SEARCH-1915: Support for ACS 7.x (named temporary as "latest")

Created the new env var password specification for cryptographic stores when using mTLS in latest.
Added new cryptographic stores set according to ACS 7.x criteria

e2e-test/generator-alfresco-docker-compose/README.md

@@ -17,8 +17,10 @@ $ tree generators/app/templates/
 │   ├── .env
 │   ├── docker-compose-ce.yml
 │   └── docker-compose-ee.yml
-├── empty
-│   └── empty
+├── latest
+│   ├── .env
+│   ├── docker-compose-ce.yml
+│   └── docker-compose-ee.yml├── empty
 ├── images
 │   ├── alfresco
 │   │   ├── Dockerfile
@@ -42,7 +44,7 @@ $ tree generators/app/templates/
 │   │       └── sharding-share-config-custom.xml
 │   └── zeppelin
 │       └── Dockerfile
-└── keystores
+└── keystores :: 6.x / 7.x
     ├── alfresco
     ├── client
     ├── solr
@@ -50,8 +52,8 @@ $ tree generators/app/templates/
 ```
 
 * `.env` includes default values for Docker Compose environment variables
-* `docker-compose-ce.yml` is the base Docker Compose Template for Alfresco Community deployment (for ACS 6.2 and ACS 6.1)
-* `docker-compose-ee.yml` is the base Docker Compose Template for Alfresco Enterprise deployment (for ACS 6.2 and ACS 6.1)
+* `docker-compose-ce.yml` is the base Docker Compose Template for Alfresco Community deployment (for latest, ACS 6.2 and ACS 6.1)
+* `docker-compose-ee.yml` is the base Docker Compose Template for Alfresco Enterprise deployment (for latest, ACS 6.2 and ACS 6.1)
 * `alfresco` includes a Dockerfile template to start Alfresco Repository
   * `model` includes a default content model (Sharding Explicit Routing or empty). This `empty` file is required for Dockerfile to work, so it should not be deleted.
 * `share` includes a Dockerfile template to start Share Web Application
@@ -59,7 +61,7 @@ $ tree generators/app/templates/
 * `search` includes a Dockerfile template to start Search Services and Insight Engine
 * `config` includes configuration for HTTP Web Proxy (NGINX)
 * `zeppelin` includes a Dockerfile template to start Zeppelin with SSL
-* `keystores` includes every truststore and keystore required for SSL configuration
+* `keystores` includes every truststore and keystore required for SSL configuration. Included different stores for ACS 6.x and ACS 7.x, as there were changes between this versions
 
 
 ## Installation
@@ -80,15 +82,17 @@ $ yo alfresco-docker-compose
 
 ## ACS Version
 
-Currently supported ACS Versions are `6.2` and `6.1`
+Currently supported ACS Versions are `latest`, `6.2` and `6.1`
 
 This is the first choice to be selected when the generator is executed.
 
 ```
 ? Which ACS version do you want to use?
   6.1
-❯ 6.2
+  6.2
+❯ latest
 ```
+
 ## AGS Version
 
 Currently supported AGS Version is `latest` (based in ACS 6.1).
@@ -197,7 +201,7 @@ $ yo alfresco-docker-compose --acsVersion=6.2 --alfrescoVersion=community --http
 
 **Parameter names reference**
 
-`--acsVersion`: default 6.2, but could be set to 6.1
+`--acsVersion`: default latest, but could be set to 6.2 or 6.1
 `--ags:`: only available when acsVersion=6.1
 `--alfrescoVersion`: community or enterprise
 `--httpMode`: http or https

e2e-test/generator-alfresco-docker-compose/generators/app/index.js

@@ -21,8 +21,8 @@ module.exports = class extends Generator {
         type: 'list',
         name: 'acsVersion',
         message: 'Which ACS version do you want to use?',
-        choices: [ "6.1", "6.2" ],
-        default: '6.2'
+        choices: [ '6.1', '6.2', 'latest' ],
+        default: 'latest'
       },
       {
         whenFunction: response => response.acsVersion == '6.1',
@@ -143,10 +143,8 @@ module.exports = class extends Generator {
   // Generate boilerplate from "templates" folder
   writing() {
 
-    var dockerComposeTemplateDirectory = '6.2';
-    if (this.props.acsVersion.startsWith('6.1')) {
-      dockerComposeTemplateDirectory = '6.1';
-    }
+    // Set base template directory: 6.1, 6.2, latest
+    var dockerComposeTemplateDirectory = this.props.acsVersion;
 
     // Docker Compose environment variables values
     this.fs.copyTpl(
@@ -181,10 +179,10 @@ module.exports = class extends Generator {
       (this.props.alfrescoVersion == 'community' ?
         (this.props.ags ? 
           'alfresco/alfresco-governance-share-community' :
-          'alfresco/alfresco-share') :
+          'quay.io/alfresco/alfresco-share') :
         (this.props.ags ? 
