Compare commits
85 Commits
acs-fronte
...
propagate/
| Author | SHA1 | Date | |
|---|---|---|---|
| 1655c7f1f4 | |||
| cb894f5f5f | |||
| 6aafbbfd63 | |||
| 4a48e807c5 | |||
| bcf68b4027 | |||
| 885e53df2a | |||
| dc318d141e | |||
| d0593febf2 | |||
| b54b94839d | |||
| f456bb7ea9 | |||
| 76f18e1a60 | |||
| 6aa3731165 | |||
| 78f2ed24c6 | |||
| fbefed1ff1 | |||
| 7f06015d81 | |||
| 8b9d766380 | |||
| 82864c1955 | |||
| 350380fb3d | |||
| 9427e0e1cb | |||
| f64a0e29d9 | |||
| 9afc703a2c | |||
| d4362a2bcd | |||
| 8901d10f82 | |||
| e0e190d987 | |||
| fc8a854920 | |||
| 7e526e0e1e | |||
| 416fe88c6b | |||
| 6126155ca0 | |||
| b115f86a6d | |||
| 9114da403b | |||
| 8e6eb7ae72 | |||
| ff3554c0ce | |||
| cc77feb9b6 | |||
| 4e85d8118c | |||
| 1279c5aeba | |||
| dd967a17f2 | |||
| 27a818fd22 | |||
| cecbf32b68 | |||
| 6608b0600c | |||
| 52c8e24b3a | |||
| c8540ca0de | |||
| 279eb2af9d | |||
| 0d379094e9 | |||
| dee72646e6 | |||
| 97b9237171 | |||
| d7c28f9b6e | |||
| 924c687250 | |||
| dfb0f61088 | |||
| 1a0d8ba2b2 | |||
| a7fa111930 | |||
| 995fbfb13f | |||
| 171f67daf0 | |||
| db6c0f84a9 | |||
| b238e3c727 | |||
| 1929c94880 | |||
| 7590f2d390 | |||
| 2d91d8bc08 | |||
| 1bd9da2339 | |||
|
d15d9d291c | ||
|
|
ec79404d1c | ||
|
|
8b7ec4654e | ||
|
|
f23cda3fd1 | ||
| 6e0c055222 | |||
|
|
fd79be4aed | ||
| b4be2e251c | |||
| 0be038fe07 | |||
| 25d0633fdb | |||
| 44b6f26f4f | |||
| ca420b43e2 | |||
| 8be7673ad3 | |||
| b124cd027c | |||
| 77f2c5e0f1 | |||
| 919d842d61 | |||
|
|
9dd046ad51 | ||
| 20b41bbcb1 | |||
| 89348916a5 | |||
| a2619fac7b | |||
| 3a47c43a88 | |||
| 16aa444b19 | |||
| deb6bf058c | |||
| 8a0ccc61a5 | |||
| 695e3b3dc0 | |||
| 2b7755222b | |||
| 237a8abd62 | |||
| f28c16c4fe |
9
.env
9
.env
@@ -4,14 +4,15 @@ ALFRESCO_LICENSE_DIR=~/alfresco/license
|
||||
PROXY_PROTOCOL=http
|
||||
PROXY_HOST=localhost
|
||||
PROXY_PORT=8080
|
||||
IDENTITY_SERVICE_PROTOCOL=http
|
||||
IDENTITY_SERVICE_HOST=auth.example.org
|
||||
IDENTITY_SERVICE_PORT=8080
|
||||
|
||||
ACS_TAG=7.4.1.1
|
||||
ATR_TAG=3.0.0
|
||||
ATE_AIO_TAG=4.0.0
|
||||
ASFS_TAG=3.0.0
|
||||
AAMQ_TAG=latest
|
||||
POSTGRES_TAG=13
|
||||
ASIE_TAG=2.0.8.2
|
||||
APS_TAG=2.4.1
|
||||
AIS_TAG=1.8.0.1
|
||||
ACS_SHARE_TAG=7.4.1.2
|
||||
ALF_SYNC_SERV_TAG=3.9.0
|
||||
ADW_TAG=4.1.0
|
||||
|
||||
@@ -7,7 +7,6 @@ This Git Repository intends to represent environments in Docker Compose. All en
|
||||
|
||||
This version of Alfresco requires licensing.
