From f28c16c4fee07c74f543bf609ea6ecee2b77b6bb Mon Sep 17 00:00:00 2001 From: Brian Long Date: Wed, 13 Jan 2021 14:32:12 -0500 Subject: [PATCH] initial aps base --- .env | 2 ++ docker-compose.yml | 47 ++++++++++++++++++++++++++++++++++++- nginx-ingress/entrypoint.sh | 8 +++++++ nginx-ingress/nginx.conf | 30 +++++++++++++++++++++++ 4 files changed, 86 insertions(+), 1 deletion(-) diff --git a/.env b/.env index 402477f..af14c9d 100644 --- a/.env +++ b/.env @@ -1,4 +1,6 @@ EXTERNAL_RESOURCE_DIR=~ +ALFRESCO_DIR=${EXTERNAL_RESOURCE_DIR}/alfresco +ALFRESCO_LICENSE_DIR=${ALFRESCO_DIR}/license PROXY_PROTOCOL=http PROXY_HOST=localhost diff --git a/docker-compose.yml b/docker-compose.yml index e82f46e..dab5652 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,8 +4,53 @@ version: "2" services: + activiti-app: + image: alfresco/process-services:latest + environment: + ACTIVITI_DATASOURCE_URL: 'jdbc:postgresql://postgres-aps:5432/activiti?characterEncoding=UTF-8' + ACTIVITI_ES_REST_CLIENT_ADDRESS: search-aps + depends_on: + - postgres-aps + volumes: + - "$LICENSE_DIR/aps:/root/.activiti/enterprise-license:ro" + + activiti-admin: + image: alfresco/process-services-admin:latest + environment: + ACTIVITI_ADMIN_DATASOURCE_URL: 'jdbc:postgresql://postgres-aps-admin:5432/activiti?characterEncoding=UTF-8' + ACTIVITI_ADMIN_REST_APP_HOST: http://activiti-app + depends_on: + - postgres-aps-admin + - activiti-app + volumes: + - ./activiti-admin.properties:/usr/local/tomcat/lib/activiti-admin.properties + + postgres-aps: + image: postgres:latest + + postgres-aps-admin: + image: postgres:latest + + search-aps: + image: elasticsearch:latest + container_name: elasticsearch + environment: + - node.name=elasticsearch + - cluster.name=aps-es-cluster + - cluster.initial_master_nodes=elasticsearch + - bootstrap.memory_lock=true + - "ES_JAVA_OPTS=-Xms512m -Xmx512m" + ulimits: + memlock: + soft: -1 + hard: -1 + depends_on: + - activit-app + proxy: build: ./nginx-ingress - image: local/nginx-ingress:base + image: local/nginx-ingress:acs ports: - 8080:8080 + depends_on: + - platform diff --git a/nginx-ingress/entrypoint.sh b/nginx-ingress/entrypoint.sh index 8bcdeb5..e95c58b 100644 --- a/nginx-ingress/entrypoint.sh +++ b/nginx-ingress/entrypoint.sh @@ -1,5 +1,13 @@ #!/bin/sh +if [[ $APS_APP_URL ]]; then + sed -i s%http:\/\/activiti-app:8080%"$APS_APP_URL"%g /etc/nginx/nginx.conf +fi + +if [[ $APS_ADMIN_URL ]]; then + sed -i s%http:\/\/activiti-admin:8080%"$APS_ADMIN_URL"%g /etc/nginx/nginx.conf +fi + if [[ $ACCESS_LOG ]]; then sed -i s%\#ENV_ACCESS_LOG%"access_log $ACCESS_LOG;"%g /etc/nginx/nginx.conf fi diff --git a/nginx-ingress/nginx.conf b/nginx-ingress/nginx.conf index 8124476..47db437 100644 --- a/nginx-ingress/nginx.conf +++ b/nginx-ingress/nginx.conf @@ -25,5 +25,35 @@ http { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass_header Set-Cookie; + + # Protect access to SOLR APIs + location ~ ^(/.*/service/api/solr/.*)$ {return 403;} + location ~ ^(/.*/s/api/solr/.*)$ {return 403;} + location ~ ^(/.*/wcservice/api/solr/.*)$ {return 403;} + location ~ ^(/.*/wcs/api/solr/.*)$ {return 403;} + + location ~ ^(/.*/proxy/alfresco/api/solr/.*)$ {return 403 ;} + location ~ ^(/.*/-default-/proxy/alfresco/api/.*)$ {return 403;} + + # Protect access to Prometheus endpoint + location ~ ^(/.*/s/prometheus)$ {return 403;} + + location / { + return 301 $scheme://$http_host/activiti-app; + } + + location /activiti-app/ { + proxy_pass http://activiti-app:8080; + + # If using external proxy / load balancer (for initial redirect if no trailing slash) + absolute_redirect off; + } + + location /activiti-admin/ { + proxy_pass http://activiti-admin:8080; + + # If using external proxy / load balancer (for initial redirect if no trailing slash) + absolute_redirect off; + } } }