           'quay.io/alfresco/alfresco-governance-share-enterprise':
-          'alfresco/alfresco-share'
+          'quay.io/alfresco/alfresco-share'
         )
       );
 
@@ -297,21 +295,22 @@ module.exports = class extends Generator {
 
     // Add resources for SSL configuration
     if (this.props.httpMode == 'https') {
+      var subfolder = this.props.acsVersion == 'latest' ? '7.x' : '6.x'
       this.fs.copy(
-        this.templatePath('keystores/alfresco'),
+        this.templatePath('keystores/' + subfolder + '/alfresco'),
         this.destinationPath('keystores/alfresco')
       )
       this.fs.copy(
-        this.templatePath('keystores/solr'),
+        this.templatePath('keystores/' + subfolder + '/solr'),
         this.destinationPath('keystores/solr')
       )
       this.fs.copy(
-        this.templatePath('keystores/client'),
+        this.templatePath('keystores/' + subfolder + '/client'),
         this.destinationPath('keystores/client')
       )
       if (this.props.zeppelin == true) {
         this.fs.copy(
-          this.templatePath('keystores/zeppelin'),
+          this.templatePath('keystores/' + subfolder + '/zeppelin'),
           this.destinationPath('keystores/zeppelin')
         )
       }

e2e-test/generator-alfresco-docker-compose/generators/app/templates/images/search/Dockerfile

@@ -32,16 +32,29 @@ ENV TRUSTSTORE_TYPE $TRUSTSTORE_TYPE
 ARG KEYSTORE_TYPE
 ENV KEYSTORE_TYPE $KEYSTORE_TYPE
 
+# Passwords using Env Vars
+ARG PASSWORDS_AS_ENV_VARS
+ENV PASSWORDS_AS_ENV_VARS $PASSWORDS_AS_ENV_VARS
+
 # Set SSL properties
 RUN if [ "$ALFRESCO_COMMS" == "https" ] ; then \
-    sed -i '/^bash.*/i \
-    sed -i "'"s/alfresco.encryption.ssl.keystore.location=.*/alfresco.encryption.ssl.keystore.location=\\\/opt\\\/<%=searchPath%>\\\/keystore\\\/ssl.repo.client.keystore/g"'" ${DIST_DIR}/solrhome/templates/rerank/conf/solrcore.properties && \
-    sed -i "'"s/alfresco.encryption.ssl.keystore.passwordFileLocation=.*/alfresco.encryption.ssl.keystore.passwordFileLocation=\\\/opt\\\/<%=searchPath%>\\\/keystore\\\/ssl-keystore-passwords.properties/g"'" ${DIST_DIR}/solrhome/templates/rerank/conf/solrcore.properties && \
-    sed -i "'"s/alfresco.encryption.ssl.keystore.type=.*/alfresco.encryption.ssl.keystore.type=${KEYSTORE_TYPE}/g"'" ${DIST_DIR}/solrhome/templates/rerank/conf/solrcore.properties && \
-    sed -i "'"s/alfresco.encryption.ssl.truststore.location=.*/alfresco.encryption.ssl.truststore.location=\\\/opt\\\/<%=searchPath%>\\\/keystore\\\/ssl.repo.client.truststore/g"'" ${DIST_DIR}/solrhome/templates/rerank/conf/solrcore.properties && \
-    sed -i "'"s/alfresco.encryption.ssl.truststore.passwordFileLocation=.*/alfresco.encryption.ssl.truststore.passwordFileLocation=\\\/opt\\\/<%=searchPath%>\\\/keystore\\\/ssl-truststore-passwords.properties/g"'" ${DIST_DIR}/solrhome/templates/rerank/conf/solrcore.properties && \
-    sed -i "'"s/alfresco.encryption.ssl.truststore.type=.*/alfresco.encryption.ssl.truststore.type=${TRUSTSTORE_TYPE}/g"'" ${DIST_DIR}/solrhome/templates/rerank/conf/solrcore.properties' \
-    ${DIST_DIR}/solr/bin/search_config_setup.sh; \
+    if [ "$PASSWORDS_AS_ENV_VARS" == "true" ]; then \
+      sed -i '/^bash.*/i \
+      sed -i "'"s/alfresco.encryption.ssl.keystore.location=.*/alfresco.encryption.ssl.keystore.location=\\\/opt\\\/<%=searchPath%>\\\/keystore\\\/ssl-repo-client.keystore/g"'" ${DIST_DIR}/solrhome/templates/rerank/conf/solrcore.properties && \
+      sed -i "'"s/alfresco.encryption.ssl.keystore.type=.*/alfresco.encryption.ssl.keystore.type=${KEYSTORE_TYPE}/g"'" ${DIST_DIR}/solrhome/templates/rerank/conf/solrcore.properties && \
+      sed -i "'"s/alfresco.encryption.ssl.truststore.location=.*/alfresco.encryption.ssl.truststore.location=\\\/opt\\\/<%=searchPath%>\\\/keystore\\\/ssl-repo-client.truststore/g"'" ${DIST_DIR}/solrhome/templates/rerank/conf/solrcore.properties && \
+      sed -i "'"s/alfresco.encryption.ssl.truststore.type=.*/alfresco.encryption.ssl.truststore.type=${TRUSTSTORE_TYPE}/g"'" ${DIST_DIR}/solrhome/templates/rerank/conf/solrcore.properties' \
+      ${DIST_DIR}/solr/bin/search_config_setup.sh; \
+    else \
+      sed -i '/^bash.*/i \