|
||||
|
||||
### ACS Enterprise
|
||||
|
||||
The enterprise version of ACS requires a license file for it to work for more than 2 days. This means it isn't really required, but it is becomes important when you utilize any `persist` branch. For licensing to work, you must place your license file in the following directory relative to the user home directory that runs the Docker Compose command: `alfresco/license/acs`. There must be just one file in there that ends in `.lic`.
|
||||
### APS
|
||||
|
||||
APS requires a license file for it to work. For licensing to work, you must place your license file in the following directory relative to the user home directory that runs the Docker Compose command: `alfresco/license/aps`. The filename must be `activiti.lic`. You can use symbolic linking if desired.
|
||||
|
||||
@@ -5,7 +5,7 @@ version: "3"
|
||||
services:
|
||||
|
||||
platform:
|
||||
image: quay.io/alfresco/alfresco-content-repository:${ACS_TAG}
|
||||
image: alfresco/alfresco-content-repository-community:${ACS_TAG}
|
||||
environment:
|
||||
JAVA_TOOL_OPTIONS: "
|
||||
-Dencryption.keystore.type=JCEKS
|
||||
@@ -27,76 +27,39 @@ services:
|
||||
-Dsolr.host=search
|
||||
-Dsolr.secureComms=secret
|
||||
-Dsolr.sharedSecret=alfresco-secret
|
||||
-Dshare.host=${PROXY_HOST}
|
||||
-Dshare.port=${PROXY_PORT}
|
||||
-Dshare.protocol=${PROXY_PROTOCOL}
|
||||
-Dalfresco.host=${PROXY_HOST}
|
||||
-Dalfresco.port=${PROXY_PORT}
|
||||
-Dalfresco.protocol=${PROXY_PROTOCOL}
|
||||
-Daos.baseUrlOverwrite=${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}/alfresco/aos
|
||||
-Dmessaging.broker.url=\"failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true\"
|
||||
-Ddeployment.method=DOCKER_COMPOSE
|
||||
-DlocalTransform.core-aio.url=http://transform-core-aio:8090/
|
||||
-Dalfresco-pdf-renderer.url=http://transform-core-aio:8090/
|
||||
-Djodconverter.url=http://transform-core-aio:8090/
|
||||
-Dimg.url=http://transform-core-aio:8090/
|
||||
-Dtika.url=http://transform-core-aio:8090/
|
||||
-Dtransform.misc.url=http://transform-core-aio:8090/
|
||||
-Dcsrf.filter.enabled=false
|
||||
-Dcors.enabled=false
|
||||
-Dtransform.service.enabled=true
|
||||
-Dtransform.service.url=http://transform-router:8095
|
||||
-Dsfs.url=http://shared-file-store:8099
|
||||
-Dtransform.service.enabled=false
|
||||
-Dlocal.transform.service.enabled=true
|
||||
-Dalfresco-pdf-renderer.url=http://transform-engine-aio:8090
|
||||
-Djodconverter.url=http://transform-engine-aio:8090
|
||||
-Dimg.url=http://transform-engine-aio:8090
|
||||
-Dtika.url=http://transform-engine-aio:8090
|
||||
-Dtransform.misc.url=http://transform-engine-aio:8090
|
||||
-Ddsync.service.uris=${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}/sync
|
||||
-Dauthentication.chain=aims:identity-service,builtin:alfrescoNtlm
|
||||
-Didentity-service.authentication.defaultAdministratorUserNames=admin.1
|
||||
-Didentity-service.auth-server-url=${IDENTITY_SERVICE_PROTOCOL}://${IDENTITY_SERVICE_HOST}:${IDENTITY_SERVICE_PORT}/auth
