added identity service

2021-01-13 17:01:06 -05:00 · 2021-01-13 17:01:06 -05:00 · 919d842d61
commit 919d842d61
parent ac18d6d637
4 changed files with 63 additions and 1 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -4,8 +4,23 @@
 version: "2"

 services:
+
+    identity:
+        image: alfresco/alfresco-identity-service:1.3
+        user: jboss
+        environment:
+            KEYCLOAK_USER: admin
+            KEYCLOAK_PASSWORD: admin
+            KEYCLOAK_HOSTNAME: ${PROXY_HOST}
+            KEYCLOAK_IMPORT: /tmp/keycloak-alfresco-realm.json
+            KEYCLOAK_STATISTICS: enabled
+        volumes:
+            - ./keycloak-alfresco-realm.json:/tmp/keycloak-alfresco-realm.json:ro
+    
    proxy:
        build: ./nginx-ingress
-        image: local/nginx-ingress:base
+        image: local/nginx-ingress:aims
        ports:
            - 8080:8080
+        depends_on:
+            - identity
--- a/keycloak-alfresco-realm.json
+++ b/keycloak-alfresco-realm.json
@ -0,0 +1,32 @@
+{
+  "realm": "alfresco",
+  "enabled": true,
+  "sslRequired": "external",
+  "registrationAllowed": false,
+  "roles": {
+    "realm": [ {
+      "name": "user",
+      "description": "User privileges"
+    }, {
+      "name": "admin",
+      "description": "Administrator privileges"
+    } ]
+  },
+  "clients": [
+    {
+      "clientId": "alfresco",
+      "name": "Alfresco Products",
+      "enabled": true,
+      "alwaysDisplayInConsole": false,
+      "redirectUris": [
+        "*"
+      ],
+      "publicClient": true,
+      "protocol": "openid-connect",
+      "attributes": {
+        "login_theme": "alfresco"
+      }
+    }
+  ],
+  "requiredCredentials": [ "password" ]
+}
--- a/nginx-ingress/entrypoint.sh
+++ b/nginx-ingress/entrypoint.sh
@ -1,5 +1,9 @@
 #!/bin/sh

+if [[ $AIMS_URL ]]; then
+  sed -i s%http:\/\/identity:8080%"$AIMS_URL"%g /etc/nginx/nginx.conf
+fi
+
 if [[ $ACCESS_LOG ]]; then
  sed -i s%\#ENV_ACCESS_LOG%"access_log $ACCESS_LOG;"%g /etc/nginx/nginx.conf
 fi
--- a/nginx-ingress/nginx.conf
+++ b/nginx-ingress/nginx.conf
@ -25,5 +25,16 @@ http {
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass_header Set-Cookie;
+
+        location / {
+            return 301 $scheme://$http_host/auth;
+        }
+
+        location /auth/ {
+            proxy_pass http://identity:8080;
+
+            # If using external proxy / load balancer (for initial redirect if no trailing slash)
+            absolute_redirect off;
+        }
    }
 }