+      sed -i "'"s/alfresco.encryption.ssl.keystore.location=.*/alfresco.encryption.ssl.keystore.location=\\\/opt\\\/<%=searchPath%>\\\/keystore\\\/ssl.repo.client.keystore/g"'" ${DIST_DIR}/solrhome/templates/rerank/conf/solrcore.properties && \
+      sed -i "'"s/alfresco.encryption.ssl.keystore.passwordFileLocation=.*/alfresco.encryption.ssl.keystore.passwordFileLocation=\\\/opt\\\/<%=searchPath%>\\\/keystore\\\/ssl-keystore-passwords.properties/g"'" ${DIST_DIR}/solrhome/templates/rerank/conf/solrcore.properties && \
+      sed -i "'"s/alfresco.encryption.ssl.keystore.type=.*/alfresco.encryption.ssl.keystore.type=${KEYSTORE_TYPE}/g"'" ${DIST_DIR}/solrhome/templates/rerank/conf/solrcore.properties && \
+      sed -i "'"s/alfresco.encryption.ssl.truststore.location=.*/alfresco.encryption.ssl.truststore.location=\\\/opt\\\/<%=searchPath%>\\\/keystore\\\/ssl.repo.client.truststore/g"'" ${DIST_DIR}/solrhome/templates/rerank/conf/solrcore.properties && \
+      sed -i "'"s/alfresco.encryption.ssl.truststore.passwordFileLocation=.*/alfresco.encryption.ssl.truststore.passwordFileLocation=\\\/opt\\\/<%=searchPath%>\\\/keystore\\\/ssl-truststore-passwords.properties/g"'" ${DIST_DIR}/solrhome/templates/rerank/conf/solrcore.properties && \
+      sed -i "'"s/alfresco.encryption.ssl.truststore.type=.*/alfresco.encryption.ssl.truststore.type=${TRUSTSTORE_TYPE}/g"'" ${DIST_DIR}/solrhome/templates/rerank/conf/solrcore.properties' \
+      ${DIST_DIR}/solr/bin/search_config_setup.sh; \
+    fi \
 fi
 
 # REPLICATION

e2e-test/generator-alfresco-docker-compose/generators/app/templates/latest/.env

@@ -0,0 +1,14 @@
+ALFRESCO_TAG=latest
+ALFRESCO_CE_TAG=latest
+SHARE_TAG=latest
+POSTGRES_TAG=11.4
+TRANSFORM_ROUTER_TAG=1.2.0
+TRANSFORM_CORE_AIO_TAG=2.2.1
+SHARED_FILE_STORE_TAG=0.7.0
+ACTIVE_MQ_TAG=5.15.8
+DIGITAL_WORKSPACE_TAG=1.5.0
+ACS_NGINX_TAG=3.0.1
+ACS_COMMUNITY_NGINX_TAG=1.0.0
+SEARCH_TAG=latest
+ZEPPELIN_TAG=latest
+ACA_TAG=master-latest

e2e-test/generator-alfresco-docker-compose/generators/app/templates/latest/docker-compose-ce.yml

@@ -0,0 +1,206 @@
+# Using version 2 as 3 does not support resource constraint options (cpu_*, mem_* limits) for non swarm mode in Compose
+version: "2"
+
+services:
+
+    alfresco:
+        build:
+          context: ./alfresco
+          args:
+            ALFRESCO_TAG: ${ALFRESCO_CE_TAG}
+            SOLR_COMMS: <%=secureComms%> <% if (httpMode == 'https') { %>
+            TRUSTSTORE_TYPE: JCEKS
+            TRUSTSTORE_PASS: kT9X6oe68t
+            KEYSTORE_TYPE: JCEKS
+            KEYSTORE_PASS: kT9X6oe68t <% } %>
+            COMPRESS_CONTENT: "<%=gzip%>"
+        mem_limit: 1800m
+        environment:
+            JAVA_OPTS : "
+                -Ddb.driver=org.postgresql.Driver
+                -Ddb.username=alfresco
+                -Ddb.password=alfresco
+                -Ddb.url=jdbc:postgresql://postgres:5432/alfresco
+                -Dsolr.host=<%=searchSolrHost%>
+                -Dsolr.port.ssl=8983
+                -Dsolr.secureComms=<%=secureComms%>
+                -Dsolr.baseUrl=/solr
+                -Dindex.subsystem.name=solr6
+                -Dshare.host=localhost
+                -Dalfresco.port=8080
+                -Daos.baseUrlOverwrite=http://localhost:8080/alfresco/aos
+                -Dmessaging.broker.url=\"failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true\"
+                -Ddeployment.method=DOCKER_COMPOSE
+
+                -DlocalTransform.core-aio.url=http://transform-core-aio:8090/
+                -Dalfresco-pdf-renderer.url=http://transform-core-aio:8090/
+                -Djodconverter.url=http://transform-core-aio:8090/
+                -Dimg.url=http://transform-core-aio:8090/
+                -Dtika.url=http://transform-core-aio:8090/
+                -Dtransform.misc.url=http://transform-core-aio:8090/
+
+                -Dcsrf.filter.enabled=false
+                -Dalfresco.restApi.basicAuthScheme=true
+                -Xms1500m -Xmx1500m
+                " <% if (httpMode == 'https') { %>
+        ports:
+            - 8443:8443
+        volumes:
+            - ./keystores/alfresco:/usr/local/tomcat/alf_data/keystore <% } %>
+
+    solr6:
+        build:
+          context: ./search
+          args:
+            SEARCH_TAG: ${SEARCH_TAG}
+            SOLR_HOSTNAME: solr6
+            ALFRESCO_HOSTNAME: alfresco