|
||||
-Dsystem.content.eagerOrphanCleanup=true
|
||||
-Dsystem.content.orphanProtectDays=0
|
||||
-Djodconverter.enabled=false
|
||||
"
|
||||
depends_on:
|
||||
- postgres-acs
|
||||
- activemq
|
||||
- shared-file-store
|
||||
volumes:
|
||||
- "$ALFRESCO_LICENSE_DIR/acs:/usr/local/tomcat/shared/classes/alfresco/extension/license:ro"
|
||||
|
||||
transform-router:
|
||||
image: quay.io/alfresco/alfresco-transform-router:${ATR_TAG}
|
||||
environment:
|
||||
ACTIVEMQ_URL: "nio://activemq:61616"
|
||||
CORE_AIO_URL : "http://transform-core-aio:8090"
|
||||
FILE_STORE_URL: "http://shared-file-store:8099/alfresco/api/-default-/private/sfs/versions/1/file"
|
||||
depends_on:
|
||||
- activemq
|
||||
- shared-file-store
|
||||
postgres-acs:
|
||||
condition: service_started
|
||||
activemq:
|
||||
condition: service_started
|
||||
identity:
|
||||
condition: service_healthy
|
||||
|
||||
transform-core-aio:
|
||||
image: alfresco/alfresco-transform-core-aio:${ATE_AIO_TAG}
|
||||
environment:
|
||||
ACTIVEMQ_URL: "nio://activemq:61616"
|
||||
FILE_STORE_URL: "http://shared-file-store:8099/alfresco/api/-default-/private/sfs/versions/1/file"
|
||||
depends_on:
|
||||
- activemq
|
||||
- shared-file-store
|
||||
|
||||
shared-file-store:
|
||||
image: quay.io/alfresco/alfresco-shared-file-store:${ASFS_TAG}
|
||||
volumes:
|
||||
- shared-file-store-volume:/tmp/Alfresco/sfs
|
||||
|
||||
share:
|
||||
image: alfresco/alfresco-share:${ACS_SHARE_TAG}
|
||||
environment:
|
||||
REPO_HOST: "platform"
|
||||
CSRF_FILTER_REFERER: "${PROXY_PROTOCOL}://${PROXY_HOST}(:${PROXY_PORT})?/?.*"
|
||||
CSRF_FILTER_ORIGIN: "${PROXY_PROTOCOL}://${PROXY_HOST}(:${PROXY_PORT})?"
|
||||
JAVA_OPTS: "
|
||||
-Dshare.host=${PROXY_HOST}
|
||||
-Dshare.port=${PROXY_PORT}
|
||||
-Dshare.protocol=${PROXY_PROTOCOL}
|
||||
-Dalfresco.host=${PROXY_HOST}
|
||||
-Dalfresco.port=${PROXY_PORT}
|
||||
-Dalfresco.protocol=${PROXY_PROTOCOL}
|
||||
"
|
||||
|
||||
postgres-acs:
|
||||
image: postgres:${POSTGRES_TAG}
|
||||
@@ -126,44 +89,59 @@ services:
|
||||
ACTIVEMQ_ADMIN_LOGIN: alfresco
|
||||
ACTIVEMQ_ADMIN_PASSWORD: alfresco
|
||||
|
||||
sync:
|
||||
image: quay.io/alfresco/service-sync:${ALF_SYNC_SERV_TAG}
|
||||
activiti-app:
|
||||
image: quay.io/alfresco/alfresco-process-services:${APS_TAG}
|
||||
environment:
|
||||
JAVA_OPTS : "
|
||||
-Xms64m -Xmx256m
|
||||
-Dsql.db.driver=org.postgresql.Driver
|
||||
-Dsql.db.url=jdbc:postgresql://postgres-acs:5432/alfresco
|
||||
-Dsql.db.username=alfresco
|
||||
-Dsql.db.password=alfresco
|
||||
-Dmessaging.broker.host=activemq
|
||||
-Drepo.hostname=platform
|
||||
-Drepo.port=8080
|
||||
-Ddw.server.applicationConnectors[0].type=http
|
||||
"
|
||||
ACTIVITI_DATASOURCE_USERNAME: alfresco
|
||||
ACTIVITI_DATASOURCE_PASSWORD: alfresco
|
||||
ACTIVITI_DATASOURCE_DRIVER: org.postgresql.Driver
|
||||
ACTIVITI_HIBERNATE_DIALECT: org.hibernate.dialect.PostgreSQLDialect
|
||||
ACTIVITI_DATASOURCE_URL: 'jdbc:postgresql://postgres-aps:5432/activiti?characterEncoding=UTF-8'
