From f28c16c4fee07c74f543bf609ea6ecee2b77b6bb Mon Sep 17 00:00:00 2001 From: Brian Long Date: Wed, 13 Jan 2021 14:32:12 -0500 Subject: [PATCH 01/14] initial aps base --- .env | 2 ++ docker-compose.yml | 47 ++++++++++++++++++++++++++++++++++++- nginx-ingress/entrypoint.sh | 8 +++++++ nginx-ingress/nginx.conf | 30 +++++++++++++++++++++++ 4 files changed, 86 insertions(+), 1 deletion(-) diff --git a/.env b/.env index 402477f..af14c9d 100644 --- a/.env +++ b/.env @@ -1,4 +1,6 @@ EXTERNAL_RESOURCE_DIR=~ +ALFRESCO_DIR=${EXTERNAL_RESOURCE_DIR}/alfresco +ALFRESCO_LICENSE_DIR=${ALFRESCO_DIR}/license PROXY_PROTOCOL=http PROXY_HOST=localhost diff --git a/docker-compose.yml b/docker-compose.yml index e82f46e..dab5652 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,8 +4,53 @@ version: "2" services: + activiti-app: + image: alfresco/process-services:latest + environment: + ACTIVITI_DATASOURCE_URL: 'jdbc:postgresql://postgres-aps:5432/activiti?characterEncoding=UTF-8' + ACTIVITI_ES_REST_CLIENT_ADDRESS: search-aps + depends_on: + - postgres-aps + volumes: + - "$LICENSE_DIR/aps:/root/.activiti/enterprise-license:ro" + + activiti-admin: + image: alfresco/process-services-admin:latest + environment: + ACTIVITI_ADMIN_DATASOURCE_URL: 'jdbc:postgresql://postgres-aps-admin:5432/activiti?characterEncoding=UTF-8' + ACTIVITI_ADMIN_REST_APP_HOST: http://activiti-app + depends_on: + - postgres-aps-admin + - activiti-app + volumes: + - ./activiti-admin.properties:/usr/local/tomcat/lib/activiti-admin.properties + + postgres-aps: + image: postgres:latest + + postgres-aps-admin: + image: postgres:latest + + search-aps: + image: elasticsearch:latest + container_name: elasticsearch + environment: + - node.name=elasticsearch + - cluster.name=aps-es-cluster + - cluster.initial_master_nodes=elasticsearch + - bootstrap.memory_lock=true + - "ES_JAVA_OPTS=-Xms512m -Xmx512m" + ulimits: + memlock: + soft: -1 + hard: -1 + depends_on: + - activit-app + proxy: build: ./nginx-ingress - image: local/nginx-ingress:base + image: local/nginx-ingress:acs ports: - 8080:8080 + depends_on: + - platform diff --git a/nginx-ingress/entrypoint.sh b/nginx-ingress/entrypoint.sh index 8bcdeb5..e95c58b 100644 --- a/nginx-ingress/entrypoint.sh +++ b/nginx-ingress/entrypoint.sh @@ -1,5 +1,13 @@ #!/bin/sh +if [[ $APS_APP_URL ]]; then + sed -i s%http:\/\/activiti-app:8080%"$APS_APP_URL"%g /etc/nginx/nginx.conf +fi + +if [[ $APS_ADMIN_URL ]]; then + sed -i s%http:\/\/activiti-admin:8080%"$APS_ADMIN_URL"%g /etc/nginx/nginx.conf +fi + if [[ $ACCESS_LOG ]]; then sed -i s%\#ENV_ACCESS_LOG%"access_log $ACCESS_LOG;"%g /etc/nginx/nginx.conf fi diff --git a/nginx-ingress/nginx.conf b/nginx-ingress/nginx.conf index 8124476..47db437 100644 --- a/nginx-ingress/nginx.conf +++ b/nginx-ingress/nginx.conf @@ -25,5 +25,35 @@ http { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass_header Set-Cookie; + + # Protect access to SOLR APIs + location ~ ^(/.*/service/api/solr/.*)$ {return 403;} + location ~ ^(/.*/s/api/solr/.*)$ {return 403;} + location ~ ^(/.*/wcservice/api/solr/.*)$ {return 403;} + location ~ ^(/.*/wcs/api/solr/.*)$ {return 403;} + + location ~ ^(/.*/proxy/alfresco/api/solr/.*)$ {return 403 ;} + location ~ ^(/.*/-default-/proxy/alfresco/api/.*)$ {return 403;} + + # Protect access to Prometheus endpoint + location ~ ^(/.