+            ALFRESCO_COMMS: <%=secureComms%> <% if (httpMode == 'https') { %>
+            TRUSTSTORE_TYPE: JCEKS
+            KEYSTORE_TYPE: JCEKS <% } %> <% if (replication) { %>
+            ENABLE_MASTER: "true"
+            ENABLE_SLAVE: "false" <% } %>
+            COMPRESS_CONTENT: "<%=gzip%>"
+        mem_limit: 1200m
+        environment:
+            #Solr needs to know how to register itself with Alfresco
+            SOLR_ALFRESCO_HOST: "alfresco"
+            SOLR_ALFRESCO_PORT: "<%=alfrescoPort%>"
+            ALFRESCO_SECURE_COMMS: <%=secureComms%>
+            #Alfresco needs to know how to call solr
+            SOLR_SOLR_HOST: "solr6"
+            SOLR_SOLR_PORT: "8983"
+            #Create the default alfresco and archive cores
+            SOLR_CREATE_ALFRESCO_DEFAULTS: "alfresco,archive"
+            SOLR_JAVA_MEM: "-Xms1g -Xmx1g" <% if (httpMode == 'https') { %>
+            SOLR_SSL_TRUST_STORE: "/opt/<%=searchPath%>/keystore/ssl.repo.client.truststore"
+            SOLR_SSL_TRUST_STORE_PASSWORD: "kT9X6oe68t"
+            SOLR_SSL_TRUST_STORE_TYPE: "JCEKS"
+            SOLR_SSL_KEY_STORE: "/opt/<%=searchPath%>/keystore/ssl.repo.client.keystore"
+            SOLR_SSL_KEY_STORE_PASSWORD: "kT9X6oe68t"
+            SOLR_SSL_KEY_STORE_TYPE: "JCEKS"
+            SOLR_SSL_NEED_CLIENT_AUTH: "true"
+            SOLR_OPTS: "
+                -Dsolr.ssl.checkPeerName=false
+                -Dsolr.allow.unsafe.resourceloading=true
+            " <% } %>
+        ports:
+            - 8083:8983 <% if (httpMode == 'https') { %>
+        volumes:
+            - ./keystores/solr:/opt/<%=searchPath%>/keystore <% } %>
+
+    <% if (replication) { %>
+    solr6secondary:
+        build:
+          context: ./search
+          args:
+            SEARCH_TAG: ${SEARCH_TAG}
+            SOLR_HOSTNAME: solr6secondary
+            ALFRESCO_HOSTNAME: alfresco
+            ALFRESCO_COMMS: <%=secureComms%> <% if (httpMode == 'https') { %>
+            TRUSTSTORE_TYPE: JCEKS
+            KEYSTORE_TYPE: JCEKS <% } %> <% if (replication) { %>
+            ENABLE_MASTER: <% if (replication == 'master-master') { %>"true"<% } else { %>"false"<% } %>
+            ENABLE_SLAVE: <% if (replication == 'master-master') { %>"false"<% } else { %>"true"<% } %>
+            MASTER_HOST: solr6 <% } %>
+            COMPRESS_CONTENT: "<%=gzip%>"
+        mem_limit: 1200m
+        environment:
+            #Solr needs to know how to register itself with Alfresco
+            SOLR_ALFRESCO_HOST: "alfresco"
+            SOLR_ALFRESCO_PORT: "<%=alfrescoPort%>"
+            ALFRESCO_SECURE_COMMS: <%=secureComms%>
+            #Alfresco needs to know how to call solr
+            SOLR_SOLR_HOST: "solr6secondary"
+            SOLR_SOLR_PORT: "8983"
+            #Create the default alfresco and archive cores
+            SOLR_CREATE_ALFRESCO_DEFAULTS: "alfresco,archive"
+            SOLR_JAVA_MEM: "-Xms1g -Xmx1g" <% if (httpMode == 'https') { %>
+            SOLR_SSL_TRUST_STORE: "/opt/<%=searchPath%>/keystore/ssl.repo.client.truststore"
+            SOLR_SSL_TRUST_STORE_PASSWORD: "kT9X6oe68t"
+            SOLR_SSL_TRUST_STORE_TYPE: "JCEKS"
+            SOLR_SSL_KEY_STORE: "/opt/<%=searchPath%>/keystore/ssl.repo.client.keystore"
+            SOLR_SSL_KEY_STORE_PASSWORD: "kT9X6oe68t"
+            SOLR_SSL_KEY_STORE_TYPE: "JCEKS"
+            SOLR_SSL_NEED_CLIENT_AUTH: "true"
+            SOLR_OPTS: "
+                -Dsolr.ssl.checkPeerName=false
+                -Dsolr.allow.unsafe.resourceloading=true
+            " <% } %>
+        ports:
+            - 8084:8983  <% if (httpMode == 'https') { %>
+        volumes:
+            - ./keystores/solr:/opt/<%=searchPath%>/keystore <% } %>
+    <% } %>
+
+    transform-core-aio:
+        image: alfresco/alfresco-transform-core-aio:${TRANSFORM_CORE_AIO_TAG}
+        mem_limit: 1536m
+        environment:
+            JAVA_OPTS: " -Xms256m -Xmx1536m"
+        ports:
+            - 8090:8090
+
+    share:
+        build:
+          context: ./share
+          args:
+            SHARE_TAG: ${SHARE_TAG}
+        mem_limit: 1g
+        environment:
+            REPO_HOST: "alfresco"
+            REPO_PORT: "8080"
+            JAVA_OPTS: "
+                -Xms500m
+                -Xmx500m
+                -Dalfresco.host=localhost
