Merge branch 'aims' into aims-persist

2023-11-01 10:36:57 -04:00 · 2023-10-25 20:07:43 -04:00 · 2022-11-01 17:54:38 -04:00 · 2021-07-30 16:44:51 -04:00 · 2021-06-22 09:11:42 -04:00 · 2021-05-06 14:13:22 -04:00
6 changed files with 5 additions and 367 deletions
--- a/.env
+++ b/.env
@@ -1,6 +1,3 @@
 ALFRESCO_DIR=~/alfresco
 ALFRESCO_LICENSE_DIR=~/alfresco/license
 PROXY_PROTOCOL=http
 PROXY_HOST=localhost
 PROXY_PORT=8080
@@ -8,15 +5,4 @@ IDENTITY_SERVICE_PROTOCOL=http
 IDENTITY_SERVICE_HOST=auth.example.org
 IDENTITY_SERVICE_PORT=8080
 ACS_TAG=7.4.1.1
 ATR_TAG=3.0.0
 ATE_AIO_TAG=4.0.0
 ASFS_TAG=3.0.0
 APS_TAG=2.4.1
 AIS_TAG=1.8.0.1
 AAMQ_TAG=latest
 POSTGRES_TAG=13
 ASIE_TAG=2.0.8.2
 ACS_SHARE_TAG=7.4.1.2
 ALF_SYNC_SERV_TAG=3.9.0
 ADW_TAG=4.1.0
--- a/README.md
+++ b/README.md
@@ -3,14 +3,3 @@
 This Git Repository intends to represent environments in Docker Compose.  All environments are effectively a derivative of other environments.  The original environment is the environment represented by the `base` branch.  All derivative environments are represented by other branches.  Those branches are named in the format `{core}.{parent}`.
 ## Licensing
 This version of Alfresco requires licensing.
 ### ACS Enterprise
 The enterprise version of ACS requires a license file for it to work for more than 2 days.  This means it isn't really required, but it is becomes important when you utilize any `persist` branch.  For licensing to work, you must place your license file in the following directory relative to the user home directory that runs the Docker Compose command: `alfresco/license/acs`.  There must be just one file in there that ends in `.lic`.
 ### APS
 APS requires a license file for it to work.  For licensing to work, you must place your license file in the following directory relative to the user home directory that runs the Docker Compose command: `alfresco/license/aps`.  The filename must be `activiti.lic`.  You can use symbolic linking if desired.
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -4,231 +4,6 @@ version: "3"
 services:
    platform:
        image: quay.io/alfresco/alfresco-governance-repository-enterprise:${ACS_TAG}
        environment:
            JAVA_TOOL_OPTIONS: "
                -Dencryption.keystore.type=JCEKS
                -Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding
                -Dencryption.keyAlgorithm=DESede
                -Dencryption.keystore.location=/usr/local/tomcat/shared/classes/alfresco/extension/keystore/keystore
                -Dmetadata-keystore.password=mp6yc0UD9e
                -Dmetadata-keystore.aliases=metadata
                -Dmetadata-keystore.metadata.password=oKIWzVdEdA
                -Dmetadata-keystore.metadata.algorithm=DESede
                "
            JAVA_OPTS: "
                -Xms512m -Xmx1g
                -Ddb.driver=org.postgresql.Driver
                -Ddb.username=alfresco
                -Ddb.password=alfresco
                -Ddb.url=jdbc:postgresql://postgres-acs:5432/alfresco
                -Dindex.subsystem.name=solr6
                -Dsolr.host=search
                -Dsolr.secureComms=secret
                -Dsolr.sharedSecret=alfresco-secret
                -Dshare.host=${PROXY_HOST}
                -Dshare.port=${PROXY_PORT}
                -Dshare.protocol=${PROXY_PROTOCOL}
                -Dalfresco.host=${PROXY_HOST}
                -Dalfresco.port=${PROXY_PORT}
                -Dalfresco.protocol=${PROXY_PROTOCOL}
                -Daos.baseUrlOverwrite=${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}/alfresco/aos
                -Dmessaging.broker.url=\"failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true\"
                -Ddeployment.method=DOCKER_COMPOSE
                -Dcsrf.filter.enabled=false
