-Single/0/rancher-compose.yml
+++ b/templates/EclipseChe-Single/0/rancher-compose.yml
@@ -16,14 +16,23 @@ catalog:
       required: false
       type: string
 
-    - variable: "HOST_IP"
-      label: "Host IP Address"
+    - variable: "TRAEFIK_HOST"
+      label: "Public Host Domain"
       description: |
-        IP of the host system
-      default: "0.0.0.0"
-      required: true
+        The host that Traefik will use to provide public access.
+        Leaving this empty will disable Traefik on this stack.
+      default: "subdomain.domain.tld"
+      required: false
       type: string
 
+#    - variable: "HOST_IP"
+#      label: "Host IP Address"
+#      description: |
+#        IP of the host system
+#      default: "0.0.0.0"
+#      required: true
+#      type: string
+
     - variable: "CHE_PORT"
       label: "Port Number"
       description: |
@@ -32,6 +41,15 @@ catalog:
       required: true
       type: string
 
+    - variable: "TRAEFIK_BASIC_AUTH"
+      label: "Basic Authentication Expression"
+      description: |
+        Sets basic authentication for that frontend in CSV format "User:Hash,User:Hash".
+        Leaving this empty will disable Traefik's Basic Authentication functionality
+      default: ""
+      required: false
+      type: string
+
     - variable: DATA_DIR
       label: "Data Directory"
       description: |