mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-07-24 17:32:48 +00:00
97 lines
4.8 KiB
Docker
97 lines
4.8 KiB
Docker
# More infos about this image: https://github.com/Alfresco/alfresco-docker-base-tomcat
|
|
FROM alfresco/alfresco-base-tomcat:tomcat10-jre17-rockylinux9@sha256:00d89fb84bda7bb37c17b0117adb2cfe4f7cbddcd6c1e42b0a67ea8dbb41a734
|
|
# Set default docker_context.
|
|
ARG resource_path=target
|
|
|
|
# Set default user information
|
|
ARG GROUPNAME=Alfresco
|
|
ARG GROUPID=1000
|
|
ARG IMAGEUSERNAME=alfresco
|
|
ARG USERID=33000
|
|
|
|
# Set default environment args
|
|
ARG TOMCAT_DIR=/usr/local/tomcat
|
|
|
|
# Needed for installation but make sure another USER directive is added after
|
|
# this with a non-root user
|
|
USER root
|
|
|
|
# Create prerequisite to store tools and properties
|
|
RUN mkdir -p ${TOMCAT_DIR}/shared/classes/alfresco/extension/mimetypes && \
|
|
mkdir -p ${TOMCAT_DIR}/shared/classes/alfresco/extension/transform/renditions && \
|
|
mkdir -p ${TOMCAT_DIR}/shared/classes/alfresco/extension/transform/pipelines && \
|
|
mkdir /licenses && \
|
|
mkdir -p ${TOMCAT_DIR}/shared/classes/alfresco/extension/keystore && \
|
|
mkdir ${TOMCAT_DIR}/alfresco-mmt && \
|
|
touch ${TOMCAT_DIR}/shared/classes/alfresco-global.properties
|
|
|
|
# You need to run `mvn clean install` in the root of this project to update the following dependencies
|
|
# Copy the WAR files to the appropriate location for your application server
|
|
# Copy the JDBC drivers for the database you are using to the lib/ directory.
|
|
# Copy the alfresco-mmt.jar
|
|
# Copy Licenses to the root of the Docker image
|
|
# Copy default keystore
|
|
COPY ${resource_path}/war ${TOMCAT_DIR}/webapps
|
|
COPY ${resource_path}/connector/* ${TOMCAT_DIR}/lib/
|
|
COPY ${resource_path}/alfresco-mmt/* ${TOMCAT_DIR}/alfresco-mmt/
|
|
COPY ${resource_path}/dependency/licenses/ /licenses/
|
|
COPY ${resource_path}/dependency/keystore/metadata-keystore/keystore ${TOMCAT_DIR}/shared/classes/alfresco/extension/keystore
|
|
|
|
# Change the value of the shared.loader= property to the following:
|
|
# shared.loader=${catalina.base}/shared/classes
|
|
RUN sed -i "s/shared.loader=/shared.loader=\${catalina.base}\/shared\/classes/" ${TOMCAT_DIR}/conf/catalina.properties
|
|
|
|
RUN mkdir -p ${TOMCAT_DIR}/amps
|
|
|
|
# Copy the amps from build context to the appropriate location for your application server
|
|
COPY ${resource_path}/amps ${TOMCAT_DIR}/amps
|
|
|
|
# Install amps on alfresco.war
|
|
RUN java -jar ${TOMCAT_DIR}/alfresco-mmt/alfresco-mmt*.jar install \
|
|
${TOMCAT_DIR}/amps \
|
|
${TOMCAT_DIR}/webapps/alfresco -directory -nobackup
|
|
|
|
# Move the log file
|
|
RUN sed -i -e "s_appender.rolling.fileName\=alfresco.log_appender.rolling.fileName\=${TOMCAT_DIR}/logs\/alfresco.log_" \
|
|
${TOMCAT_DIR}/webapps/alfresco/WEB-INF/classes/log4j2.properties && \
|
|
sed -i -e "s_appender.rolling.filePattern=alfresco.log.%d{yyyy-MM-dd}_appender.rolling.filePattern\=${TOMCAT_DIR}/logs\/alfresco.log.%d{yyyy-MM-dd}_" \
|
|
${TOMCAT_DIR}/webapps/alfresco/WEB-INF/classes/log4j2.properties && \
|
|
# Add catalina.policy to ROOT.war and alfresco.war
|
|
# Grant all security permissions to alfresco webapp because of numerous permissions required in order to work properly.
|
|
# Grant only deployXmlPermission to ROOT webapp.
|
|
sed -i -e "\$a\grant\ codeBase\ \"file:\$\{catalina.base\}\/webapps\/alfresco\/-\" \{\n\ permission\ java.security.AllPermission\;\n\};\ngrant\ codeBase\ \"file:\$\{catalina.base\}\/webapps\/_vti_bin\/-\" \{\n\ permission\ java.security.AllPermission\;\n\};\ngrant\ codeBase\ \"file:\$\{catalina.base\}\/webapps\/ROOT\/-\" \{\n\ permission org.apache.catalina.security.DeployXmlPermission \"ROOT\";\n\};" ${TOMCAT_DIR}/conf/catalina.policy
|
|
|
|
# fontconfig is required by Activiti worflow diagram generator
|
|
RUN yum install -y fontconfig-2.14.0-2.el9_1 && \
|
|
yum clean all
|
|
|
|
# The standard configuration is to have all Tomcat files owned by root with group GROUPNAME and whilst owner has read/write privileges,
|
|
# group only has restricted permissions and world has no permissions.
|
|
RUN mkdir -p ${TOMCAT_DIR}/conf/Catalina/localhost && \
|
|
mkdir -p ${TOMCAT_DIR}/alf_data && \
|
|
groupadd -g ${GROUPID} ${GROUPNAME} && \
|
|
useradd -u ${USERID} -G ${GROUPNAME} ${IMAGEUSERNAME} && \
|
|
chgrp -R ${GROUPNAME} ${TOMCAT_DIR} && \
|
|
chmod g+rx ${TOMCAT_DIR}/conf && \
|
|
chmod -R g+r ${TOMCAT_DIR}/conf && \
|
|
find ${TOMCAT_DIR}/webapps -type d -exec chmod 0750 {} \; && \
|
|
find ${TOMCAT_DIR}/webapps -type f -exec chmod 0640 {} \; && \
|
|
chmod -R g+r ${TOMCAT_DIR}/webapps && \
|
|
chmod g+r ${TOMCAT_DIR}/conf/Catalina && \
|
|
chmod g+rwx ${TOMCAT_DIR}/alf_data && \
|
|
chmod g+rwx ${TOMCAT_DIR}/logs && \
|
|
chmod o-w ${TOMCAT_DIR}/logs && \
|
|
chmod g+rwx ${TOMCAT_DIR}/temp && \
|
|
chmod g+rwx ${TOMCAT_DIR}/work && \
|
|
chmod o-w ${TOMCAT_DIR}/work && \
|
|
chmod 664 ${TOMCAT_DIR}/alfresco-mmt/alfresco-mmt-*.jar && \
|
|
find /licenses -type d -exec chmod 0755 {} \; && \
|
|
find /licenses -type f -exec chmod 0644 {} \;
|
|
|
|
EXPOSE 10001
|
|
|
|
# For remote debug
|
|
EXPOSE 8000
|
|
|
|
USER ${IMAGEUSERNAME}
|