inteligr8/SearchServices
1
0
Fork 0
mirror of https://github.com/Alfresco/SearchServices.git synced 2025-09-10 14:11:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Merge pull request #160 from Alfresco/feature/SEARCH-1620_DockerSSL"

Browse Source 
This reverts commit ce3283e928, reversing
changes made to f6f85558a2.
This commit is contained in:
Tom Page
2019-05-14 10:04:28 +01:00
parent aacbf17763
commit 097e6243aa
18 changed files with 60 additions and 348 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
search-services/packaging/src/docker/6.x/.env
View File

@@ -1,5 +1,6 @@
ALFRESCO_TAG=6.1.2-ga
SHARE_TAG=6.1.0
# In order to start the community edition set the value of ALFRESCO_EDITION to -community
ALFRESCO_EDITION=
ALFRESCO_TAG=6.1.0-EA3
SHARE_TAG=6.0
POSTGRES_TAG=10.1
SEARCH_TAG=1.3.0.1
ACTIVE_MQ_TAG=5.15.8
SEARCH_TAG=latest

26
search-services/packaging/src/docker/6.x/README.md
View File

@@ -1,26 +0,0 @@
# Docker Compose Reference for ACS 6.x
This project includes default configuration for ACS Community 6.1 and Search Services 1.2 using Plain HTTP communication between Repository and SOLR
## Running Docker Compose
Docker can be started using default command.
```bash
$ docker-compose up --build
```
Alfresco will be available at:
http://localhost:8082/alfresco
http://localhost:8080/share
http://localhost:8083/solr
Plain HTTP Communication from SOLR is targeted inside Docker Network to http://alfresco:8080/alfresco
**Mutual TLS/SSL Communication**
Folder `ssl` includes default TLS/SSL Communication between SOLR and Repository.

