How to setup multi-tenant environment?

[leolastikka-sweco]

Hello!

I am trying to setup qwc-docker with multiple tenants. I created new directories and tenantConfig.json files for new tenants "tenant1" and "tenant2" as follows:

volumes/
    config-in/
      default
      tenant1/
          tenantConfig.json
      tenant2/
          tenantConfig.json

After that I ran qwc-config-generator successfully, which created all the config files to volumes/config/tenant1 and volumes/config/tenant2.

What other settings do I need to take into account to run this multi-tenant environment?

• Is TENANT_URL_RE environment variable required?
• What is TENANT_HEADER?
• Does nginx.conf require tweaking?
• Should I be able to access my newly created tenants' map viewers from addresses: http://localhost:8088/tenant1 http://localhost:8088/tenant2?

Thanks in advance.

[manisandro]

You need to tell qwc-service how to extract the tenant name from a request, that's what TENANT_URL_RE or TENANT_HEADER are for. You need to set the one or the other:

• TENANT_URL_RE to specify a regex which captures the tenant when applied to an URL
• TENANT_HEADER to specify the name of the HTTP header which contains the tenant name

One common approach is to use TENANT_HEADER=Tenant and write something like this in nginx.conf:

location ~ ^/(?<t>tenant1|tenant2|tenant3)/ows {
    proxy_set_header Tenant $t;
    rewrite ^/[^/]+(.+) $1 break;
    proxy_pass http://qwc-ogc-service:9090/;
}

(and similarly for all other qwc services in nginx.conf).

[tpo]

With the advice given by @manisandro I guess this ticket can be closed? Of course patches to improve the documentation are welcome!

[leolastikka-sweco]

Yes, this ticket can be closed. Thank you for clarifying!

[danceb]

@leolastikka-sweco did you get further with this? Does it work in your case? (Not in mine, so I am just asking...). Thanks!

[tpo]

@danceb see https://github.com/qwc-services/qwc-docker/issues/52#issuecomment-1342868611 and https://github.com/qwc-services/qwc-docker/issues/52#issuecomment-1347805074

[danceb]

@tpo Of course I have seen this comments (why not? ;-) ) and tried this within my nginx config, but it does not work with this rewrite rules on the services in my case. The ticket is closed, because it is not an issue, which should not mean, that it work as expected.

[manisandro]

@danceb What issues are you encountering?

[danceb]

I always get 404 "The requested URL was not found on the server" errors. But so I did not get any further information from the api-gateway logs.

The variable TENANT_HEADER=Tenant ist set within the .env file.

The map viewer itself is loaded correctly and the get request are like

• GET | http://localhost:8080/tenant1/dist/QWC2App.js?
• GET | http://localhost:8080/tenant1/assets/css/qwc2.css etc.

But it tries to access the services not with the tenant name within the URL like:

• GET | http://localhost:8080/ows/qgis_project?SERVICE=WMS&VERSION=1.3.0&REQUEST=GetMap...

But if I try to access the service directly with the tenant name like GET | http://localhost:8080/tenant1/ows/qgis_project?SERVICE=WMS&VERSION=1.3.0&REQUEST=GetMap..., I am getting an 404 error as well.

I have configured two tenants with two different map themes. The config files are generated correctly within volumes/config. But it always tries to load the theme configured for tenant1, even if I am trying to load http://localhost:8080/tenant2/

I have attached our nginx.conf here: nginx.dev.conf.txt

[leolastikka-sweco]

I managed to get the qwc-map-viewer working with multiple tenants (tested by using different background layers), but I've only done testing with the default qwc-ogc-service for all the tenants. I did run into issues with service URLs (at least in authentication), but I haven't had the time to properly locate or name the issues.