From 0f36dd194301cd8b1cd49fa21af2f978acdecb38 Mon Sep 17 00:00:00 2001 From: Brian Long Date: Wed, 16 Dec 2020 23:34:34 -0500 Subject: [PATCH 01/12] added minimum unconfigured ACS services to Docker Compose --- docker-compose.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index f70207f..dc160fe 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,3 +3,19 @@ # Using version 2 as 3 does not support resource constraint options (cpu_*, mem_* limits) for non swarm mode in Compose version: "2" +services: + alfresco: + image: alfresco/alfresco-content-repository:latest + + postgres-acs: + image: postgres:latest + + activemq: + image: alfresco/alfresco-activemq:latest + + proxy: + image: alfresco/alfresco-acs-nginx:latest + depends_on: + - alfresco + ports: + - 8080:8080 From 6c665fab048148356954b863efdb85f62e9df6c2 Mon Sep 17 00:00:00 2001 From: Brian Long Date: Wed, 16 Dec 2020 23:55:56 -0500 Subject: [PATCH 02/12] added depends_on for the alfresco service --- docker-compose.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index dc160fe..0214f19 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -6,6 +6,9 @@ version: "2" services: alfresco: image: alfresco/alfresco-content-repository:latest + depends_on: + - postgres-acs + - activemq postgres-acs: image: postgres:latest From 5cfee3d18f9edd6018e0ba04af716e7e7669dc96 Mon Sep 17 00:00:00 2001 From: Brian Long Date: Thu, 17 Dec 2020 12:31:55 -0500 Subject: [PATCH 03/12] updated service names --- docker-compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 0214f19..ba78567 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,7 +4,7 @@ version: "2" services: - alfresco: + platform: image: alfresco/alfresco-content-repository:latest depends_on: - postgres-acs @@ -19,6 +19,6 @@ services: proxy: image: alfresco/alfresco-acs-nginx:latest depends_on: - - alfresco + - platform ports: - 8080:8080 From 79a1644530ac171b2a85e88c82468f8eb5e417c8 Mon Sep 17 00:00:00 2001 From: Brian Long Date: Thu, 17 Dec 2020 12:46:24 -0500 Subject: [PATCH 04/12] more corrections to service names and addressing additions --- docker-compose.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index ba78567..5bdc666 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -6,6 +6,11 @@ version: "2" services: platform: image: alfresco/alfresco-content-repository:latest + environment: + JAVA_OPTS: " + -Ddb.url=jdbc:postgresql://postgres-acs:5432/alfresco + -Dmessaging.broker.url=\"failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true\" + " depends_on: - postgres-acs - activemq @@ -18,6 +23,8 @@ services: proxy: image: alfresco/alfresco-acs-nginx:latest + environment: + REPO_URL: "http://platform:8080" depends_on: - platform ports: From f1df9c3217656763ac983788a5067f38ba43b8b2 Mon Sep 17 00:00:00 2001 From: Brian Long Date: Thu, 17 Dec 2020 16:03:33 -0500 Subject: [PATCH 05/12] initial nginx dynamic docker image config --- docker-compose.yml | 4 ++++ nginx-ingress/Dockerfile | 8 ++++++++ nginx-ingress/entrypoint.sh | 7 +++++++ nginx-ingress/nginx.conf | 28 ++++++++++++++++++++++++++++ 4 files changed, 47 insertions(+) create mode 100644 nginx-ingress/Dockerfile create mode 100644 nginx-ingress/entrypoint.sh create mode 100644 nginx-ingress/nginx.conf diff --git a/docker-compose.yml b/docker-compose.yml index f70207f..ca96d70 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,3 +3,7 @@ # Using version 2 as 3 does not support resource constraint options (cpu_*, mem_* limits) for non swarm mode in Compose version: "2" +services: + proxy: + build: ./nginx-ingress + image: local/nginx-ingress:base diff --git a/nginx-ingress/Dockerfile b/nginx-ingress/Dockerfile new file mode 100644 index 0000000..c00e373 --- /dev/null +++ b/nginx-ingress/Dockerfile @@ -0,0 +1,8 @@ +FROM nginx:stable-alpine + +COPY nginx.conf /etc/nginx/nginx.conf + +COPY entrypoint.sh / +RUN chmod +x /entrypoint.sh + +ENTRYPOINT [ "/entrypoint.sh" ] diff --git a/nginx-ingress/entrypoint.sh b/nginx-ingress/entrypoint.sh new file mode 100644 index 0000000..8bcdeb5 --- /dev/null +++ b/nginx-ingress/entrypoint.