+                -Dalfresco.port=8080
+                -Dalfresco.context=alfresco
+                -Dalfresco.protocol=http
+                "
+
+    postgres:
+        image: postgres:${POSTGRES_TAG}
+        mem_limit: 512m
+        environment:
+            - POSTGRES_PASSWORD=alfresco
+            - POSTGRES_USER=alfresco
+            - POSTGRES_DB=alfresco
+        command: postgres -c max_connections=300 -c log_min_messages=LOG
+        ports:
+            - 5432:5432
+
+    activemq:
+        image: alfresco/alfresco-activemq:${ACTIVE_MQ_TAG}
+        mem_limit: 1g
+        ports:
+            - 8161:8161 # Web Console
+            - 5672:5672 # AMQP
+            - 61616:61616 # OpenWire
+            - 61613:61613 # STOMP
+
+    content-app:
+        image: alfresco/alfresco-content-app:${ACA_TAG}
+        mem_limit: 256m
+        depends_on:
+            - alfresco
+
+    # HTTP proxy to provide HTTP Default port access to services
+    # SOLR API and SOLR Web Console are protected to avoid unauthenticated access
+    proxy:
+        image: nginx:stable-alpine
+        mem_limit: 128m
+        depends_on:
+            - alfresco
+        volumes:
+            - ./config/nginx.conf:/etc/nginx/nginx.conf
+            - ./config/nginx.htpasswd:/etc/nginx/conf.d/nginx.htpasswd <% if (httpWebMode == 'https') { %>
+            - ./config/cert/localhost.cer:/etc/nginx/localhost.cer
+            - ./config/cert/localhost.key:/etc/nginx/localhost.key <% } %>
+        ports:
+            - <%=port%>:<%=port%>  
+        links:
+            - alfresco
+            - share
+            - solr6
+            - content-app

e2e-test/generator-alfresco-docker-compose/generators/app/templates/latest/docker-compose-ee.yml

@@ -0,0 +1,338 @@
+# Using version 2 as 3 does not support resource constraint options (cpu_*, mem_* limits) for non swarm mode in Compose
+version: "2"
+
+services:
+    alfresco:
+        build:
+          context: ./alfresco
+          args:
+            ALFRESCO_TAG: ${ALFRESCO_TAG}
+            SOLR_COMMS: <%=secureComms%> <% if (httpMode == 'https') { %>
+            TRUSTSTORE_TYPE: JCEKS
+            TRUSTSTORE_PASS: kT9X6oe68t
+            KEYSTORE_TYPE: JCEKS
+            KEYSTORE_PASS: kT9X6oe68t <% } %>
+            COMPRESS_CONTENT: "<%=gzip%>"
+        mem_limit: 1800m
+        environment:
+            JAVA_OPTS: "
+                -Ddb.driver=org.postgresql.Driver
+                -Ddb.username=alfresco
+                -Ddb.password=alfresco
+                -Ddb.url=jdbc:postgresql://postgres:5432/alfresco
+                -Dsolr.host=<%=searchSolrHost%>
+                -Dsolr.port.ssl=8983
+                -Dsolr.secureComms=<%=secureComms%>
+                -Dsolr.baseUrl=/solr <% if (sharding == 'true') { %>
+                -Dsolr.useDynamicShardRegistration=true <% } %>
+                -Dindex.subsystem.name=solr6
+                
+                -Daos.baseUrlOverwrite=http://localhost:8080/alfresco/aos
+                -Dmessaging.broker.url=\"failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true\"
+                -Ddeployment.method=DOCKER_COMPOSE
+
+                -Dmetadata-keystore.password=mp6yc0UD9e
+                -Dmetadata-keystore.aliases=metadata
+                -Dmetadata-keystore.metadata.password=mp6yc0UD9e
+                -Dmetadata-keystore.metadata.algorithm=AES <% if (httpMode == 'https') { %>
+                -Dencryption.keystore.type=pkcs12 
+                -Dencryption.cipherAlgorithm=AES/CBC/PKCS5Padding
+                -Dencryption.keyAlgorithm=AES <% } %>      
+
+                -Dtransform.service.enabled=true
+                -Dtransform.service.url=http://transform-router:8095
+                -Dsfs.url=http://shared-file-store:8099/
+                -DlocalTransform.core-aio.url=http://transform-core-aio:8090/
+                -Dalfresco-pdf-renderer.url=http://transform-core-aio:8090/
+                -Djodconverter.url=http://transform-core-aio:8090/
+                -Dimg.url=http://transform-core-aio:8090/
+                -Dtika.url=http://transform-core-aio:8090/
+                -Dtransform.misc.url=http://transform-core-aio:8090/
+
+                -Dcsrf.filter.enabled=false
+                -Dalfresco.restApi.basicAuthScheme=true