*/s/prometheus)$ {return 403;} + + location / { + return 301 $scheme://$http_host/activiti-app; + } + + location /activiti-app/ { + proxy_pass http://activiti-app:8080; + + # If using external proxy / load balancer (for initial redirect if no trailing slash) + absolute_redirect off; + } + + location /activiti-admin/ { + proxy_pass http://activiti-admin:8080; + + # If using external proxy / load balancer (for initial redirect if no trailing slash) + absolute_redirect off; + } } } From 237a8abd62c1d2699cb4fe834259a633271c5e52 Mon Sep 17 00:00:00 2001 From: Brian Long Date: Wed, 13 Jan 2021 14:33:11 -0500 Subject: [PATCH 02/14] fixed proxy depends_on --- docker-compose.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index dab5652..f09d282 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -53,4 +53,5 @@ services: ports: - 8080:8080 depends_on: - - platform + - activiti-app + - activiti-admin From 2b7755222b768c55239dcfd672e2bb573be4df94 Mon Sep 17 00:00:00 2001 From: Brian Long Date: Wed, 13 Jan 2021 14:42:41 -0500 Subject: [PATCH 03/14] added versions and config to APS --- docker-compose.yml | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index f09d282..db367b4 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -5,10 +5,17 @@ version: "2" services: activiti-app: - image: alfresco/process-services:latest + image: alfresco/process-services:1.11.1.1 environment: + ACTIVITI_DATASOURCE_USERNAME: alfresco + ACTIVITI_DATASOURCE_PASSWORD: alfresco + ACTIVITI_DATASOURCE_DRIVER: org.postgresql.Driver + ACTIVITI_HIBERNATE_DIALECT: org.hibernate.dialect.PostgreSQLDialect ACTIVITI_DATASOURCE_URL: 'jdbc:postgresql://postgres-aps:5432/activiti?characterEncoding=UTF-8' + ACTIVITI_ES_SERVER_TYPE: rest ACTIVITI_ES_REST_CLIENT_ADDRESS: search-aps + ACTIVITI_ES_REST_CLIENT_PORT: 9200 + ACTIVITI_ES_REST_CLIENT_SCHEMA: http depends_on: - postgres-aps volumes: @@ -17,22 +24,33 @@ services: activiti-admin: image: alfresco/process-services-admin:latest environment: + ACTIVITI_ADMIN_DATASOURCE_USERNAME: alfresco + ACTIVITI_ADMIN_DATASOURCE_PASSWORD: alfresco + ACTIVITI_ADMIN_DATASOURCE_DRIVER: org.postgresql.Driver + ACTIVITI_ADMIN_HIBERNATE_DIALECT: org.hibernate.dialect.PostgreSQLDialect ACTIVITI_ADMIN_DATASOURCE_URL: 'jdbc:postgresql://postgres-aps-admin:5432/activiti?characterEncoding=UTF-8' ACTIVITI_ADMIN_REST_APP_HOST: http://activiti-app + ACTIVITI_ADMIN_REST_APP_PORT: 8080 depends_on: - postgres-aps-admin - activiti-app - volumes: - - ./activiti-admin.properties:/usr/local/tomcat/lib/activiti-admin.properties postgres-aps: - image: postgres:latest + image: postgres:11.6 + environment: + POSTGRES_DB: postgres-aps + POSTGRES_USER: alfresco + POSTGRES_PASSWORD: alfresco postgres-aps-admin: - image: postgres:latest + image: postgres:11.6 + environment: + POSTGRES_DB: postgres-aps-admin + POSTGRES_USER: alfresco + POSTGRES_PASSWORD: alfresco search-aps: - image: elasticsearch:latest + image: elasticsearch:7.6.0 container_name: elasticsearch environment: - node.name=elasticsearch From 695e3b3dc09b960a33ef7286fef3625be33c63e4 Mon Sep 17 00:00:00 2001 From: Brian Long Date: Wed, 13 Jan 2021 15:20:03 -0500 Subject: [PATCH 04/14] fixed after testing --- docker-compose.yml | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index db367b4..812de01 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -6,6 +6,7 @@ version: "2" services: activiti-app: image: alfresco/process-services:1.11.1.1 + mem_limit: 512m environment: ACTIVITI_DATASOURCE_USERNAME: alfresco ACTIVITI_DATASOURCE_PASSWORD: alfresco @@ -16,54 +17,58 @@ services: ACTIVITI_ES_REST_CLIENT_ADDRESS: search-aps ACTIVITI_ES_REST_CLIENT_PORT: 9200 ACTIVITI_ES_REST_CLIENT_SCHEMA: http + JAVA_OPTS: "-XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80" depends_on: - postgres-aps volumes: - - "$LICENSE_DIR/aps:/root/.activiti/enterprise-license:ro" + - "$ALFRESCO_LICENSE_DIR/aps:/root/.activiti/enterprise-license:ro" activiti-admin: - image: alfresco/process-services-admin:latest + image: alfresco/process-services-admin:1.11.1.1 + mem_limit: 256m environment: ACTIVITI_ADMIN_DATASOURCE_USERNAME: alfresco ACTIVITI_ADMIN_DATASOURCE_PASSWORD: alfresco ACTIVITI_ADMIN_DATASOURCE_DRIVER: org.postgresql.Driver ACTIVITI_ADMIN_HIBERNATE_DIALECT: org.hibernate.dialect.PostgreSQLDialect - ACTIVITI_ADMIN_DATASOURCE_URL: 'jdbc:postgresql://postgres-aps-admin:5432/activiti?characterEncoding=UTF-8' + ACTIVITI_ADMIN_DATASOURCE_URL: 'jdbc:postgresql://postgres-aps-admin:5432/activiti-admin?characterEncoding=UTF-8' ACTIVITI_ADMIN_REST_APP_HOST: http://activiti-app ACTIVITI_ADMIN_REST_APP_PORT: 8080 + JAVA_OPTS: "-XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80" depends_on: - postgres-aps-admin - activiti-app postgres-aps: image: postgres:11.6 + mem_limit: 256m environment: - POSTGRES_DB: postgres-aps + POSTGRES_DB: activiti POSTGRES_USER: alfresco POSTGRES_PASSWORD: alfresco + command: postgres -c max_connections=300 -c log_min_messages=LOG postgres-aps-admin: image: postgres:11.6 + mem_limit: 128m environment: - POSTGRES_DB: postgres-aps-admin + POSTGRES_DB: activiti-admin POSTGRES_USER: alfresco POSTGRES_PASSWORD: alfresco + command: postgres -c max_connections=50 -c log_min_messages=LOG search-aps: image: elasticsearch:7.6.0 - container_name: elasticsearch + mem_limit: 512m environment: - - node.name=elasticsearch - - cluster.name=aps-es-cluster - - cluster.initial_master_nodes=elasticsearch - - bootstrap.memory_lock=true - - "ES_JAVA_OPTS=-Xms512m -Xmx512m" + discovery.type: single-node + ES_JAVA_OPTS: "-Xms64m -Xmx256m" ulimits: memlock: soft: -1 hard: -1 depends_on: - - activit-app + - activiti-app proxy: build: ./nginx-ingress From 8a0ccc61a5f6f3933f9dc16ec9c4c78643d6fbad Mon Sep 17 00:00:00 2001 From: Brian Long Date: Wed, 13 Jan 2021 15:22:30 -0500 Subject: [PATCH 05/14] backported some stuff from aps to aps-base --- docker-compose.yml | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index f09d282..6d844ab 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -17,7 +17,7 @@ services: activiti-admin: image: alfresco/process-services-admin:latest environment: - ACTIVITI_ADMIN_DATASOURCE_URL: 'jdbc:postgresql://postgres-aps-admin:5432/activiti?characterEncoding=UTF-8' + ACTIVITI_ADMIN_DATASOURCE_URL: 'jdbc:postgresql://postgres-aps-admin:5432/activiti-admin?characterEncoding=UTF-8' ACTIVITI_ADMIN_REST_APP_HOST: http://activiti-app depends_on: - postgres-aps-admin @@ -27,19 +27,18 @@ services: postgres-aps: image: postgres:latest + environment: + POSTGRES_DB: activiti postgres-aps-admin: image: postgres:latest + environment: + POSTGRES_DB: activiti-admin search-aps: image: elasticsearch:latest - container_name: elasticsearch environment: - - node.name=elasticsearch - - cluster.name=aps-es-cluster - - cluster.initial_master_nodes=elasticsearch - - bootstrap.memory_lock=true - - "ES_JAVA_OPTS=-Xms512m -Xmx512m" + discovery.type: single-node ulimits: memlock: soft: -1 From 16aa444b19dc939cc5610ff6e768e82fb71e0260 Mon Sep 17 00:00:00 2001 From: Brian Long Date: Wed, 13 Jan 2021 15:32:03 -0500 Subject: [PATCH 06/14] removed excess file mapping --- docker-compose.