Merge branch 'aims' into aims-persist

Merge branch 'proxy' into aims
Merge branch 'base' into proxy
2021-04-02 09:13:34 -04:00 · 2021-04-02 09:12:59 -04:00 · 2021-04-02 08:41:45 -04:00 · 2021-01-14 11:41:00 -05:00 · 2021-01-14 11:40:42 -05:00 · 2021-01-14 11:21:18 -05:00
6 changed files with 143 additions and 0 deletions
--- a/.env
+++ b/.env
@ -0,0 +1,4 @@
 PROXY_PROTOCOL=http
 PROXY_HOST=localhost
 PROXY_PORT=8080
 IDENTITY_SERVICE_BASEURL=http://auth.example.org:8080
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -3,3 +3,33 @@
 # Using version 2 as 3 does not support resource constraint options (cpu_*, mem_* limits) for non swarm mode in Compose
 version: "2"
 services:
    identity:
        image: alfresco/alfresco-identity-service:1.3
        user: jboss
        environment:
            KEYCLOAK_USER: admin
            KEYCLOAK_PASSWORD: admin
            KEYCLOAK_HOSTNAME: auth.example.org
            KEYCLOAK_IMPORT: /tmp/keycloak-alfresco-realm.json
            KEYCLOAK_STATISTICS: enabled
        networks:
            default:
                aliases:
                    - "auth.example.org"
        volumes:
            - ./keycloak-alfresco-realm.json:/tmp/keycloak-alfresco-realm.json:ro
            - keycloak-volume:/opt/jboss/keycloak/standalone/data:rw
    proxy:
        build: ./nginx-ingress
        image: local/nginx-ingress:aims
        ports:
            - 8080:8080
        depends_on:
            - identity
 volumes:
    keycloak-volume:
        driver: local
--- a/keycloak-alfresco-realm.json
+++ b/keycloak-alfresco-realm.json
@ -0,0 +1,47 @@
 {
  "realm": "alfresco",
  "enabled": true,
  "sslRequired": "external",
  "registrationAllowed": false,
  "roles": {
    "realm": [ {
      "name": "user",
      "description": "User privileges"
    }, {
      "name": "admin",
      "description": "Administrator privileges"
    } ]
  },
  "clients": [
    {
      "clientId": "alfresco",
      "name": "Alfresco Products",
      "enabled": true,
      "alwaysDisplayInConsole": false,
      "redirectUris": [ "*" ],
      "standardFlowEnabled": true,
      "implicitFlowEnabled": true,
      "directAccessGrantsEnabled": false,
      "publicClient": true,
      "protocol": "openid-connect",
      "attributes": {
        "login_theme": "alfresco"
      }
    }
  ],
  "requiredCredentials": [ "password" ],
  "users": [
    {
      "username": "admin",
      "email": "admin@app.activiti.com",
      "enabled": true,
      "credentials" : [
        {
          "type" : "password",
          "value" : "admin"
        }
      ],
      "realmRoles": [ "user", "admin" ]
    }
  ]
 }
--- a/nginx-ingress/Dockerfile
+++ b/nginx-ingress/Dockerfile
@ -0,0 +1,8 @@
 FROM nginx:stable-alpine
 COPY nginx.conf /etc/nginx/nginx.conf
 COPY entrypoint.sh /
 RUN chmod +x /entrypoint.sh
 ENTRYPOINT [ "/entrypoint.sh" ]
--- a/nginx-ingress/entrypoint.sh
+++ b/nginx-ingress/entrypoint.sh
@ -0,0 +1,11 @@
 #!/bin/sh
 if [[ $AIMS_URL ]]; then
  sed -i s%http:\/\/identity:8080%"$AIMS_URL"%g /etc/nginx/nginx.conf
 fi
 if [[ $ACCESS_LOG ]]; then
  sed -i s%\#ENV_ACCESS_LOG%"access_log $ACCESS_LOG;"%g /etc/nginx/nginx.conf
 fi
 nginx -g "daemon off;"
--- a/nginx-ingress/nginx.conf
+++ b/nginx-ingress/nginx.conf
@ -0,0 +1,43 @@
 worker_processes  1;
 events {
    worker_connections  1024;
 }
 http {
    server {
        listen *:8080;
        client_max_body_size 0;
        set  $allowOriginSite *;
        proxy_pass_request_headers on;
        proxy_pass_header Set-Cookie;
        # External settings, do not remove
        #ENV_ACCESS_LOG
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
        proxy_redirect off;
 #        proxy_buffering off;
        proxy_buffer_size	64k;
        proxy_buffers		4 256k;
        proxy_busy_buffers_size	256k;
        proxy_set_header Host              $http_host;
        proxy_set_header X-Real-IP         $remote_addr;
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass_header Set-Cookie;
        location / {
            return 301 $scheme://$http_host/auth;
        }
        location /auth/ {
            proxy_pass http://identity:8080;
            # If using external proxy / load balancer (for initial redirect if no trailing slash)
            absolute_redirect off;
        }
    }
 }
Author	SHA1	Message	Date
brian	96e4ea2d20	Merge branch 'aims' into aims-persist	2021-04-02 09:13:34 -04:00
brian	f23cda3fd1	Merge branch 'proxy' into aims	2021-04-02 09:12:59 -04:00
Brian Long	3d6aa1d4bc	Merge branch 'base' into proxy	2021-04-02 08:41:45 -04:00
brian	0469d435a4	Merge branch 'aims' into aims-persist	2021-01-14 11:41:00 -05:00
Brian Long	b4be2e251c	changed admin username ot alfresco defaults	2021-01-14 11:40:42 -05:00
brian	a933edb6bd	Merge branch 'aims' into aims-persist	2021-01-14 11:21:18 -05:00
Brian Long	44b6f26f4f	updates after some acs-enterprise testing	2021-01-14 11:17:01 -05:00
Brian Long	b124cd027c	added default admin.1 user	2021-01-14 09:39:34 -05:00
Brian Long	366a5121de	added persistence	2021-01-13 17:02:53 -05:00
Brian Long	919d842d61	added identity service	2021-01-13 17:01:06 -05:00
Brian Long	ac18d6d637	fixed host/protocol URL rewrites	2021-01-06 12:21:21 -05:00
Brian Long	817b062dfd	merged platform/share into single proxy	2020-12-26 13:54:31 -05:00
Brian Long	d6b7a879b1	added .env configurable platform/share context	2020-12-26 11:15:44 -05:00
Brian Long	5e618569bc	Merge branch 'base' into proxy.base	2020-12-26 11:11:16 -05:00
Brian Long	4e8453becd	removed port from reverse proxy; allows it to work when port changes	2020-12-25 23:08:07 -05:00
Brian Long	a42af25649	added port for localhost	2020-12-17 16:19:34 -05:00
Brian Long	f1df9c3217	initial nginx dynamic docker image config	2020-12-17 16:03:33 -05:00