+                -Xms1500m -Xmx1500m
+                <% if (httpMode == 'https') { %>
+                -Dssl-keystore.password=kT9X6oe68t
+                -Dssl-keystore.aliases=ssl-alfresco-ca,ssl-repo
+                -Dssl-keystore.ssl-alfresco-ca.password=kT9X6oe68t
+                -Dssl-keystore.ssl-repo.password=kT9X6oe68t
+                -Dssl-truststore.password=kT9X6oe68t 
+                -Dssl-truststore.aliases=alfresco-ca,ssl-repo-client
+                -Dssl-truststore.alfresco-ca.password=kT9X6oe68t
+                -Dssl-truststore.ssl-repo-client.password=kT9X6oe68t <% } %>
+                " <% if (httpMode == 'https') { %>
+        ports:
+            - 8443:8443
+        volumes:
+            - ./keystores/alfresco:/usr/local/tomcat/alf_data/keystore <% } %>
+
+    solr6:
+        build:
+          context: ./search
+          args:
+            SEARCH_TAG: ${SEARCH_TAG}
+            SOLR_HOSTNAME: solr6
+            ALFRESCO_HOSTNAME: alfresco
+            ALFRESCO_COMMS: <%=secureComms%> <% if (httpMode == 'https') { %>
+            TRUSTSTORE_TYPE: JCEKS
+            KEYSTORE_TYPE: JCEKS 
+            PASSWORDS_AS_ENV_VARS: "true" <% } %> <% if (replication) { %>
+            ENABLE_MASTER: "true"
+            ENABLE_SLAVE: "false" <% } %> <% if (sharding == 'true') { %>
+            ENABLE_SHARDING: "true"
+            NUM_SHARDS: "2"
+            SHARD_ID: "0" <% if (shardingMethod == 'DB_ID_RANGE') { %>
+            SHARD_RANGE: "0-800" <% } %> <% if (shardingMethod == 'DATE') { %>
+            SHARD_KEY: "cm:created"
+            SHARD_DATE_GROUPING: "2" <% } %> <% if (shardingMethod == 'PROPERTY') { %>
+            SHARD_KEY: "shard:shardId" <% } %> <% if (shardingMethod == 'EXPLICIT_ID' || shardingMethod == 'EXPLICIT_ID_FALLBACK_LRIS') { %>
+            SHARD_KEY: "shard:shardId" <% } %>
+            SHARDING_METHOD: <%=shardingMethod%> <% } %>
+            COMPRESS_CONTENT: "<%=gzip%>"
+        mem_limit: 1200m
+        environment:
+            #Solr needs to know how to register itself with Alfresco
+            SOLR_ALFRESCO_HOST: "alfresco"
+            SOLR_ALFRESCO_PORT: "<%=alfrescoPort%>"
+            ALFRESCO_SECURE_COMMS: <%=secureComms%>
+            #Alfresco needs to know how to call solr
+            SOLR_SOLR_HOST: "solr6"
+            SOLR_SOLR_PORT: "8983"
+            #Create the default alfresco and archive cores
+            SOLR_CREATE_ALFRESCO_DEFAULTS: "alfresco,archive"
+            SOLR_JAVA_MEM: "-Xms1g -Xmx1g" <% if (httpMode == 'https') { %>
+            SOLR_SSL_TRUST_STORE: "/opt/<%=searchPath%>/keystore/ssl-repo-client.truststore"
+            SOLR_SSL_TRUST_STORE_PASSWORD: "kT9X6oe68t"
+            SOLR_SSL_TRUST_STORE_TYPE: "JCEKS"
+            SOLR_SSL_KEY_STORE: "/opt/<%=searchPath%>/keystore/ssl-repo-client.keystore"
+            SOLR_SSL_KEY_STORE_PASSWORD: "kT9X6oe68t"
+            SOLR_SSL_KEY_STORE_TYPE: "JCEKS"
+            SOLR_SSL_NEED_CLIENT_AUTH: "true" <% if (sharding == 'true') { %>
+            SOLR_SSL_CLIENT_KEY_STORE: "/opt/<%=searchPath%>/keystore/ssl-repo-client.keystore"
+            SOLR_SSL_CLIENT_KEY_STORE_PASSWORD: "kT9X6oe68t"
+            SOLR_SSL_CLIENT_KEY_STORE_TYPE: "JCEKS"
+            SOLR_SSL_CLIENT_TRUST_STORE: "/opt/<%=searchPath%>/keystore/ssl-repo-client.keystore"
+            SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD: "kT9X6oe68t"
+            SOLR_SSL_CLIENT_TRUST_STORE_TYPE: "JCEKS" <% } %>
+            SOLR_OPTS: "
+                -Dsolr.ssl.checkPeerName=false
+                -Dsolr.allow.unsafe.resourceloading=true
+                -Dssl-keystore.password=kT9X6oe68t
+                -Dssl-keystore.aliases=ssl-alfresco-ca,ssl-repo-client
+                -Dssl-keystore.ssl-alfresco-ca.password=kT9X6oe68t
+                -Dssl-keystore.ssl-repo-client.password=kT9X6oe68t
+                -Dssl-truststore.password=kT9X6oe68t
+                -Dssl-truststore.aliases=ssl-alfresco-ca,ssl-repo,ssl-repo-client
+                -Dssl-truststore.ssl-alfresco-ca.password=kT9X6oe68t
+                -Dssl-truststore.ssl-repo.password=kT9X6oe68t
+                -Dssl-truststore.ssl-repo-client.password=kT9X6oe68t      
+            " <% } %>
+        ports:
+            - 8083:8983 <% if (httpMode == 'https') { %>