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 6d844ab..970fb2b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -22,8 +22,6 @@ services: depends_on: - postgres-aps-admin - activiti-app - volumes: - - ./activiti-admin.properties:/usr/local/tomcat/lib/activiti-admin.properties postgres-aps: image: postgres:latest From a2619fac7bbbe54deebd7c3a58e75855c7b9e77b Mon Sep 17 00:00:00 2001 From: Brian Long Date: Wed, 13 Jan 2021 15:37:06 -0500 Subject: [PATCH 07/14] fixed license directory var --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 970fb2b..c6006e8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -12,7 +12,7 @@ services: depends_on: - postgres-aps volumes: - - "$LICENSE_DIR/aps:/root/.activiti/enterprise-license:ro" + - "$ALFRESCO_LICENSE_DIR/aps:/root/.activiti/enterprise-license:ro" activiti-admin: image: alfresco/process-services-admin:latest From 20b41bbcb180c921c6625c6799a2306e756d90ac Mon Sep 17 00:00:00 2001 From: Brian Long Date: Wed, 13 Jan 2021 15:39:02 -0500 Subject: [PATCH 08/14] corrected misspelling --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index c6006e8..901ff5c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -42,7 +42,7 @@ services: soft: -1 hard: -1 depends_on: - - activit-app + - activiti-app proxy: build: ./nginx-ingress From 2d91d8bc08098179310ac1071610420e8ff6016d Mon Sep 17 00:00:00 2001 From: Brian Long Date: Mon, 19 Apr 2021 08:26:13 -0400 Subject: [PATCH 09/14] renamed proxy from acs to aps --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 901ff5c..382c2fb 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -46,7 +46,7 @@ services: proxy: build: ./nginx-ingress - image: local/nginx-ingress:acs + image: local/nginx-ingress:aps ports: - 8080:8080 depends_on: From dee72646e66f3db2523bade19dc2dbd2cbb280c8 Mon Sep 17 00:00:00 2001 From: Brian Long Date: Fri, 30 Jul 2021 16:32:57 -0400 Subject: [PATCH 10/14] updated APS memory limit mins --- docker-compose.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index a72ad12..ef48732 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -41,7 +41,7 @@ services: postgres-aps: image: postgres:11.6 - mem_limit: 256m + mem_limit: 128m environment: POSTGRES_DB: activiti POSTGRES_USER: alfresco @@ -73,6 +73,7 @@ services: proxy: build: ./nginx-ingress image: local/nginx-ingress:aps + mem_limit: 256m ports: - 8080:8080 depends_on: From dd967a17f26cbd965f3064d329c7ac909f21a736 Mon Sep 17 00:00:00 2001 From: "Brian M. Long" Date: Tue, 1 Nov 2022 17:06:07 -0400 Subject: [PATCH 11/14] parameterized APS versions --- .env | 4 ++++ docker-compose.yml | 10 +++++----- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/.env b/.env index 171f8c4..47d1267 100644 --- a/.env +++ b/.env @@ -4,3 +4,7 @@ ALFRESCO_LICENSE_DIR=~/alfresco/license PROXY_PROTOCOL=http PROXY_HOST=localhost PROXY_PORT=8080 + +APS_TAG=2.3.5 +POSTGRES_TAG=13 +ELASTICSEARCH_TAG=7.17.7 diff --git a/docker-compose.yml b/docker-compose.yml index 143cb68..205e3f1 