                -Dcors.enabled=false
                -Dtransform.service.enabled=true
                -Dtransform.service.url=http://transform-router:8095
                -Dsfs.url=http://shared-file-store:8099
                -Dlocal.transform.service.enabled=true
                -Dalfresco-pdf-renderer.url=http://transform-engine-aio:8090
                -Djodconverter.url=http://transform-engine-aio:8090
                -Dimg.url=http://transform-engine-aio:8090
                -Dtika.url=http://transform-engine-aio:8090
                -Dtransform.misc.url=http://transform-engine-aio:8090
                -Ddsync.service.uris=${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}/sync
                -Dauthentication.chain=aims:identity-service,builtin:alfrescoNtlm
                -Didentity-service.authentication.defaultAdministratorUserNames=admin.1
                -Didentity-service.auth-server-url=${IDENTITY_SERVICE_PROTOCOL}://${IDENTITY_SERVICE_HOST}:${IDENTITY_SERVICE_PORT}/auth
                -Dsystem.content.eagerOrphanCleanup=true
                -Dsystem.content.orphanProtectDays=0
                -Djodconverter.enabled=false
                "
        depends_on:
            postgres-acs:
                condition: service_started
            activemq:
                condition: service_started
            shared-file-store:
                condition: service_started
            identity:
                condition: service_healthy
        volumes:
            - "$ALFRESCO_LICENSE_DIR/acs:/usr/local/tomcat/shared/classes/alfresco/extension/license:ro"
    transform-router:
        image: quay.io/alfresco/alfresco-transform-router:${ATR_TAG}
        environment:
            ACTIVEMQ_URL: "nio://activemq:61616"
            CORE_AIO_URL : "http://transform-core-aio:8090"
            FILE_STORE_URL: "http://shared-file-store:8099/alfresco/api/-default-/private/sfs/versions/1/file"
        depends_on:
            - activemq
            - shared-file-store
    transform-core-aio:
        image: alfresco/alfresco-transform-core-aio:${ATE_AIO_TAG}
        environment:
            ACTIVEMQ_URL: "nio://activemq:61616"
            FILE_STORE_URL: "http://shared-file-store:8099/alfresco/api/-default-/private/sfs/versions/1/file"
        depends_on:
            - activemq
            - shared-file-store
    shared-file-store:
        image: quay.io/alfresco/alfresco-shared-file-store:${ASFS_TAG}
        volumes:
            - shared-file-store-volume:/tmp/Alfresco/sfs
    share:
        image: quay.io/alfresco/alfresco-governance-share-enterprise:${ACS_SHARE_TAG}
        environment:
            REPO_HOST: "platform"
            CSRF_FILTER_REFERER: "${PROXY_PROTOCOL}://${PROXY_HOST}(:${PROXY_PORT})?/?.*"
            CSRF_FILTER_ORIGIN: "${PROXY_PROTOCOL}://${PROXY_HOST}(:${PROXY_PORT})?"
            JAVA_OPTS: "
                -Dshare.host=${PROXY_HOST}
                -Dshare.port=${PROXY_PORT}
                -Dshare.protocol=${PROXY_PROTOCOL}
                -Dalfresco.host=${PROXY_HOST}
                -Dalfresco.port=${PROXY_PORT}
                -Dalfresco.protocol=${PROXY_PROTOCOL}
                -Daims.enabled=true
                -Daims.realm=alfresco
                -Daims.resource=acs-share
                -Daims.authServerUrl=${IDENTITY_SERVICE_PROTOCOL}://${IDENTITY_SERVICE_HOST}:${IDENTITY_SERVICE_PORT}/auth
                -Daims.sslRequired=none
                -Daims.publicClient=true
                -Daims.autodetectBearerOnly=true
                -Daims.alwaysRefreshToken=true
                -Daims.principalAttribute=preferred_username
                -Daims.enableBasicAuth=true
                "
    postgres-acs:
        image: postgres:${POSTGRES_TAG}
        environment:
            POSTGRES_PASSWORD: alfresco
