inteligr8/env-docker-alfresco
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added identity service

Browse Source
This commit is contained in:
Brian Long 2021-01-13 17:01:06 -05:00
parent ac18d6d637
commit 919d842d61
4 changed files with 63 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
docker-compose.yml
View File

@ -4,8 +4,23 @@
version: "2" version: "2"
services: services:
identity:
image: alfresco/alfresco-identity-service:1.3
user: jboss
environment:
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: admin
KEYCLOAK_HOSTNAME: ${PROXY_HOST}
KEYCLOAK_IMPORT: /tmp/keycloak-alfresco-realm.json
KEYCLOAK_STATISTICS: enabled
volumes:
- ./keycloak-alfresco-realm.json:/tmp/keycloak-alfresco-realm.json:ro
proxy: proxy:
build: ./nginx-ingress build: ./nginx-ingress
image: local/nginx-ingress:base image: local/nginx-ingress:aims
ports: ports:
- 8080:8080 - 8080:8080
depends_on:
- identity

32
keycloak-alfresco-realm.json Normal file
View File

@ -0,0 +1,32 @@
{
"realm": "alfresco",
"enabled": true,
"sslRequired": "external",
"registrationAllowed": false,
"roles": {
"realm": [ {
"name": "user",
"description": "User privileges"
}, {
"name": "admin",
"description": "Administrator privileges"
} ]
},
"clients": [
{
"clientId": "alfresco",
"name": "Alfresco Products",
"enabled": true,
"alwaysDisplayInConsole": false,
"redirectUris": [
"*"
],
"publicClient": true,
"protocol": "openid-connect",
"attributes": {
"login_theme": "alfresco"
}
}
],
"requiredCredentials": [ "password" ]
}

4
nginx-ingress/entrypoint.sh
View File

@ -1,5 +1,9 @@
#!/bin/sh #!/bin/sh
if [[ $AIMS_URL ]]; then
sed -i s%http:\/\/identity:8080%"$AIMS_URL"%g /etc/nginx/nginx.conf
fi
if [[ $ACCESS_LOG ]]; then if [[ $ACCESS_LOG ]]; then
sed -i s%\#ENV_ACCESS_LOG%"access_log $ACCESS_LOG;"%g /etc/nginx/nginx.conf sed -i s%\#ENV_ACCESS_LOG%"access_log $ACCESS_LOG;"%g /etc/nginx/nginx.conf
fi fi

11
nginx-ingress/nginx.conf
View File

@ -25,5 +25,16 @@ http {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass_header Set-Cookie; proxy_pass_header Set-Cookie;
location / {
return 301 $scheme://$http_host/auth;
}
location /auth/ {
proxy_pass http://identity:8080;
# If using external proxy / load balancer (for initial redirect if no trailing slash)
absolute_redirect off;
}
} }
} }