inteligr8/env-docker-alfresco
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'aims' into adw-backend

Browse Source
This commit is contained in:
Brian Long 2023-10-26 10:56:48 -04:00
commit fbefed1ff1
5 changed files with 91 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.env
View File

@ -4,6 +4,9 @@ ALFRESCO_LICENSE_DIR=~/alfresco/license
PROXY_PROTOCOL=http PROXY_PROTOCOL=http
PROXY_HOST=localhost PROXY_HOST=localhost
PROXY_PORT=8080 PROXY_PORT=8080
IDENTITY_SERVICE_PROTOCOL=http
IDENTITY_SERVICE_HOST=auth.example.org
IDENTITY_SERVICE_PORT=8080
ACS_TAG=7.4.1.1 ACS_TAG=7.4.1.1
ATE_AIO_TAG=4.0.0 ATE_AIO_TAG=4.0.0
@ -11,3 +14,4 @@ AAMQ_TAG=latest
POSTGRES_TAG=13 POSTGRES_TAG=13
ASIE_TAG=2.0.8.2 ASIE_TAG=2.0.8.2
APS_TAG=2.4.1 APS_TAG=2.4.1
AIS_TAG=1.8.0.1

25
docker-compose.yml
View File

@ -104,12 +104,35 @@ services:
POSTGRES_PASSWORD: alfresco POSTGRES_PASSWORD: alfresco
command: postgres -c max_connections=300 -c log_min_messages=LOG command: postgres -c max_connections=300 -c log_min_messages=LOG
identity:
image: alfresco/alfresco-identity-service:${AIS_TAG}
user: jboss
environment:
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: admin
KEYCLOAK_HOSTNAME: ${IDENTITY_SERVICE_HOST}
KEYCLOAK_IMPORT: /tmp/keycloak-alfresco-realm.json
KEYCLOAK_STATISTICS: enabled
networks:
default:
aliases:
- "${IDENTITY_SERVICE_HOST}"
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080/auth/realms/alfresco"]
interval: 10s
timeout: 10s
# Really long startup times on Windows
retries: 18
volumes:
- ./keycloak-alfresco-realm.json:/tmp/keycloak-alfresco-realm.json:ro
proxy: proxy:
build: ./nginx-ingress build: ./nginx-ingress
image: local/nginx-ingress:acs-aps image: local/nginx-ingress:acs-aps-aims
mem_limit: 256m mem_limit: 256m
ports: ports:
- 8080:8080 - 8080:8080
depends_on: depends_on:
- platform - platform
- activiti-app - activiti-app
- identity

47
keycloak-alfresco-realm.json Normal file
View File

@ -0,0 +1,47 @@
{
"realm": "alfresco",
"enabled": true,
"sslRequired": "external",
"registrationAllowed": false,
"roles": {
"realm": [ {
"name": "user",
"description": "User privileges"
}, {
"name": "admin",
"description": "Administrator privileges"
} ]
},
"clients": [
{
"clientId": "alfresco",
"name": "Alfresco Products",
"enabled": true,
"alwaysDisplayInConsole": false,
"redirectUris": [ "*" ],
"standardFlowEnabled": true,
"implicitFlowEnabled": true,
"directAccessGrantsEnabled": false,
"publicClient": true,
"protocol": "openid-connect",
"attributes": {
"login_theme": "alfresco"
}
}
],
"requiredCredentials": [ "password" ],
"users": [
{
"username": "admin",
"email": "admin@app.activiti.com",
"enabled": true,
"credentials" : [
{
"type" : "password",
"value" : "admin"
}
],
"realmRoles": [ "user", "admin" ]
}
]
}

4
nginx-ingress/entrypoint.sh
View File

@ -12,6 +12,10 @@ if [[ $APS_ADMIN_URL ]]; then
sed -i s%http:\/\/activiti-admin:8080%"$APS_ADMIN_URL"%g /etc/nginx/nginx.conf sed -i s%http:\/\/activiti-admin:8080%"$APS_ADMIN_URL"%g /etc/nginx/nginx.conf
fi fi
if [[ $AIMS_URL ]]; then
sed -i s%http:\/\/identity:8080%"$AIMS_URL"%g /etc/nginx/nginx.conf
fi
if [[ $ACCESS_LOG ]]; then if [[ $ACCESS_LOG ]]; then
sed -i s%\#ENV_ACCESS_LOG%"access_log $ACCESS_LOG;"%g /etc/nginx/nginx.conf sed -i s%\#ENV_ACCESS_LOG%"access_log $ACCESS_LOG;"%g /etc/nginx/nginx.conf
fi fi

12
nginx-ingress/nginx.conf
View File

@ -19,7 +19,10 @@ http {
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off; proxy_redirect off;
proxy_buffering off; # proxy_buffering off;
proxy_buffer_size 64k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_set_header Host $http_host; proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@ -59,5 +62,12 @@ http {
# If using external proxy / load balancer (for initial redirect if no trailing slash) # If using external proxy / load balancer (for initial redirect if no trailing slash)
absolute_redirect off; absolute_redirect off;
} }
location /auth/ {
proxy_pass http://identity:8080;
# If using external proxy / load balancer (for initial redirect if no trailing slash)
absolute_redirect off;
}
} }
} }