|
||||
IDENTITY_SERVICE_ENABLED: "true"
|
||||
IDENTITY_SERVICE_AUTH: ${IDENTITY_SERVICE_PROTOCOL}://${IDENTITY_SERVICE_HOST}:${IDENTITY_SERVICE_PORT}/auth
|
||||
IDENTITY_SERVICE_CONTENT_SSO_REDIRECT_URI: ${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}/activiti-app/app/rest/integration/sso/confirm-auth-request
|
||||
JAVA_OPTS: "-Xms128m -Xmx256m"
|
||||
depends_on:
|
||||
- postgres-acs
|
||||
- activemq
|
||||
|
||||
digital-workspace:
|
||||
image: quay.io/alfresco/alfresco-digital-workspace:${ADW_TAG}
|
||||
- postgres-aps
|
||||
volumes:
|
||||
- "$ALFRESCO_LICENSE_DIR/aps:/home/alfresco/.activiti/enterprise-license:ro"
|
||||
|
||||
postgres-aps:
|
||||
image: postgres:${POSTGRES_TAG}
|
||||
environment:
|
||||
BASE_PATH: ./
|
||||
APP_CONFIG_ECM_HOST: "${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}"
|
||||
APP_BASE_SHARE_URL: "${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}/#/preview/s"
|
||||
POSTGRES_DB: activiti
|
||||
POSTGRES_USER: alfresco
|
||||
POSTGRES_PASSWORD: alfresco
|
||||
command: postgres -c max_connections=300 -c log_min_messages=LOG
|
||||
|
||||
identity:
|
||||
image: alfresco/alfresco-identity-service:${AIS_TAG}
|
||||
user: jboss
|
||||
environment:
|
||||
KEYCLOAK_USER: admin
|
||||
KEYCLOAK_PASSWORD: admin
|
||||
KEYCLOAK_HOSTNAME: ${IDENTITY_SERVICE_HOST}
|
||||
KEYCLOAK_IMPORT: /tmp/keycloak-alfresco-realm.json
|
||||
KEYCLOAK_STATISTICS: enabled
|
||||
networks:
|
||||
default:
|
||||
aliases:
|
||||
- "${IDENTITY_SERVICE_HOST}"
|
||||
healthcheck:
|
||||
test: ["CMD", "curl", "-f", "http://localhost:8080/auth/realms/alfresco"]
|
||||
interval: 10s
|
||||
timeout: 10s
|
||||
# Really long startup times on Windows
|
||||
retries: 18
|
||||
volumes:
|
||||
- ./keycloak-alfresco-realm.json:/tmp/keycloak-alfresco-realm.json:ro
|
||||
|
||||
proxy:
|
||||
build: ./nginx-ingress
|
||||
image: local/nginx-ingress:acs-sync-share-adw
|
||||
image: local/nginx-ingress:acs-aps-aims
|
||||
ports:
|
||||
- 8080:8080
|
||||
depends_on:
|
||||
- platform
|
||||
- sync
|
||||
- share
|
||||
- digital-workspace
|
||||
|
||||
volumes:
|
||||
shared-file-store-volume:
|
||||
driver_opts:
|
||||
type: tmpfs
|
||||
device: tmpfs
|
||||
- activiti-app
|
||||
- identity
|
||||
|
||||
62
keycloak-alfresco-realm.json
Normal file
62
keycloak-alfresco-realm.json
Normal file
@@ -0,0 +1,62 @@
|
||||
{
|
||||
"realm": "alfresco",
|
||||
"enabled": true,
|
||||
"sslRequired": "external",
|
||||
"registrationAllowed": false,
|
||||
"roles": {
|
||||
"realm": [ {
|
||||
"name": "user",
|
||||
"description": "User privileges"
|
||||
}, {
|
||||
"name": "admin",
|
||||
"description": "Administrator privileges"
|
||||
} ]
|
||||
},
|
||||
"clients": [
|
||||
{
|
||||
"clientId": "alfresco",
|
||||
"name": "Alfresco Products",
|
||||
"enabled": true,
|
||||
"alwaysDisplayInConsole": false,
|
||||
"redirectUris": [ "*" ],
|
||||
"standardFlowEnabled": true,
|
||||
"implicitFlowEnabled": true,
|
||||
"directAccessGrantsEnabled": false,