+        volumes:
+            - ./keystores/solr:/opt/<%=searchPath%>/keystore <% } %>
+
+    <% if (sharding == 'true' || replication) { %>
+    solr6secondary:
+        build:
+          context: ./search
+          args:
+            SEARCH_TAG: ${SEARCH_TAG}
+            SOLR_HOSTNAME: solr6secondary
+            ALFRESCO_HOSTNAME: alfresco
+            ALFRESCO_COMMS: <%=secureComms%> <% if (httpMode == 'https') { %>
+            TRUSTSTORE_TYPE: JCEKS
+            KEYSTORE_TYPE: JCEKS 
+            PASSWORDS_AS_ENV_VARS: "true"  <% } %> <% if (replication) { %>
+            ENABLE_MASTER: <% if (replication == 'master-master') { %>"true"<% } else { %>"false"<% } %>
+            ENABLE_SLAVE: <% if (replication == 'master-master') { %>"false"<% } else { %>"true"<% } %>
+            MASTER_HOST: solr6 <% } %> <% if (sharding == 'true') { %>
+            ENABLE_SHARDING: "true"
+            NUM_SHARDS: "2"
+            SHARD_ID: "1" <% if (shardingMethod == 'DB_ID_RANGE') { %>
+            SHARD_RANGE: "801-40000" <% } %> <% if (shardingMethod == 'DATE') { %>
+            SHARD_KEY: "cm:created"
+            SHARD_DATE_GROUPING: "2" <% } %> <% if (shardingMethod == 'PROPERTY') { %>
+            SHARD_KEY: "shard:shardId" <% } %> <% if (shardingMethod == 'EXPLICIT_ID' || shardingMethod == 'EXPLICIT_ID_FALLBACK_LRIS') { %>
+            SHARD_KEY: "shard:shardId" <% } %>
+            SHARDING_METHOD: <%=shardingMethod%> <% } %>
+            COMPRESS_CONTENT: "<%=gzip%>"
+        mem_limit: 1200m
+        environment:
+            #Solr needs to know how to register itself with Alfresco
+            SOLR_ALFRESCO_HOST: "alfresco"
+            SOLR_ALFRESCO_PORT: "<%=alfrescoPort%>"
+            ALFRESCO_SECURE_COMMS: <%=secureComms%>
+            #Alfresco needs to know how to call solr
+            SOLR_SOLR_HOST: "solr6secondary"
+            SOLR_SOLR_PORT: "8983"
+            #Create the default alfresco and archive cores
+            SOLR_CREATE_ALFRESCO_DEFAULTS: "alfresco,archive"
+            SOLR_JAVA_MEM: "-Xms1g -Xmx1g" <% if (httpMode == 'https') { %>
+            SOLR_SSL_TRUST_STORE: "/opt/<%=searchPath%>/keystore/ssl-repo-client.truststore"
+            SOLR_SSL_TRUST_STORE_PASSWORD: "kT9X6oe68t"
+            SOLR_SSL_TRUST_STORE_TYPE: "JCEKS"
+            SOLR_SSL_KEY_STORE: "/opt/<%=searchPath%>/keystore/ssl-repo-client.keystore"
+            SOLR_SSL_KEY_STORE_PASSWORD: "kT9X6oe68t"
+            SOLR_SSL_KEY_STORE_TYPE: "JCEKS"
+            SOLR_SSL_NEED_CLIENT_AUTH: "true" <% if (sharding == 'true') { %>
+            SOLR_SSL_CLIENT_KEY_STORE: "/opt/<%=searchPath%>/keystore/ssl-repo-client.keystore"
+            SOLR_SSL_CLIENT_KEY_STORE_PASSWORD: "kT9X6oe68t"
+            SOLR_SSL_CLIENT_KEY_STORE_TYPE: "JCEKS"
+            SOLR_SSL_CLIENT_TRUST_STORE: "/opt/<%=searchPath%>/keystore/ssl-repo-client.keystore"
+            SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD: "kT9X6oe68t"
+            SOLR_SSL_CLIENT_TRUST_STORE_TYPE: "JCEKS" <% } %>
+            SOLR_OPTS: "
+                -Dsolr.ssl.checkPeerName=false
+                -Dsolr.allow.unsafe.resourceloading=true
+                -Dssl-keystore.password=kT9X6oe68t
+                -Dssl-keystore.aliases=ssl-alfresco-ca,ssl-repo-client
+                -Dssl-keystore.ssl-alfresco-ca.password=kT9X6oe68t
+                -Dssl-keystore.ssl-repo-client.password=kT9X6oe68t
+                -Dssl-truststore.password=kT9X6oe68t
+                -Dssl-truststore.aliases=ssl-alfresco-ca,ssl-repo,ssl-repo-client
+                -Dssl-truststore.ssl-alfresco-ca.password=kT9X6oe68t
+                -Dssl-truststore.ssl-repo.password=kT9X6oe68t
+                -Dssl-truststore.ssl-repo-client.password=kT9X6oe68t
+            " <% } %>
+        ports:
+            - 8084:8983  <% if (httpMode == 'https') { %>
+        volumes:
+            - ./keystores/solr:/opt/<%=searchPath%>/keystore <% } %>
+    <% } %>
+
+    <% if (zeppelin == 'true') { %>
+    zeppelin:
+        build:
+          context: ./zeppelin
+          args:
+            ZEPPELIN_TAG: ${ZEPPELIN_TAG}
+            ALFRESCO_COMMS: <%=secureComms%>
+        mem_limit: 768m
+        environment: <% if (httpMode == 'https') { %>
+            REPO_PROTOCOL: "https" <% } %>