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,7 +4,7 @@ version: "3" services: activiti-app: - image: alfresco/process-services:latest + image: quay.io/alfresco/alfresco-process-services:${APS_TAG} environment: ACTIVITI_DATASOURCE_URL: 'jdbc:postgresql://postgres-aps:5432/activiti?characterEncoding=UTF-8' ACTIVITI_ES_REST_CLIENT_ADDRESS: search-aps @@ -14,7 +14,7 @@ services: - "$ALFRESCO_LICENSE_DIR/aps:/root/.activiti/enterprise-license:ro" activiti-admin: - image: alfresco/process-services-admin:latest + image: quay.io/alfresco/alfresco-process-services-admin:${APS_TAG} environment: ACTIVITI_ADMIN_DATASOURCE_URL: 'jdbc:postgresql://postgres-aps-admin:5432/activiti-admin?characterEncoding=UTF-8' ACTIVITI_ADMIN_REST_APP_HOST: http://activiti-app @@ -23,17 +23,17 @@ services: - activiti-app postgres-aps: - image: postgres:latest + image: postgres:${POSTGRES_TAG} environment: POSTGRES_DB: activiti postgres-aps-admin: - image: postgres:latest + image: postgres:${POSTGRES_TAG} environment: POSTGRES_DB: activiti-admin search-aps: - image: elasticsearch:latest + image: elasticsearch:${ELASTICSEARCH_TAG} environment: discovery.type: single-node ulimits: From 4e85d8118c3e6e80ab7034135377aabd8cb5a857 Mon Sep 17 00:00:00 2001 From: "Brian M. Long" Date: Tue, 1 Nov 2022 17:14:49 -0400 Subject: [PATCH 12/14] fixed APS license location --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 3ccd0d8..d684ba6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -19,7 +19,7 @@ services: depends_on: - postgres-aps volumes: - - "$ALFRESCO_LICENSE_DIR/aps:/root/.activiti/enterprise-license:ro" + - "$ALFRESCO_LICENSE_DIR/aps:/home/alfresco/.activiti/enterprise-license:ro" activiti-admin: image: quay.io/alfresco/alfresco-process-services-admin:${APS_TAG} From fc8a854920c3de90d93c9055393845a5ab722f46 Mon Sep 17 00:00:00 2001 From: "Brian M. Long" Date: Wed, 25 Oct 2023 18:32:39 -0400 Subject: [PATCH 13/14] removed elasticsearch --- .env | 1 - docker-compose.yml | 13 +------------ 2 files changed, 1 insertion(+), 13 deletions(-) diff --git a/.env b/.env index 47d1267..7174066 100644 --- a/.env +++ b/.env @@ -7,4 +7,3 @@ PROXY_PORT=8080 APS_TAG=2.3.5 POSTGRES_TAG=13 -ELASTICSEARCH_TAG=7.17.7 diff --git a/docker-compose.yml b/docker-compose.yml index 63fd7ef..6c35dcb 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,11 +3,11 @@ version: "3" services: + activiti-app: image: quay.io/alfresco/alfresco-process-services:${APS_TAG} environment: ACTIVITI_DATASOURCE_URL: 'jdbc:postgresql://postgres-aps:5432/activiti?characterEncoding=UTF-8' - ACTIVITI_ES_REST_CLIENT_ADDRESS: search-aps depends_on: - postgres-aps volumes: @@ -31,17 +31,6 @@ services: image: postgres:${POSTGRES_TAG} environment: POSTGRES_DB: activiti-admin - - search-aps: - image: elasticsearch:${ELASTICSEARCH_TAG} - environment: - discovery.type: single-node - ulimits: - memlock: - soft: -1 - hard: -1 - depends_on: - - activiti-app proxy: build: ./nginx-ingress From e0e190d987e8efdac8fdbb0bdb8395eec167bde2 Mon Sep 17 00:00:00 2001 From: "Brian M. Long" Date: Wed, 25 Oct 2023 18:33:38 -0400 Subject: [PATCH 14/14] APS v2.4.1 --- .env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.env b/.env index 7174066..e02dc1e 100644 --- a/.env +++ b/.env @@ -5,5 +5,5 @@ PROXY_PROTOCOL=http PROXY_HOST=localhost PROXY_PORT=8080 -APS_TAG=2.3.5 +APS_TAG=2.4.1 POSTGRES_TAG=13