diff --git a/.env b/.env index 4a4fc47..aaa3eae 100644 --- a/.env +++ b/.env @@ -7,3 +7,16 @@ PROXY_PORT=8080 IDENTITY_SERVICE_PROTOCOL=http IDENTITY_SERVICE_HOST=auth.example.org IDENTITY_SERVICE_PORT=8080 + +ACS_TAG=7.3.0 +ATR_TAG=2.0.0 +ATE_AIO_TAG=3.0.0 +ASFS_TAG=2.0.0 +APS_TAG=2.3.5 +AAMQ_TAG=5.17.1-jre17-centos7 +POSTGRES_TAG=13 +ASIE_TAG=2.0.5 +ACS_SHARE_TAG=7.3.0 +ALF_SYNC_SERV_TAG=3.7 +ADW_TAG=3.1.0 +ELASTICSEARCH_TAG=7.17.7 diff --git a/docker-compose.yml b/docker-compose.yml index efef0fa..a27b543 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,22 +1,31 @@ # Sourced from https://github.com/Alfresco/acs-deployment/blob/4.0.3/docker-compose/docker-compose.yml # -# Using version 2 as 3 does not support resource constraint options (cpu_*, mem_* limits) for non swarm mode in Compose -version: "2.1" +version: "3" services: platform: - image: quay.io/alfresco/alfresco-governance-repository-enterprise:V3.4-latest - mem_limit: 2g + image: quay.io/alfresco/alfresco-governance-repository-enterprise:${ACS_TAG} environment: + JAVA_TOOL_OPTIONS: " + -Dencryption.keystore.type=JCEKS + -Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding + -Dencryption.keyAlgorithm=DESede + -Dencryption.keystore.location=/usr/local/tomcat/shared/classes/alfresco/extension/keystore/keystore + -Dmetadata-keystore.password=mp6yc0UD9e + -Dmetadata-keystore.aliases=metadata + -Dmetadata-keystore.metadata.password=oKIWzVdEdA + -Dmetadata-keystore.metadata.algorithm=DESede + " JAVA_OPTS: " + -Xms512m -Xmx1g -Ddb.driver=org.postgresql.Driver -Ddb.username=alfresco -Ddb.password=alfresco -Ddb.url=jdbc:postgresql://postgres-acs:5432/alfresco -Dindex.subsystem.name=solr6 -Dsolr.host=search - -Dsolr.port=8983 - -Dsolr.secureComms=none + -Dsolr.secureComms=secret + -Dsolr.sharedSecret=alfresco-secret -Dshare.host=${PROXY_HOST} -Dshare.port=${PROXY_PORT} -Dshare.protocol=${PROXY_PROTOCOL} @@ -26,32 +35,21 @@ services: -Daos.baseUrlOverwrite=${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}/alfresco/aos -Dmessaging.broker.url=\"failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true\" -Ddeployment.method=DOCKER_COMPOSE - -DlocalTransform.core-aio.url=http://transform-core-aio:8090/ - -Dalfresco-pdf-renderer.url=http://transform-core-aio:8090/ - -Djodconverter.url=http://transform-core-aio:8090/ - -Dimg.url=http://transform-core-aio:8090/ - -Dtika.url=http://transform-core-aio:8090/ - -Dtransform.misc.url=http://transform-core-aio:8090/ -Dcsrf.filter.enabled=false - -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 - + -Dcors.enabled=false -Dtransform.service.enabled=true - -Dlocal.transform.service.enabled=false - -Dtransform.service.url=http://transform-router:8095 -Dsfs.url=http://shared-file-store:8099 + -Dlocal.transform.service.enabled=true -Dalfresco-pdf-renderer.url=http://transform-engine-aio:8090 -Djodconverter.url=http://transform-engine-aio:8090 -Dimg.url=http://transform-engine-aio:8090 -Dtika.url=http://transform-engine-aio:8090 -Dtransform.misc.url=http://transform-engine-aio:8090 - -Ddsync.service.uris=${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}/sync - -Dauthentication.chain=aims:identity-service,builtin:alfrescoNtlm -Didentity-service.authentication.defaultAdministratorUserNames=admin.1 -Didentity-service.auth-server-url=${IDENTITY_SERVICE_PROTOCOL}://${IDENTITY_SERVICE_HOST}:${IDENTITY_SERVICE_PORT}/auth - -Dsystem.content.eagerOrphanCleanup=true -Dsystem.content.orphanProtectDays=0 -Djodconverter.enabled=false @@ -69,8 +67,7 @@ services: - "$ALFRESCO_LICENSE_DIR/acs:/usr/local/tomcat/shared/classes/alfresco/extension/license:ro" transform-router: - image: quay.io/alfresco/alfresco-transform-router:1.3.1 - mem_limit: 128m + image: quay.io/alfresco/alfresco-transform-router:${ATR_TAG} environment: ACTIVEMQ_URL: "nio://activemq:61616" CORE_AIO_URL : "http://transform-core-aio:8090" @@ -80,8 +77,7 @@ services: - shared-file-store transform-core-aio: - image: alfresco/alfresco-transform-core-aio:2.3.6 - mem_limit: 1g + image: alfresco/alfresco-transform-core-aio:${ATE_AIO_TAG} environment: ACTIVEMQ_URL: "nio://activemq:61616" FILE_STORE_URL: "http://shared-file-store:8099/alfresco/api/-default-/private/sfs/versions/1/file" @@ -90,14 +86,12 @@ services: - shared-file-store shared-file-store: - image: alfresco/alfresco-shared-file-store:0.10.0 - mem_limit: 256m + image: quay.io/alfresco/alfresco-shared-file-store:${ASFS_TAG} volumes: - shared-file-store-volume:/tmp/Alfresco/sfs share: - image: quay.io/alfresco/alfresco-governance-share-enterprise:V3.4-latest - mem_limit: 512m + image: quay.io/alfresco/alfresco-governance-share-enterprise:${ACS_SHARE_TAG} environment: REPO_HOST: "platform" CSRF_FILTER_REFERER: "${PROXY_PROTOCOL}://${PROXY_HOST}(:${PROXY_PORT})?/?.*" @@ -122,34 +116,36 @@ services: " postgres-acs: - image: postgres:11.7 - mem_limit: 128m + image: postgres:${POSTGRES_TAG} environment: - - POSTGRES_PASSWORD=alfresco - - POSTGRES_USER=alfresco - - POSTGRES_DB=alfresco + POSTGRES_PASSWORD: alfresco + POSTGRES_USER: alfresco + POSTGRES_DB: alfresco command: postgres -c max_connections=300 -c log_min_messages=LOG search: - image: alfresco/alfresco-search-services:2.0.1 - mem_limit: 1g + image: alfresco/alfresco-search-services:${ASIE_TAG} environment: - - SOLR_ALFRESCO_HOST=platform - - SOLR_ALFRESCO_PORT=8080 - - SOLR_SOLR_HOST=search - - SOLR_SOLR_PORT=8983 - - SOLR_CREATE_ALFRESCO_DEFAULTS=alfresco,archive - - ALFRESCO_SECURE_COMMS=none + SOLR_ALFRESCO_HOST: platform + SOLR_SOLR_HOST: search + SOLR_CREATE_ALFRESCO_DEFAULTS: alfresco,archive + ALFRESCO_SECURE_COMMS: secret + JAVA_TOOL_OPTIONS: " + -Dalfresco.secureComms.secret=alfresco-secret + " activemq: - image: alfresco/alfresco-activemq:5.15.8 - mem_limit: 512m + image: alfresco/alfresco-activemq:${AAMQ_TAG} + environment: + ACTIVEMQ_OPTS_MEMORY: -Xms64m -Xmx256m + ACTIVEMQ_ADMIN_LOGIN: alfresco + ACTIVEMQ_ADMIN_PASSWORD: alfresco sync: - image: quay.io/alfresco/service-sync:3.3.3.1 - mem_limit: 512m + image: quay.io/alfresco/service-sync:${ALF_SYNC_SERV_TAG} environment: JAVA_OPTS : " + -Xms64m -Xmx256m -Dsql.db.driver=org.postgresql.Driver -Dsql.db.url=jdbc:postgresql://postgres-acs:5432/alfresco -Dsql.db.username=alfresco @@ -158,7 +154,6 @@ services: -Drepo.hostname=platform -Drepo.port=8080 -Ddw.server.applicationConnectors[0].type=http - -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80 -Didentity-service.auth-server-url=${IDENTITY_SERVICE_PROTOCOL}://${IDENTITY_SERVICE_HOST}:${IDENTITY_SERVICE_PORT}/auth -Didentity-service.resource=acs-sync " @@ -167,8 +162,7 @@ services: - activemq digital-workspace: - image: quay.io/alfresco/alfresco-digital-workspace:2.0.0-adw - mem_limit: 128m + image: quay.io/alfresco/alfresco-digital-workspace:${ADW_TAG} environment: BASE_PATH: ./ APP_CONFIG_ECM_HOST: "${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}" @@ -185,8 +179,7 @@ services: APP_CONFIG_OAUTH2_REDIRECT_LOGOUT: "/workspace/logout" activiti-app: - image: alfresco/process-services:1.11.1.1 - mem_limit: 512m + image: quay.io/alfresco/alfresco-process-services:${APS_TAG} environment: ACTIVITI_DATASOURCE_USERNAME: alfresco ACTIVITI_DATASOURCE_PASSWORD: alfresco @@ -200,15 +193,14 @@ services: IDENTITY_SERVICE_ENABLED: "true" IDENTITY_SERVICE_AUTH: ${IDENTITY_SERVICE_PROTOCOL}://${IDENTITY_SERVICE_HOST}:${IDENTITY_SERVICE_PORT}/auth IDENTITY_SERVICE_CONTENT_SSO_REDIRECT_URI: ${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}/activiti-app/app/rest/integration/sso/confirm-auth-request - JAVA_OPTS: "-XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80" + JAVA_OPTS: "-Xms128m -Xmx256m" depends_on: - postgres-aps volumes: - - "$ALFRESCO_LICENSE_DIR/aps:/root/.activiti/enterprise-license:ro" + - "$ALFRESCO_LICENSE_DIR/aps:/home/alfresco/.activiti/enterprise-license:ro" activiti-admin: - image: alfresco/process-services-admin:1.11.1.1 - mem_limit: 256m + image: quay.io/alfresco/alfresco-process-services-admin:${APS_TAG} environment: ACTIVITI_ADMIN_DATASOURCE_USERNAME: alfresco ACTIVITI_ADMIN_DATASOURCE_PASSWORD: alfresco @@ -217,14 +209,13 @@ services: ACTIVITI_ADMIN_DATASOURCE_URL: 'jdbc:postgresql://postgres-aps-admin:5432/activiti-admin?characterEncoding=UTF-8' ACTIVITI_ADMIN_REST_APP_HOST: http://activiti-app ACTIVITI_ADMIN_REST_APP_PORT: 8080 - JAVA_OPTS: "-XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80" + JAVA_OPTS: "-Xms64m -Xmx128m" depends_on: - postgres-aps-admin - activiti-app postgres-aps: - image: postgres:11.6 - mem_limit: 128m + image: postgres:${POSTGRES_TAG} environment: POSTGRES_DB: activiti POSTGRES_USER: alfresco @@ -232,8 +223,7 @@ services: command: postgres -c max_connections=300 -c log_min_messages=LOG postgres-aps-admin: - image: postgres:11.6 - mem_limit: 128m + image: postgres:${POSTGRES_TAG} environment: POSTGRES_DB: activiti-admin POSTGRES_USER: alfresco @@ -241,8 +231,7 @@ services: command: postgres -c max_connections=50 -c log_min_messages=LOG search-aps: - image: elasticsearch:7.6.0 - mem_limit: 512m + image: elasticsearch:${ELASTICSEARCH_TAG} environment: discovery.type: single-node ES_JAVA_OPTS: "-Xms128m -Xmx256m"