+            REPO_HOST: "alfresco"
+            REPO_PORT: "<%=alfrescoPort%>" <% if (httpMode == 'https') { %>
+            JAVA_OPTS: "
+                -Dalfresco.enable.ssl=true
+                -Dsolr.ssl.checkPeerName=false
+                -Djavax.net.ssl.keyStore=/zeppelin/keystore/ssl.repo.client.keystore
+                -Djavax.net.ssl.keyStorePassword=kT9X6oe68t
+                -Djavax.net.ssl.keyStoreType=JCEKS
+                -Djavax.net.ssl.trustStore=/zeppelin/keystore/ssl.repo.client.truststore
+                -Djavax.net.ssl.trustStorePassword=kT9X6oe68t
+                -Djavax.net.ssl.trustStoreType=JCEKS
+            " <% } %>
+        ports:
+            - 9090:9090 <% if (httpMode == 'https') { %>
+        volumes:
+            - ./keystores/zeppelin:/zeppelin/keystore <% } %>
+    <% } %>
+
+    transform-router:
+        mem_limit: 512m
+        image: quay.io/alfresco/alfresco-transform-router:${TRANSFORM_ROUTER_TAG}
+        environment:
+          JAVA_OPTS: " -Xms256m -Xmx512m"
+          ACTIVEMQ_URL: "nio://activemq:61616"
+          CORE_AIO_URL : "http://transform-core-aio:8090"
+          FILE_STORE_URL: "http://shared-file-store:8099/alfresco/api/-default-/private/sfs/versions/1/file"
+        ports:
+            - 8095:8095
+        links:
+          - activemq
+
+    transform-core-aio:
+        image: alfresco/alfresco-transform-core-aio:${TRANSFORM_CORE_AIO_TAG}
+        mem_limit: 1536m
+        environment:
+            JAVA_OPTS: " -Xms256m -Xmx1536m"
+            ACTIVEMQ_URL: "nio://activemq:61616"
+            FILE_STORE_URL: "http://shared-file-store:8099/alfresco/api/-default-/private/sfs/versions/1/file"
+        ports:
+            - 8090:8090
+        links:
+        - activemq    
+
+    shared-file-store:
+        image: alfresco/alfresco-shared-file-store:${SHARED_FILE_STORE_TAG}
+        mem_limit: 512m
+        environment:
+            JAVA_OPTS: " -Xms256m -Xmx512m"
+            scheduler.content.age.millis: 86400000
+            scheduler.cleanup.interval: 86400000
+        ports:
+            - 8099:8099
+        volumes:
+            - shared-file-store-volume:/tmp/Alfresco/sfs
+
+    share:
+        build:
+          context: ./share
+          args:
+            SHARE_TAG: ${SHARE_TAG}
+        mem_limit: 1g
+        environment:
+            REPO_HOST: "alfresco"
+            REPO_PORT: "8080"
+            JAVA_OPTS: "
+                -Xms500m
+                -Xmx500m
+                -Dalfresco.host=localhost
+                -Dalfresco.port=8080
+                -Dalfresco.context=alfresco
+                -Dalfresco.protocol=http
+                "
+
+    postgres:
+        image: postgres:${POSTGRES_TAG}
+        mem_limit: 512m
+        environment:
+            - POSTGRES_PASSWORD=alfresco
+            - POSTGRES_USER=alfresco
+            - POSTGRES_DB=alfresco
+        command: postgres -c max_connections=300 -c log_min_messages=LOG
+        ports:
+            - 5432:5432
+
+    activemq:
+        image: alfresco/alfresco-activemq:${ACTIVE_MQ_TAG}
+        mem_limit: 1g
+        ports:
+            - 8161:8161 # Web Console
+            - 5672:5672 # AMQP
+            - 61616:61616 # OpenWire
+            - 61613:61613 # STOMP
+
+    content-app:
+        image: quay.io/alfresco/alfresco-digital-workspace:${DIGITAL_WORKSPACE_TAG}
+        mem_limit: 128m
+        environment:
+            BASEPATH: ./
+
+    # HTTP proxy to provide HTTP Default port access to services
+    # SOLR API and SOLR Web Console are protected to avoid unauthenticated access
+    proxy:
+        image: nginx:stable-alpine
+        mem_limit: 128m
+        depends_on:
+            - alfresco
+        volumes:
+            - ./config/nginx.conf:/etc/nginx/nginx.conf
+            - ./config/nginx.htpasswd:/etc/nginx/conf.d/nginx.htpasswd <% if (httpWebMode == 'https') { %>
+            - ./config/cert/localhost.cer:/etc/nginx/localhost.cer
+            - ./config/cert/localhost.key:/etc/nginx/localhost.key <% } %>
+        ports:
+            - <%=port%>:<%=port%>  
+        links:
+            - alfresco
+            - share
+            - solr6
+            - content-app
+
+volumes:
+    shared-file-store-volume:
+        driver_opts:
+            type: tmpfs
+            device: tmpfs