            POSTGRES_USER: alfresco
            POSTGRES_DB: alfresco
        command: postgres -c max_connections=300 -c log_min_messages=LOG
    search:
        image: alfresco/alfresco-search-services:${ASIE_TAG}
        environment:
            SOLR_ALFRESCO_HOST: platform
            SOLR_SOLR_HOST: search
            SOLR_CREATE_ALFRESCO_DEFAULTS: alfresco,archive
            ALFRESCO_SECURE_COMMS: secret
            JAVA_TOOL_OPTIONS: "
                -Dalfresco.secureComms.secret=alfresco-secret
                "
        healthcheck:
            test: "curl -fsS http://localhost:8983/solr"
    activemq:
        image: alfresco/alfresco-activemq:${AAMQ_TAG}
        environment:
            ACTIVEMQ_OPTS_MEMORY: -Xms64m -Xmx256m
            ACTIVEMQ_ADMIN_LOGIN: alfresco
            ACTIVEMQ_ADMIN_PASSWORD: alfresco
    sync:
        image: quay.io/alfresco/service-sync:${ALF_SYNC_SERV_TAG}
        environment:
            JAVA_OPTS : "
                -Xms64m -Xmx256m
                -Dsql.db.driver=org.postgresql.Driver
                -Dsql.db.url=jdbc:postgresql://postgres-acs:5432/alfresco
                -Dsql.db.username=alfresco
                -Dsql.db.password=alfresco
                -Dmessaging.broker.host=activemq
                -Drepo.hostname=platform
                -Drepo.port=8080
                -Ddw.server.applicationConnectors[0].type=http
                -Didentity-service.auth-server-url=${IDENTITY_SERVICE_PROTOCOL}://${IDENTITY_SERVICE_HOST}:${IDENTITY_SERVICE_PORT}/auth
                -Didentity-service.resource=acs-sync
                "
        depends_on:
            - postgres-acs
            - activemq
    digital-workspace:
        image: quay.io/alfresco/alfresco-digital-workspace:${ADW_TAG}
        environment:
            BASE_PATH: ./
            APP_CONFIG_ECM_HOST: "${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}"
            APP_CONFIG_BPM_HOST: "${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}"
            APP_BASE_SHARE_URL: "${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}/workspace/#/preview/s"
            APP_CONFIG_PROVIDER: "ALL"
            APP_CONFIG_PLUGIN_PROCESS_SERVICE: "true"
            #APP_CONFIG_PLUGIN_PROCESS_AUTOMATION: "true"
            APP_CONFIG_AUTH_TYPE: OAUTH
            APP_CONFIG_OAUTH2_HOST: "${IDENTITY_SERVICE_PROTOCOL}://${IDENTITY_SERVICE_HOST}:${IDENTITY_SERVICE_PORT}/auth/realms/alfresco"
            APP_CONFIG_OAUTH2_CLIENTID: alfresco
            APP_CONFIG_OAUTH2_IMPLICIT_FLOW: "true"
            APP_CONFIG_OAUTH2_REDIRECT_LOGIN: "/workspace/"
            APP_CONFIG_OAUTH2_REDIRECT_LOGOUT: "/workspace/logout"
    activiti-app:
        image: quay.io/alfresco/alfresco-process-services:${APS_TAG}
        environment:
            ACTIVITI_DATASOURCE_USERNAME: alfresco
            ACTIVITI_DATASOURCE_PASSWORD: alfresco
            ACTIVITI_DATASOURCE_DRIVER: org.postgresql.Driver
            ACTIVITI_HIBERNATE_DIALECT: org.hibernate.dialect.PostgreSQLDialect
            ACTIVITI_DATASOURCE_URL: 'jdbc:postgresql://postgres-aps:5432/activiti?characterEncoding=UTF-8'
            IDENTITY_SERVICE_ENABLED: "true"
            IDENTITY_SERVICE_AUTH: http://identity:8080/auth
            IDENTITY_SERVICE_CONTENT_SSO_REDIRECT_URI: ${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}/activiti-app/app/rest/integration/sso/confirm-auth-request
            JAVA_OPTS: "-Xms128m -Xmx256m"
        depends_on:
            - postgres-aps
        volumes:
            - "$ALFRESCO_LICENSE_DIR/aps:/home/alfresco/.activiti/enterprise-license:ro"
    activiti-admin:
        image: quay.io/alfresco/alfresco-process-services-admin:${APS_TAG}
        environment:
            ACTIVITI_ADMIN_DATASOURCE_USERNAME: alfresco