|
||||
"publicClient": true,
|
||||
"protocol": "openid-connect",
|
||||
"attributes": {
|
||||
"login_theme": "alfresco"
|
||||
}
|
||||
},
|
||||
{
|
||||
"clientId": "acs-share",
|
||||
"name": "ACS Share",
|
||||
"enabled": true,
|
||||
"alwaysDisplayInConsole": false,
|
||||
"redirectUris": [ "*" ],
|
||||
"standardFlowEnabled": true,
|
||||
"implicitFlowEnabled": false,
|
||||
"directAccessGrantsEnabled": false,
|
||||
"publicClient": true,
|
||||
"protocol": "openid-connect",
|
||||
"attributes": {
|
||||
"login_theme": "alfresco"
|
||||
}
|
||||
}
|
||||
],
|
||||
"requiredCredentials": [ "password" ],
|
||||
"users": [
|
||||
{
|
||||
"username": "admin",
|
||||
"email": "admin@app.activiti.com",
|
||||
"enabled": true,
|
||||
"credentials" : [
|
||||
{
|
||||
"type" : "password",
|
||||
"value" : "admin"
|
||||
}
|
||||
],
|
||||
"realmRoles": [ "user", "admin" ]
|
||||
}
|
||||
]
|
||||
}
|
||||
@@ -4,16 +4,12 @@ if [[ $ACS_PLATFORM_URL ]]; then
|
||||
sed -i s%http:\/\/platform:8080%"$ACS_PLATFORM_URL"%g /etc/nginx/nginx.conf
|
||||
fi
|
||||
|
||||
if [[ $ACS_SYNC_URL ]]; then
|
||||
sed -i s%http:\/\/sync:9090%"$ACS_SYNC_URL"%g /etc/nginx/nginx.conf
|
||||
if [[ $APS_APP_URL ]]; then
|
||||
sed -i s%http:\/\/activiti-app:8080%"$APS_APP_URL"%g /etc/nginx/nginx.conf
|
||||
fi
|
||||
|
||||
if [[ $ACS_SHARE_URL ]]; then
|
||||
sed -i s%http:\/\/share:8080%"$ACS_SHARE_URL"%g /etc/nginx/nginx.conf
|
||||
fi
|
||||
|
||||
if [[ $ADW_URL ]]; then
|
||||
sed -i s%http:\/\/digital-workspace:8080%"$ADW_URL"%g /etc/nginx/nginx.conf
|
||||
if [[ $AIMS_URL ]]; then
|
||||
sed -i s%http:\/\/identity:8080%"$AIMS_URL"%g /etc/nginx/nginx.conf
|
||||
fi
|
||||
|
||||
if [[ $ACCESS_LOG ]]; then
|
||||
|
||||
@@ -19,7 +19,10 @@ http {
|
||||
|
||||
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
|
||||
proxy_redirect off;
|
||||
proxy_buffering off;
|
||||
# proxy_buffering off;
|
||||
proxy_buffer_size 64k;
|
||||
proxy_buffers 4 256k;
|
||||
proxy_busy_buffers_size 256k;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
@@ -44,24 +47,17 @@ http {
|
||||
|
||||
location /alfresco/ {
|
||||
proxy_pass http://platform:8080;
|
||||
}
|
||||
|
||||
location /activiti-app/ {
|
||||
proxy_pass http://activiti-app:8080;
|
||||
|
||||
# If using external proxy / load balancer (for initial redirect if no trailing slash)
|
||||
absolute_redirect off;
|
||||
}
|
||||
|
||||
location /sync/ {
|
||||
proxy_pass http://sync:9090/alfresco/;
|
||||
}
|
||||
|
||||
location /share/ {
|
||||
proxy_pass http://share:8080;
|
||||
|
||||
# If using external proxy / load balancer (for initial redirect if no trailing slash)
|
||||
absolute_redirect off;
|
||||
}
|
||||
|
||||
location /workspace/ {
|
||||
proxy_pass http://digital-workspace:8080/;
|
||||
location /auth/ {
|
||||
proxy_pass http://identity:8080;
|
||||
|
||||
# If using external proxy / load balancer (for initial redirect if no trailing slash)
|
||||
absolute_redirect off;
|
||||
|
||||
Reference in New Issue
Block a user