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +if [[ $ACCESS_LOG ]]; then + sed -i s%\#ENV_ACCESS_LOG%"access_log $ACCESS_LOG;"%g /etc/nginx/nginx.conf +fi + +nginx -g "daemon off;" diff --git a/nginx-ingress/nginx.conf b/nginx-ingress/nginx.conf new file mode 100644 index 0000000..c8aac96 --- /dev/null +++ b/nginx-ingress/nginx.conf @@ -0,0 +1,28 @@ +worker_processes 1; + +events { + worker_connections 1024; +} + +http { + server { + listen *:8080; + + client_max_body_size 0; + + set $allowOriginSite *; + proxy_pass_request_headers on; + proxy_pass_header Set-Cookie; + + # External settings, do not remove + #ENV_ACCESS_LOG + + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; + proxy_redirect off; + proxy_buffering off; + proxy_set_header Host $host:$server_port; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass_header Set-Cookie; + } +} From 010149e6b643fb95bfa85d5fdfe45b4c7b47f79a Mon Sep 17 00:00:00 2001 From: Brian Long Date: Thu, 17 Dec 2020 16:07:17 -0500 Subject: [PATCH 06/12] added platform config --- nginx-ingress/entrypoint.sh | 4 ++++ nginx-ingress/nginx.conf | 23 +++++++++++++++++++++++ 2 files changed, 27 insertions(+) diff --git a/nginx-ingress/entrypoint.sh b/nginx-ingress/entrypoint.sh index 8bcdeb5..5adaad5 100644 --- a/nginx-ingress/entrypoint.sh +++ b/nginx-ingress/entrypoint.sh @@ -1,5 +1,9 @@ #!/bin/sh +if [[ $ACS_PLATFORM_URL ]]; then + sed -i s%http:\/\/platform:8080%"$REPO_URL"%g /etc/nginx/nginx.conf +fi + if [[ $ACCESS_LOG ]]; then sed -i s%\#ENV_ACCESS_LOG%"access_log $ACCESS_LOG;"%g /etc/nginx/nginx.conf fi diff --git a/nginx-ingress/nginx.conf b/nginx-ingress/nginx.conf index c8aac96..0bbab22 100644 --- a/nginx-ingress/nginx.conf +++ b/nginx-ingress/nginx.conf @@ -24,5 +24,28 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass_header Set-Cookie; + + # Protect access to SOLR APIs + location ~ ^(/.*/service/api/solr/.*)$ {return 403;} + location ~ ^(/.*/s/api/solr/.*)$ {return 403;} + location ~ ^(/.*/wcservice/api/solr/.*)$ {return 403;} + location ~ ^(/.*/wcs/api/solr/.*)$ {return 403;} + + location ~ ^(/.*/proxy/alfresco/api/solr/.*)$ {return 403 ;} + location ~ ^(/.*/-default-/proxy/alfresco/api/.*)$ {return 403;} + + # Protect access to Prometheus endpoint + location ~ ^(/.*/s/prometheus)$ {return 403;} + + location / { + proxy_pass http://platform:8080; + } + + location /alfresco/ { + proxy_pass http://platform:8080; + + # If using external proxy / load balancer (for initial redirect if no trailing slash) + absolute_redirect off; + } } } From 6332985ebd0111234a3c7c4e6b4f678f6262f456 Mon Sep 17 00:00:00 2001 From: Brian Long Date: Thu, 17 Dec 2020 16:09:48 -0500 Subject: [PATCH 07/12] removed proxy --- docker-compose.yml | 9 --------- 1 file changed, 9 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 5bdc666..e952af6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -20,12 +20,3 @@ services: activemq: image: alfresco/alfresco-activemq:latest - - proxy: - image: alfresco/alfresco-acs-nginx:latest - environment: - REPO_URL: "http://platform:8080" - depends_on: - - platform - ports: - - 8080:8080 From ab396f76564bca406f0228e6ea52e06a54907d25 Mon Sep 17 00:00:00 2001 From: Brian Long Date: Thu, 17 Dec 2020 16:16:44 -0500 Subject: [PATCH 08/12] changed version to 'acs' --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index ca96d70..da2d925 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -6,4 +6,4 @@ version: "2" services: proxy: build: ./nginx-ingress - image: local/nginx-ingress:base + image: local/nginx-ingress:acs From a42af256495dd4d05205baf1a51b8694bb3aa7b7 Mon Sep 17 00:00:00 2001 From: Brian Long Date: Thu, 17 Dec 2020 16:19:34 -0500 Subject: [PATCH 09/12] added port for localhost --- docker-compose.