136
search-services/packaging/src/docker/6.x/docker-compose.yml
View File

@@ -1,82 +1,56 @@
# This docker-compose file will spin up an ACS cluster on a local host or on a server and it requires a minimum of 12GB Memory to distribute among containers.
# Limit container memory and assign X percentage to JVM. There are couple of ways to allocate JVM Memory for ACS Containers
# For example: 'JAVA_OPTS: "$JAVA_OPTS -XX:+PrintFlagsFinal -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap"'
# But, as per Oracle docs (https://docs.oracle.com/javase/9/gctuning/parallel-collector1.htm#JSGCT-GUID-CAB83393-3438-44ED-98F0-D15641B43C7D)
# If container memory is not explicitly set, then the above flags will default max heap to 1/4th of container's memory which may not be ideal.
# Hence, setting up explicit Container memory and then assigning a percentage of it to the JVM for performance tuning.
# Using version 2 as 3 does not support resource constraint options (cpu_*, mem_* limits) for non swarm mode in Compose
version: "2"
version: '3'
services:
alfresco:
image: alfresco/alfresco-content-repository-community:${ALFRESCO_TAG}
mem_limit: 1500m
environment:
JAVA_OPTS : "
-Ddb.driver=org.postgresql.Driver
-Ddb.username=alfresco
-Ddb.password=alfresco
-Ddb.url=jdbc:postgresql://postgres:5432/alfresco
-Dsolr.host=solr6
-Dsolr.port=8983
-Dsolr.secureComms=none
-Dsolr.base.url=/solr
-Dindex.subsystem.name=solr6
-Dshare.host=localhost
-Dalfresco.port=8082
-Daos.baseUrlOverwrite=http://localhost:8082/alfresco/aos
-Dmessaging.broker.url=\"failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true\"
-Ddeployment.method=DOCKER_COMPOSE
-Dcsrf.filter.enabled=false
-Xms1g -Xmx1g
"
ports:
- 8082:8080 #Browser port
- 8443:8443
share:
image: alfresco/alfresco-share:${SHARE_TAG}
mem_limit: 1g
environment:
- REPO_HOST=alfresco
- REPO_PORT=8080
- "CATALINA_OPTS= -Xms500m -Xmx500m"
ports:
- 8080:8080
postgres:
image: postgres:${POSTGRES_TAG}
mem_limit: 1500m
environment:
- POSTGRES_PASSWORD=alfresco
- POSTGRES_USER=alfresco
- POSTGRES_DB=alfresco
command: postgres -c max_connections=300 -c log_min_messages=LOG
ports:
- 5432:5432
solr6:
image: alfresco/alfresco-search-services:${SEARCH_TAG}
mem_limit: 2500m
environment:
#Solr needs to know how to register itself with Alfresco
SOLR_ALFRESCO_HOST: "alfresco"
SOLR_ALFRESCO_PORT: "8080"
#Alfresco needs to know how to call solr
SOLR_SOLR_HOST: "solr6"
SOLR_SOLR_PORT: "8983"
#Create the default alfresco and archive cores
SOLR_CREATE_ALFRESCO_DEFAULTS: "alfresco,archive"
SOLR_JAVA_MEM: "-Xms2g -Xmx2g"
ports:
- 8083:8983 #Browser port
activemq:
image: alfresco/alfresco-activemq:${ACTIVE_MQ_TAG}
mem_limit: 2048m
ports:
- 8161:8161 # Web Console
- 5672:5672 # AMQP
- 61616:61616 # OpenWire
- 61613:61613 # STOMP
alfresco:
image: alfresco/alfresco-content-repository${ALFRESCO_EDITION}:${ALFRESCO_TAG}
environment:
JAVA_OPTS : "
-Ddb.driver=org.postgresql.Driver
-Ddb.username=alfresco
-Ddb.password=alfresco
-Ddb.url=jdbc:postgresql://postgres:5432/alfresco
-Dsolr.host=search
-Dsolr.port=8983
-Dsolr.secureComms=none
-Dsolr.base.url=/solr
-Dindex.subsystem.name=solr6
-Dmessaging.broker.url=\"failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true\"
"
ports:
- "7203:7203" #JMX connect via service:jmx:rmi:///jndi/rmi://localhost:7203/jmxrmi
- "5005:5005" #Java debugging
- "8081:8080" #Browser port for Alfresco
share:
image: alfresco/alfresco-share:${SHARE_TAG}
environment:
- REPO_HOST=alfresco
- REPO_PORT=8080
ports:
- 8082:8080 #Browser port for Share
postgres:
image: postgres:${POSTGRES_TAG}
environment:
- POSTGRES_PASSWORD=alfresco
- POSTGRES_USER=alfresco
- POSTGRES_DB=alfresco
ports:
- 5432:5432
search:
image: quay.io/alfresco/search-services:${SEARCH_TAG}
environment:
#Solr needs to know how to register itself with Alfresco
- SOLR_ALFRESCO_HOST=alfresco
- SOLR_ALFRESCO_PORT=8080
#Alfresco needs to know how to call solr
- SOLR_SOLR_HOST=search
- SOLR_SOLR_PORT=8983
#Create the default alfresco and archive cores
- SOLR_CREATE_ALFRESCO_DEFAULTS=alfresco,archive
ports:
- 8083:8983 #Browser port
activemq:
image: alfresco/alfresco-activemq:5.15.6
ports:
- 8161:8161 # Web Console
- 5672:5672 # AMQP
- 61616:61616 # OpenWire
- 61613:61613 # STOMP

