Merge branch 'aims' into aims-persist

Merge branch 'proxy' into aims
Merge branch 'base' into proxy
2021-04-02 09:13:34 -04:00 · 2021-04-02 09:12:59 -04:00 · 2021-04-02 08:41:45 -04:00 · 2021-01-14 11:41:00 -05:00 · 2021-01-14 11:40:42 -05:00 · 2021-01-14 11:21:18 -05:00
6 changed files with 143 additions and 0 deletions
--- a/.env
+++ b/.env
@ -0,0 +1,4 @@
+PROXY_PROTOCOL=http
+PROXY_HOST=localhost
+PROXY_PORT=8080
+IDENTITY_SERVICE_BASEURL=http://auth.example.org:8080
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -3,3 +3,33 @@
 # Using version 2 as 3 does not support resource constraint options (cpu_*, mem_* limits) for non swarm mode in Compose
 version: "2"

+services:
+
+    identity:
+        image: alfresco/alfresco-identity-service:1.3
+        user: jboss
+        environment:
+            KEYCLOAK_USER: admin
+            KEYCLOAK_PASSWORD: admin
+            KEYCLOAK_HOSTNAME: auth.example.org
+            KEYCLOAK_IMPORT: /tmp/keycloak-alfresco-realm.json
+            KEYCLOAK_STATISTICS: enabled
+        networks:
+            default:
+                aliases:
+                    - "auth.example.org"
+        volumes:
+            - ./keycloak-alfresco-realm.json:/tmp/keycloak-alfresco-realm.json:ro
+            - keycloak-volume:/opt/jboss/keycloak/standalone/data:rw
+    
+    proxy:
+        build: ./nginx-ingress
+        image: local/nginx-ingress:aims
+        ports:
+            - 8080:8080
+        depends_on:
+            - identity
+
+volumes:
+    keycloak-volume:
+        driver: local
--- a/keycloak-alfresco-realm.json
+++ b/keycloak-alfresco-realm.json
@ -0,0 +1,47 @@
+{
+  "realm": "alfresco",
+  "enabled": true,
+  "sslRequired": "external",
+  "registrationAllowed": false,
+  "roles": {
+    "realm": [ {
+      "name": "user",
+      "description": "User privileges"
+    }, {
+      "name": "admin",
+      "description": "Administrator privileges"
+    } ]
+  },
+  "clients": [
+    {
+      "clientId": "alfresco",
+      "name": "Alfresco Products",
+      "enabled": true,
+      "alwaysDisplayInConsole": false,
+      "redirectUris": [ "*" ],
+      "standardFlowEnabled": true,
+      "implicitFlowEnabled": true,
+      "directAccessGrantsEnabled": false,
+      "publicClient": true,
+      "protocol": "openid-connect",
+      "attributes": {
+        "login_theme": "alfresco"
+      }
+    }
+  ],
+  "requiredCredentials": [ "password" ],
+  "users": [
+    {
+      "username": "admin",
+      "email": "admin@app.activiti.com",
+      "enabled": true,
+      "credentials" : [
+        {
+          "type" : "password",
+          "value" : "admin"
+        }
+      ],
+      "realmRoles": [ "user", "admin" ]
+    }
+  ]
+}
--- a/nginx-ingress/Dockerfile
+++ b/nginx-ingress/Dockerfile
@ -0,0 +1,8 @@
+FROM nginx:stable-alpine
+
+COPY nginx.conf /etc/nginx/nginx.conf
+
+COPY entrypoint.sh /
+RUN chmod +x /entrypoint.sh
+
+ENTRYPOINT [ "/entrypoint.sh" ]
--- a/nginx-ingress/entrypoint.sh
+++ b/nginx-ingress/entrypoint.sh
@ -0,0 +1,11 @@
+#!/bin/sh
+
+if [[ $AIMS_URL ]]; then
+  sed -i s%http:\/\/identity:8080%"$AIMS_URL"%g /etc/nginx/nginx.conf
+fi
+
+if [[ $ACCESS_LOG ]]; then
+  sed -i s%\#ENV_ACCESS_LOG%"access_log $ACCESS_LOG;"%g /etc/nginx/nginx.conf
+fi
+
+nginx -g "daemon off;"
--- a/nginx-ingress/nginx.conf
+++ b/nginx-ingress/nginx.conf
@ -0,0 +1,43 @@
+worker_processes  1;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    server {
+        listen *:8080;
+
+        client_max_body_size 0;
+
+        set  $allowOriginSite *;
+        proxy_pass_request_headers on;
+        proxy_pass_header Set-Cookie;
+
+        # External settings, do not remove
+        #ENV_ACCESS_LOG
+
+        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
+        proxy_redirect off;
+#        proxy_buffering off;
+        proxy_buffer_size	64k;
+        proxy_buffers		4 256k;
+        proxy_busy_buffers_size	256k;
+        proxy_set_header Host              $http_host;
+        proxy_set_header X-Real-IP         $remote_addr;
+        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_pass_header Set-Cookie;
+
+        location / {
+            return 301 $scheme://$http_host/auth;
+        }
+
+        location /auth/ {
+            proxy_pass http://identity:8080;
+
+            # If using external proxy / load balancer (for initial redirect if no trailing slash)
+            absolute_redirect off;
+        }
+    }
+}
Author	SHA1	Message	Date
brian	96e4ea2d20	Merge branch 'aims' into aims-persist	2021-04-02 09:13:34 -04:00
brian	f23cda3fd1	Merge branch 'proxy' into aims	2021-04-02 09:12:59 -04:00
Brian Long	3d6aa1d4bc	Merge branch 'base' into proxy	2021-04-02 08:41:45 -04:00
brian	0469d435a4	Merge branch 'aims' into aims-persist	2021-01-14 11:41:00 -05:00
Brian Long	b4be2e251c	changed admin username ot alfresco defaults	2021-01-14 11:40:42 -05:00
brian	a933edb6bd	Merge branch 'aims' into aims-persist	2021-01-14 11:21:18 -05:00
Brian Long	44b6f26f4f	updates after some acs-enterprise testing	2021-01-14 11:17:01 -05:00
Brian Long	b124cd027c	added default admin.1 user	2021-01-14 09:39:34 -05:00
Brian Long	366a5121de	added persistence	2021-01-13 17:02:53 -05:00
Brian Long	919d842d61	added identity service	2021-01-13 17:01:06 -05:00
Brian Long	ac18d6d637	fixed host/protocol URL rewrites	2021-01-06 12:21:21 -05:00
Brian Long	817b062dfd	merged platform/share into single proxy	2020-12-26 13:54:31 -05:00
Brian Long	d6b7a879b1	added .env configurable platform/share context	2020-12-26 11:15:44 -05:00
Brian Long	5e618569bc	Merge branch 'base' into proxy.base	2020-12-26 11:11:16 -05:00
Brian Long	4e8453becd	removed port from reverse proxy; allows it to work when port changes	2020-12-25 23:08:07 -05:00
Brian Long	a42af25649	added port for localhost	2020-12-17 16:19:34 -05:00
Brian Long	f1df9c3217	initial nginx dynamic docker image config	2020-12-17 16:03:33 -05:00