inteligr8/env-docker-alfresco
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'ags-aims-enterprise' into dbp-aims

Browse Source
This commit is contained in:
Brian Long 2021-04-02 10:28:01 -04:00
commit 942bce286d
5 changed files with 136 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.env
View File

@ -4,3 +4,4 @@ ALFRESCO_LICENSE_DIR=~/alfresco/license
PROXY_PROTOCOL=http
PROXY_HOST=localhost
PROXY_PORT=8080
IDENTITY_SERVICE_BASEURL=http://auth.example.org:8080

41
docker-compose.yml
View File

@ -47,6 +47,10 @@ services:
-Dtransform.misc.url=http://transform-engine-aio:8090
-Ddsync.service.uris=${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}/sync
-Dauthentication.chain=aims:identity-service,builtin:alfrescoNtlm
-Didentity-service.authentication.defaultAdministratorUserNames=admin.1
-Didentity-service.auth-server-url=${IDENTITY_SERVICE_BASEURL}/auth
-Dsystem.content.eagerOrphanCleanup=true
-Dsystem.content.orphanProtectDays=0
@ -100,6 +104,16 @@ services:
-Dalfresco.host=${PROXY_HOST}
-Dalfresco.port=${PROXY_PORT}
-Dalfresco.protocol=${PROXY_PROTOCOL}
-Daims.enabled=true
-Daims.realm=alfresco
-Daims.resource=acs-share
-Daims.authServerUrl=${IDENTITY_SERVICE_BASEURL}/auth
-Daims.sslRequired=none
-Daims.publicClient=true
-Daims.autodetectBearerOnly=true
-Daims.alwaysRefreshToken=true
-Daims.principalAttribute=preferred_username
-Daims.enableBasicAuth=true
"
postgres-acs:
@ -140,6 +154,8 @@ services:
-Drepo.port=8080
-Ddw.server.applicationConnectors[0].type=http
-XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80
-Didentity-service.auth-server-url=${IDENTITY_SERVICE_BASEURL}/auth
-Didentity-service.resource=acs-sync
"
depends_on:
- postgres-acs
@ -152,6 +168,12 @@ services:
BASE_PATH: ./
APP_CONFIG_ECM_HOST: "${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}"
APP_BASE_SHARE_URL: "${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}/#/preview/s"
APP_CONFIG_AUTH_TYPE: OAUTH
APP_CONFIG_OAUTH2_HOST: "${IDENTITY_SERVICE_BASEURL}/auth/realms/alfresco"
APP_CONFIG_OAUTH2_CLIENTID: alfresco
APP_CONFIG_OAUTH2_IMPLICIT_FLOW: "true"
APP_CONFIG_OAUTH2_REDIRECT_LOGIN: "/workspace/"
APP_CONFIG_OAUTH2_REDIRECT_LOGOUT: "/workspace/logout"
activiti-app:
image: alfresco/process-services:1.11.1.1
@ -218,10 +240,26 @@ services:
hard: -1
depends_on:
- activiti-app
identity:
image: alfresco/alfresco-identity-service:1.3
user: jboss
environment:
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: admin
KEYCLOAK_HOSTNAME: auth.example.org
KEYCLOAK_IMPORT: /tmp/keycloak-alfresco-realm.json
KEYCLOAK_STATISTICS: enabled
networks:
default:
aliases:
- "auth.example.org"
volumes:
- ./keycloak-alfresco-realm.json:/tmp/keycloak-alfresco-realm.json:ro
proxy:
build: ./nginx-ingress
image: local/nginx-ingress:acs-sync-share-adw-aps
image: local/nginx-ingress:acs-sync-share-adw-aps-aims
ports:
- 8080:8080
depends_on:
@ -231,6 +269,7 @@ services:
- digital-workspace
- activiti-app
- activiti-admin
- identity
volumes:
shared-file-store-volume:

80
keycloak-alfresco-realm.json Normal file
View File

@ -0,0 +1,80 @@
{
"realm": "alfresco",
"enabled": true,
"sslRequired": "external",
"registrationAllowed": false,
"roles": {
"realm": [ {
"name": "user",
"description": "User privileges"
}, {
"name": "admin",
"description": "Administrator privileges"
} ]
},
"clients": [
{
"clientId": "alfresco",
"name": "Alfresco Products",
"enabled": true,
"alwaysDisplayInConsole": false,
"redirectUris": [ "*" ],
"standardFlowEnabled": true,
"implicitFlowEnabled": true,
"directAccessGrantsEnabled": false,
"publicClient": true,
"protocol": "openid-connect",
"attributes": {
"login_theme": "alfresco"
}
},
{
"clientId": "acs-share",
"name": "ACS Share",
"enabled": true,
"alwaysDisplayInConsole": false,
"redirectUris": [ "*" ],
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"publicClient": true,
"protocol": "openid-connect",
"attributes": {
"login_theme": "alfresco"
}
},
{
"clientId": "acs-sync",
"name": "Alfresco Sync Service Clients",
"enabled": true,
"alwaysDisplayInConsole": false,
"redirectUris": [
"http://127.0.0.1*",
"http://localhost*"
],
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"publicClient": true,
"protocol": "openid-connect",
"attributes": {
"login_theme": "alfresco"
}
}
],
"requiredCredentials": [ "password" ],
"users": [
{
"username": "admin",
"email": "admin@app.activiti.com",
"enabled": true,
"credentials" : [
{
"type" : "password",
"value" : "admin"
}
],
"realmRoles": [ "user", "admin" ]
}
]
}

4
nginx-ingress/entrypoint.sh
View File

@ -24,6 +24,10 @@ if [[ $APS_ADMIN_URL ]]; then
sed -i s%http:\/\/activiti-admin:8080%"$APS_ADMIN_URL"%g /etc/nginx/nginx.conf
fi
if [[ $AIMS_URL ]]; then
sed -i s%http:\/\/identity:8080%"$AIMS_URL"%g /etc/nginx/nginx.conf
fi
if [[ $ACCESS_LOG ]]; then
sed -i s%\#ENV_ACCESS_LOG%"access_log $ACCESS_LOG;"%g /etc/nginx/nginx.conf
fi

15
nginx-ingress/nginx.conf
View File

@ -19,7 +19,10 @@ http {
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
proxy_buffering off;
# proxy_buffering off;
proxy_buffer_size 64k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@ -69,9 +72,6 @@ http {
location /share/ {
proxy_pass http://share:8080;
# If using external proxy / load balancer (for initial redirect if no trailing slash)
absolute_redirect off;
}
location /workspace/ {
@ -80,5 +80,12 @@ http {
# If using external proxy / load balancer (for initial redirect if no trailing slash)
absolute_redirect off;
}
location /auth/ {
proxy_pass http://identity:8080;
# If using external proxy / load balancer (for initial redirect if no trailing slash)
absolute_redirect off;
}
}
}