5
search-services/packaging/src/docker/6.x/ssl/.env
View File

@@ -1,5 +0,0 @@
ALFRESCO_TAG=6.1.2-ga
SHARE_TAG=6.1.0
POSTGRES_TAG=10.1
SEARCH_TAG=1.3.0.1
ACTIVE_MQ_TAG=5.15.8

56
search-services/packaging/src/docker/6.x/ssl/README.md
View File

@@ -1,56 +0,0 @@
# Docker Templates for Community Edition
This project includes default configuration to use Mutual TLS communication between ACS Community 6.1 and Search Services 1.3.
Every *truststores*, *keystores* and *certificates* are copied from sources.
## Components
* **alfresco** includes a `Dockerfile` with *Tomcat Connector* configuration and *Keystore* folder mapping as it's required for Connector. Default stores and certificates from source code (`alfresco-repository`) have been copied in keystore folder.
* **docker-compose.yml** includes a Docker Composition for ACS 6.1 and Search Services 1.3 using Mutual TLS
* **solr6** includes a `Dockerfile` to set *https* communications and to provide a volume for the keystore. The keystore folder includes default certificates for SOLR server copied from source code (`alfresco-search`)
```
├── alfresco
│   ├── Dockerfile
│   └── keystore
│   ├── keystore
│   ├── keystore-passwords.properties
│   ├── ssl-keystore-passwords.properties
│   ├── ssl-truststore-passwords.properties
│   ├── ssl.keystore
│   └── ssl.truststore
├── docker-compose.yml
└── solr6
├── Dockerfile
└── keystore
├── ssl-keystore-passwords.properties
├── ssl-truststore-passwords.properties
├── ssl.repo.client.keystore
└── ssl.repo.client.truststore
```
## Running Docker Compose
This project includes resources to start the platform in Mutual TLS (SSL).
Docker can be started selecting SSL Docker Compose file.
```bash
$ docker-compose up --build
```
Alfresco will be available at:
http://localhost:8082/alfresco
https://localhost:8443/alfresco
http://localhost:8080/share
https://localhost:8083/solr
SSL Communication from SOLR is targeted inside Docker Network to https://alfresco:8443/alfresco

25
search-services/packaging/src/docker/6.x/ssl/alfresco/Dockerfile
View File

@@ -1,25 +0,0 @@
ARG ALFRESCO_TAG
FROM alfresco/alfresco-content-repository-community:${ALFRESCO_TAG}
USER root
ARG TOMCAT_DIR=/usr/local/tomcat
ARG ALF_DATA_DIR=${TOMCAT_DIR}/alf_data
# Copy generated keystore to Image
COPY keystore ${ALF_DATA_DIR}/keystore
# Default value in "repository.properties" is "dir.keystore=classpath:alfresco/keystore"
RUN echo "dir.keystore=${ALF_DATA_DIR}/keystore" >> ${TOMCAT_DIR}/shared/classes/alfresco-global.properties
### Enable SSL by adding the proper Connector to server.xml
RUN sed -i "s/\
<\/Engine>/\n\
<\/Engine>\n\
<Connector port=\"8443\" protocol=\"org.apache.coyote.http11.Http11Protocol\"\n\
SSLEnabled=\"true\" maxThreads=\"150\" scheme=\"https\"\n\
keystoreFile=\"\/usr\/local\/tomcat\/alf_data\/keystore\/ssl.keystore\"\n\
keystorePass=\"kT9X6oe68t\" keystoreType=\"JCEKS\" secure=\"true\" connectionTimeout=\"240000\"\n\
truststoreFile=\"\/usr\/local\/tomcat\/alf_data\/keystore\/ssl.truststore\"\n\
truststorePass=\"kT9X6oe68t\" truststoreType=\"JCEKS\" clientAuth=\"want\" sslProtocol=\"TLS\">\n\
<\/Connector>/g" ${TOMCAT_DIR}/conf/server.xml

BIN
search-services/packaging/src/docker/6.x/ssl/alfresco/keystore/keystore
View File

Binary file not shown.

7
search-services/packaging/src/docker/6.x/ssl/alfresco/keystore/keystore-passwords.properties
View File

@@ -1,7 +0,0 @@
aliases=metadata
# The password protecting the keystore entries
keystore.password=mp6yc0UD9e
# The password protecting the alias: metadata
metadata.keyData=
metadata.algorithm=DESede
metadata.password=oKIWzVdEdA

7
search-services/packaging/src/docker/6.x/ssl/alfresco/keystore/ssl-keystore-passwords.properties
View File

