diff --git a/.env b/.env index 4a4fc47..17887b4 100644 --- a/.env +++ b/.env @@ -7,3 +7,14 @@ PROXY_PORT=8080 IDENTITY_SERVICE_PROTOCOL=http IDENTITY_SERVICE_HOST=auth.example.org IDENTITY_SERVICE_PORT=8080 + +ACS_TAG=7.3.0 +ATR_TAG=2.0.0 +ATE_AIO_TAG=3.0.0 +ASFS_TAG=2.0.0 +AAMQ_TAG=5.17.1-jre17-centos7 +POSTGRES_TAG=13 +ASIE_TAG=2.0.5 +ACS_SHARE_TAG=7.3.0 +ALF_SYNC_SERV_TAG=3.7 +ADW_TAG=3.1.0 diff --git a/docker-compose.yml b/docker-compose.yml index 85e0c92..b76a73b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,22 +1,31 @@ # Sourced from https://github.com/Alfresco/acs-deployment/blob/4.0.3/docker-compose/docker-compose.yml # -# Using version 2 as 3 does not support resource constraint options (cpu_*, mem_* limits) for non swarm mode in Compose -version: "2.1" +version: "3" services: platform: - image: alfresco/alfresco-content-repository:6.2.2.3 - mem_limit: 1700m + image: quay.io/alfresco/alfresco-content-repository:${ACS_TAG} environment: + JAVA_TOOL_OPTIONS: " + -Dencryption.keystore.type=JCEKS + -Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding + -Dencryption.keyAlgorithm=DESede + -Dencryption.keystore.location=/usr/local/tomcat/shared/classes/alfresco/extension/keystore/keystore + -Dmetadata-keystore.password=mp6yc0UD9e + -Dmetadata-keystore.aliases=metadata + -Dmetadata-keystore.metadata.password=oKIWzVdEdA + -Dmetadata-keystore.metadata.algorithm=DESede + " JAVA_OPTS: " + -Xms512m -Xmx1g -Ddb.driver=org.postgresql.Driver -Ddb.username=alfresco -Ddb.password=alfresco -Ddb.url=jdbc:postgresql://postgres-acs:5432/alfresco -Dindex.subsystem.name=solr6 -Dsolr.host=search - -Dsolr.port=8983 - -Dsolr.secureComms=none + -Dsolr.secureComms=secret + -Dsolr.sharedSecret=alfresco-secret -Dshare.host=${PROXY_HOST} -Dshare.port=${PROXY_PORT} -Dshare.protocol=${PROXY_PROTOCOL} @@ -26,32 +35,21 @@ services: -Daos.baseUrlOverwrite=${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}/alfresco/aos -Dmessaging.broker.url=\"failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true\" -Ddeployment.method=DOCKER_COMPOSE - -DlocalTransform.core-aio.url=http://transform-core-aio:8090/ - -Dalfresco-pdf-renderer.url=http://transform-core-aio:8090/ - -Djodconverter.url=http://transform-core-aio:8090/ - -Dimg.url=http://transform-core-aio:8090/ - -Dtika.url=http://transform-core-aio:8090/ - -Dtransform.misc.url=http://transform-core-aio:8090/ -Dcsrf.filter.enabled=false - -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 - + -Dcors.enabled=false -Dtransform.service.enabled=true - -Dlocal.transform.service.enabled=false - -Dtransform.service.url=http://transform-router:8095 -Dsfs.url=http://shared-file-store:8099 + -Dlocal.transform.service.enabled=true -Dalfresco-pdf-renderer.url=http://transform-engine-aio:8090 -Djodconverter.url=http://transform-engine-aio:8090 -Dimg.url=http://transform-engine-aio:8090 -Dtika.url=http://transform-engine-aio:8090 -Dtransform.misc.url=http://transform-engine-aio:8090 - -Ddsync.service.uris=${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}/sync - -Dauthentication.chain=aims:identity-service,builtin:alfrescoNtlm -Didentity-service.authentication.defaultAdministratorUserNames=admin.1 -Didentity-service.auth-server-url=${IDENTITY_SERVICE_PROTOCOL}://${IDENTITY_SERVICE_HOST}:${IDENTITY_SERVICE_PORT}/auth - -Dsystem.content.eagerOrphanCleanup=true -Dsystem.content.orphanProtectDays=0 -Djodconverter.enabled=false @@ -69,8 +67,7 @@ services: - "$ALFRESCO_LICENSE_DIR/acs:/usr/local/tomcat/shared/classes/alfresco/extension/license:ro" transform-router: - image: quay.io/alfresco/alfresco-transform-router:1.3.1 - mem_limit: 128m + image: quay.io/alfresco/alfresco-transform-router:${ATR_TAG} environment: ACTIVEMQ_URL: "nio://activemq:61616" CORE_AIO_URL : "http://transform-core-aio:8090" @@ -80,8 +77,7 @@ services: - shared-file-store transform-core-aio: - image: alfresco/alfresco-transform-core-aio:2.3.6 - mem_limit: 1g + image: alfresco/alfresco-transform-core-aio:${ATE_AIO_TAG} environment: ACTIVEMQ_URL: "nio://activemq:61616" FILE_STORE_URL: "http://shared-file-store:8099/alfresco/api/-default-/private/sfs/versions/1/file" @@ -90,14 +86,12 @@ services: - shared-file-store shared-file-store: - image: alfresco/alfresco-shared-file-store:0.10.0 - mem_limit: 256m + image: quay.io/alfresco/alfresco-shared-file-store:${ASFS_TAG} volumes: - shared-file-store-volume:/tmp/Alfresco/sfs share: - image: alfresco/alfresco-share:6.2.2 - mem_limit: 512m + image: alfresco/alfresco-share:${ACS_SHARE_TAG} environment: REPO_HOST: "platform" CSRF_FILTER_REFERER: "${PROXY_PROTOCOL}://${PROXY_HOST}(:${PROXY_PORT})?/?.*" @@ -122,34 +116,36 @@ services: " postgres-acs: - image: postgres:11.7 - mem_limit: 128m + image: postgres:${POSTGRES_TAG} environment: - - POSTGRES_PASSWORD=alfresco - - POSTGRES_USER=alfresco - - POSTGRES_DB=alfresco + POSTGRES_PASSWORD: alfresco + POSTGRES_USER: alfresco + POSTGRES_DB: alfresco command: postgres -c max_connections=300 -c log_min_messages=LOG search: - image: alfresco/alfresco-search-services:2.0.1 - mem_limit: 1g + image: alfresco/alfresco-search-services:${ASIE_TAG} environment: - - SOLR_ALFRESCO_HOST=platform - - SOLR_ALFRESCO_PORT=8080 - - SOLR_SOLR_HOST=search - - SOLR_SOLR_PORT=8983 - - SOLR_CREATE_ALFRESCO_DEFAULTS=alfresco,archive - - ALFRESCO_SECURE_COMMS=none + SOLR_ALFRESCO_HOST: platform + SOLR_SOLR_HOST: search + SOLR_CREATE_ALFRESCO_DEFAULTS: alfresco,archive + ALFRESCO_SECURE_COMMS: secret + JAVA_TOOL_OPTIONS: " + -Dalfresco.secureComms.secret=alfresco-secret + " activemq: - image: alfresco/alfresco-activemq:5.15.8 - mem_limit: 512m + image: alfresco/alfresco-activemq:${AAMQ_TAG} + environment: + ACTIVEMQ_OPTS_MEMORY: -Xms64m -Xmx256m + ACTIVEMQ_ADMIN_LOGIN: alfresco + ACTIVEMQ_ADMIN_PASSWORD: alfresco sync: - image: quay.io/alfresco/service-sync:3.3.3.1 - mem_limit: 512m + image: quay.io/alfresco/service-sync:${ALF_SYNC_SERV_TAG} environment: JAVA_OPTS : " + -Xms64m -Xmx256m -Dsql.db.driver=org.postgresql.Driver -Dsql.db.url=jdbc:postgresql://postgres-acs:5432/alfresco -Dsql.db.username=alfresco @@ -158,7 +154,6 @@ services: -Drepo.hostname=platform -Drepo.port=8080 -Ddw.server.applicationConnectors[0].type=http - -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 -Didentity-service.auth-server-url=${IDENTITY_SERVICE_PROTOCOL}://${IDENTITY_SERVICE_HOST}:${IDENTITY_SERVICE_PORT}/auth -Didentity-service.resource=acs-sync " @@ -167,8 +162,7 @@ services: - activemq digital-workspace: - image: quay.io/alfresco/alfresco-digital-workspace:2.0.0-adw - mem_limit: 128m + image: quay.io/alfresco/alfresco-digital-workspace:${ADW_TAG} environment: BASE_PATH: ./ APP_CONFIG_ECM_HOST: "${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}"