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index ca96d70..e82f46e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,3 +7,5 @@ services: proxy: build: ./nginx-ingress image: local/nginx-ingress:base + ports: + - 8080:8080 From 6b0c103d7569cecba84e57f6065edd5fd1603354 Mon Sep 17 00:00:00 2001 From: Brian Long Date: Thu, 17 Dec 2020 16:24:34 -0500 Subject: [PATCH 10/12] added depends_on for proxy --- docker-compose.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index 245d268..fbc506d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -26,3 +26,5 @@ services: image: local/nginx-ingress:acs ports: - 8080:8080 + depends_on: + - platform From 46bbeeef30f9f21685a446b158ae5cc91088c207 Mon Sep 17 00:00:00 2001 From: Brian Long Date: Thu, 17 Dec 2020 16:29:36 -0500 Subject: [PATCH 11/12] fixed missed envvar --- nginx-ingress/entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx-ingress/entrypoint.sh b/nginx-ingress/entrypoint.sh index 5adaad5..3dc2e8e 100644 --- a/nginx-ingress/entrypoint.sh +++ b/nginx-ingress/entrypoint.sh @@ -1,7 +1,7 @@ #!/bin/sh if [[ $ACS_PLATFORM_URL ]]; then - sed -i s%http:\/\/platform:8080%"$REPO_URL"%g /etc/nginx/nginx.conf + sed -i s%http:\/\/platform:8080%"$ACS_PLATFORM_URL"%g /etc/nginx/nginx.conf fi if [[ $ACCESS_LOG ]]; then From 24114c26047d7b88cf74ad2708aa7dc53af5cadb Mon Sep 17 00:00:00 2001 From: Brian Long Date: Thu, 17 Dec 2020 19:25:31 -0500 Subject: [PATCH 12/12] initial platform extension framework --- alfresco-content-repository/docker/Dockerfile | 12 ++++++++++++ alfresco-content-repository/docker/README.md | 3 +++ alfresco-content-repository/modules/README.md | 3 +++ docker-compose.yml | 5 ++++- 4 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 alfresco-content-repository/docker/Dockerfile create mode 100644 alfresco-content-repository/docker/README.md create mode 100644 alfresco-content-repository/modules/README.md diff --git a/alfresco-content-repository/docker/Dockerfile b/alfresco-content-repository/docker/Dockerfile new file mode 100644 index 0000000..fdc4bab --- /dev/null +++ b/alfresco-content-repository/docker/Dockerfile @@ -0,0 +1,12 @@ +FROM alfresco/alfresco-content-repository:latest + +ARG USERNAME=alfresco +ARG TOMCAT_DIR=/usr/local/tomcat + +USER root + +COPY *.amp ${TOMCAT_DIR}/amps + +RUN java -jar ${TOMCAT_DIR}/alfresco-mmt/alfresco-mmt*.jar install ${TOMCAT_DIR}/amps ${TOMCAT_DIR}/webapps/alfresco -nobackup -directory + +USER ${USERNAME} diff --git a/alfresco-content-repository/docker/README.md b/alfresco-content-repository/docker/README.md new file mode 100644 index 0000000..4229331 --- /dev/null +++ b/alfresco-content-repository/docker/README.md @@ -0,0 +1,3 @@ +## Usage + +Download all AMP files needed into this directory. All of them will be copied into a new Docker image and installed into the Alfresco Platform web application. diff --git a/alfresco-content-repository/modules/README.md b/alfresco-content-repository/modules/README.md new file mode 100644 index 0000000..30cea3d --- /dev/null +++ b/alfresco-content-repository/modules/README.md @@ -0,0 +1,3 @@ +## Usage + +Download all JAR module files needed into this directory. All of them will be dynamically loaded into the Docker container and loaded into the Alfresco Platform web application. diff --git a/docker-compose.yml b/docker-compose.yml index fbc506d..44ae54d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -5,7 +5,8 @@ version: "2" services: platform: - image: alfresco/alfresco-content-repository:latest + build: ./alfresco-content-repository/docker + image: local/alfresco-content-repository:latest environment: JAVA_OPTS: " -Ddb.url=jdbc:postgresql://postgres-acs:5432/alfresco @@ -14,6 +15,8 @@ services: depends_on: - postgres-acs - activemq + volumes: + - "./alfresco-content-repository/modules:/usr/local/tomcat/modules/platform:ro" postgres-acs: image: postgres:latest