@@ -1,7 +0,0 @@
aliases=ssl.alfresco.ca,ssl.repo
# The ssl keystore password
keystore.password=kT9X6oe68t
# The password protecting the ssl repository key
ssl.repo.password=kT9X6oe68t
# The password protecting the ssl Alfresco CA key
ssl.alfresco.ca.password=kT9X6oe68t

5
search-services/packaging/src/docker/6.x/ssl/alfresco/keystore/ssl-truststore-passwords.properties
View File

@@ -1,5 +0,0 @@
aliases=alfresco.ca
# The ssl truststore password
keystore.password=kT9X6oe68t
# The password protecting the ssl Alfresco CA strust certificate
alfresco.ca.password=kT9X6oe68t

BIN
search-services/packaging/src/docker/6.x/ssl/alfresco/keystore/ssl.keystore
View File

Binary file not shown.

BIN
search-services/packaging/src/docker/6.x/ssl/alfresco/keystore/ssl.truststore
View File

Binary file not shown.

109
search-services/packaging/src/docker/6.x/ssl/docker-compose.yml
View File

@@ -1,109 +0,0 @@
# This docker-compose file will spin up an ACS cluster on a local host or on a server and it requires a minimum of 12GB Memory to distribute among containers.
# Limit container memory and assign X percentage to JVM. There are couple of ways to allocate JVM Memory for ACS Containers
# For example: 'JAVA_OPTS: "$JAVA_OPTS -XX:+PrintFlagsFinal -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap"'
# But, as per Oracle docs (https://docs.oracle.com/javase/9/gctuning/parallel-collector1.htm#JSGCT-GUID-CAB83393-3438-44ED-98F0-D15641B43C7D)
# If container memory is not explicitly set, then the above flags will default max heap to 1/4th of container's memory which may not be ideal.
# Hence, setting up explicit Container memory and then assigning a percentage of it to the JVM for performance tuning.
# Using version 2 as 3 does not support resource constraint options (cpu_*, mem_* limits) for non swarm mode in Compose
version: "2"
services:
alfresco:
build:
context: ./alfresco
args:
ALFRESCO_TAG: ${ALFRESCO_TAG}
mem_limit: 1500m
environment:
JAVA_OPTS : "
-Ddb.driver=org.postgresql.Driver
-Ddb.username=alfresco
-Ddb.password=alfresco
-Ddb.url=jdbc:postgresql://postgres:5432/alfresco
-Dsolr.host=solr6
-Dsolr.port.ssl=8983
-Dsolr.secureComms=https
-Dsolr.base.url=/solr
-Dindex.subsystem.name=solr6
-Dshare.host=localhost
-Dalfresco.port=8082
-Daos.baseUrlOverwrite=http://localhost:8082/alfresco/aos
-Dmessaging.broker.url=\"failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true\"
-Ddeployment.method=DOCKER_COMPOSE
-Dcsrf.filter.enabled=false
-Xms1g -Xmx1g
"
ports:
- 8082:8080 #Browser port
- 8443:8443
share:
image: alfresco/alfresco-share:${SHARE_TAG}
mem_limit: 1g
environment:
- REPO_HOST=alfresco
- REPO_PORT=8080
- "CATALINA_OPTS= -Xms500m -Xmx500m"
ports:
- 8080:8080
postgres:
image: postgres:${POSTGRES_TAG}
mem_limit: 1500m
environment:
- POSTGRES_PASSWORD=alfresco
- POSTGRES_USER=alfresco
- POSTGRES_DB=alfresco
command: postgres -c max_connections=300 -c log_min_messages=LOG
ports:
- 5432:5432
solr6:
build:
context: ./solr6
args:
- SEARCH_TAG=${SEARCH_TAG}
mem_limit: 2500m
environment:
#Solr needs to know how to register itself with Alfresco
SOLR_ALFRESCO_HOST: "alfresco"
SOLR_ALFRESCO_PORT: "8443"
#Alfresco needs to know how to call solr
SOLR_SOLR_HOST: "solr6"
SOLR_SOLR_PORT: "8983"
SOLR_SSL_TRUST_STORE: "/opt/alfresco-search-services/keystore/ssl.repo.client.truststore"
SOLR_SSL_TRUST_STORE_PASSWORD: "kT9X6oe68t"
SOLR_SSL_TRUST_STORE_TYPE: "JCEKS"
SOLR_SSL_KEY_STORE: "/opt/alfresco-search-services/keystore/ssl.repo.client.keystore"
SOLR_SSL_KEY_STORE_PASSWORD: "kT9X6oe68t"
SOLR_SSL_KEY_STORE_TYPE: "JCEKS"
SOLR_SSL_NEED_CLIENT_AUTH: "true"
#Create the default alfresco and archive cores
SOLR_CREATE_ALFRESCO_DEFAULTS: "alfresco,archive"
SOLR_JAVA_MEM: "-Xms2g -Xmx2g"
SOLR_OPTS: "
-Djavax.net.ssl.keyStoreType=JCEKS
-Djavax.net.ssl.trustStoreType=JCEKS
-Dsolr.ssl.checkPeerName=false
-Dsolr.allow.unsafe.resourceloading=true
-Dalfresco.encryption.ssl.keystore.location=/opt/alfresco-search-services/keystore/ssl.repo.client.keystore
-Dalfresco.encryption.ssl.keystore.passwordFileLocation=/opt/alfresco-search-services/keystore/ssl-keystore-passwords.properties
-Dalfresco.encryption.ssl.keystore.type=JCEKS
-Dalfresco.encryption.ssl.truststore.location=/opt/alfresco-search-services/keystore/ssl.repo.client.truststore
-Dalfresco.encryption.ssl.truststore.passwordFileLocation=/opt/alfresco-search-services/keystore/ssl-truststore-passwords.properties
-Dalfresco.encryption.ssl.truststore.type=JCEKS
"
ports:
- 8083:8983 #Browser port
volumes:
- ./solr6/keystore:/opt/alfresco-search-services/keystore
activemq:
image: alfresco/alfresco-activemq:${ACTIVE_MQ_TAG}
mem_limit: 2048m
ports:
- 8161:8161 # Web Console
- 5672:5672 # AMQP
- 61616:61616 # OpenWire
- 61613:61613 # STOMP

11
search-services/packaging/src/docker/6.x/ssl/solr6/Dockerfile
View File

@@ -1,11 +0,0 @@
ARG SEARCH_TAG
FROM alfresco/alfresco-search-services:${SEARCH_TAG}
# Configure SOLR cores to run in HTTPs mode from template
RUN sed -i '/^bash.*/i sed -i "'"s/alfresco.secureComms=none/alfresco.secureComms=https/g"'" ${DIST_DIR}/solrhome/templates/rerank/conf/solrcore.properties\n' \
${DIST_DIR}/solr/bin/search_config_setup.sh
RUN mkdir ${DIST_DIR}/keystore \
&& chown -R solr:solr ${DIST_DIR}/keystore
VOLUME ["${DIST_DIR}/keystore"]

7
search-services/packaging/src/docker/6.x/ssl/solr6/keystore/ssl-keystore-passwords.properties
View File

@@ -1,7 +0,0 @@
aliases=ssl.alfresco.ca,ssl.repo
# The ssl keystore password
keystore.password=kT9X6oe68t
# The password protecting the ssl repository key
ssl.repo.password=kT9X6oe68t
# The password protecting the ssl Alfresco CA key
ssl.alfresco.ca.password=kT9X6oe68t

5
search-services/packaging/src/docker/6.x/ssl/solr6/keystore/ssl-truststore-passwords.properties
View File

@@ -1,5 +0,0 @@
aliases=alfresco.ca
# The ssl truststore password
keystore.password=kT9X6oe68t
# The password protecting the ssl Alfresco CA strust certificate
alfresco.ca.password=kT9X6oe68t

BIN
search-services/packaging/src/docker/6.x/ssl/solr6/keystore/ssl.repo.client.keystore
View File

Binary file not shown.

BIN
search-services/packaging/src/docker/6.x/ssl/solr6/keystore/ssl.repo.client.truststore
View File

Binary file not shown.