            ACTIVITI_ADMIN_DATASOURCE_PASSWORD: alfresco
            ACTIVITI_ADMIN_DATASOURCE_DRIVER: org.postgresql.Driver
            ACTIVITI_ADMIN_HIBERNATE_DIALECT: org.hibernate.dialect.PostgreSQLDialect
            ACTIVITI_ADMIN_DATASOURCE_URL: 'jdbc:postgresql://postgres-aps-admin:5432/activiti-admin?characterEncoding=UTF-8'
            ACTIVITI_ADMIN_REST_APP_HOST: http://activiti-app
            ACTIVITI_ADMIN_REST_APP_PORT: 8080
            JAVA_OPTS: "-Xms64m -Xmx128m"
        depends_on:
            - postgres-aps-admin
            - activiti-app
    postgres-aps:
        image: postgres:${POSTGRES_TAG}
        environment:
            POSTGRES_DB: activiti
            POSTGRES_USER: alfresco
            POSTGRES_PASSWORD: alfresco
        command: postgres -c max_connections=300 -c log_min_messages=LOG
    postgres-aps-admin:
        image: postgres:${POSTGRES_TAG}
        environment:
            POSTGRES_DB: activiti-admin
            POSTGRES_USER: alfresco
            POSTGRES_PASSWORD: alfresco
        command: postgres -c max_connections=50 -c log_min_messages=LOG
    identity:
        image: alfresco/alfresco-identity-service:${AIS_TAG}
        user: jboss
@@ -250,23 +25,16 @@ services:
            retries: 18
        volumes:
            - ./keycloak-alfresco-realm.json:/tmp/keycloak-alfresco-realm.json:ro
            - keycloak-volume:/opt/jboss/keycloak/standalone/data:rw
    proxy:
        build: ./nginx-ingress
-        image: local/nginx-ingress:acs-sync-share-adw-aps-aims
+        image: local/nginx-ingress:aims
        ports:
            - 8080:8080
        depends_on:
            - platform
            - sync
            - share
            - digital-workspace
            - activiti-app
            - activiti-admin
            - identity
 volumes:
-    shared-file-store-volume:
+    keycloak-volume:
-        driver_opts:
+        driver: local
            type: tmpfs
            device: tmpfs
--- a/keycloak-alfresco-realm.json
+++ b/keycloak-alfresco-realm.json
@@ -27,39 +27,6 @@
      "attributes": {
        "login_theme": "alfresco"
      }
    },
    {
      "clientId": "acs-share",
      "name": "ACS Share",
      "enabled": true,
      "alwaysDisplayInConsole": false,
      "redirectUris": [ "*" ],
      "standardFlowEnabled": true,
      "implicitFlowEnabled": false,
      "directAccessGrantsEnabled": false,
      "publicClient": true,
      "protocol": "openid-connect",
      "attributes": {
        "login_theme": "alfresco"
      }
    },
    {
      "clientId": "acs-sync",
      "name": "Alfresco Sync Service Clients",
      "enabled": true,
      "alwaysDisplayInConsole": false,
      "redirectUris": [
        "http://127.0.0.1*",
        "http://localhost*"
      ],
      "standardFlowEnabled": true,
      "implicitFlowEnabled": false,
      "directAccessGrantsEnabled": false,
      "publicClient": true,
      "protocol": "openid-connect",
      "attributes": {
        "login_theme": "alfresco"
      }
    }
  ],
  "requiredCredentials": [ "password" ],
--- a/nginx-ingress/entrypoint.sh
+++ b/nginx-ingress/entrypoint.sh
@@ -1,29 +1,5 @@
 #!/bin/sh
 if [[ $ACS_PLATFORM_URL ]]; then
  sed -i s%http:\/\/platform:8080%"$ACS_PLATFORM_URL"%g /etc/nginx/nginx.conf
 fi
 if [[ $ACS_SYNC_URL ]]; then
  sed -i s%http:\/\/sync:9090%"$ACS_SYNC_URL"%g /etc/nginx/nginx.conf
 fi
 if [[ $ACS_SHARE_URL ]]; then
  sed -i s%http:\/\/share:8080%"$ACS_SHARE_URL"%g /etc/nginx/nginx.conf
 fi
 if [[ $ADW_URL ]]; then
  sed -i s%http:\/\/digital-workspace:8080%"$ADW_URL"%g /etc/nginx/nginx.conf
 fi
 if [[ $APS_APP_URL ]]; then
  sed -i s%http:\/\/activiti-app:8080%"$APS_APP_URL"%g /etc/nginx/nginx.conf
 fi
 if [[ $APS_ADMIN_URL ]]; then
  sed -i s%http:\/\/activiti-admin:8080%"$APS_ADMIN_URL"%g /etc/nginx/nginx.conf
 fi
 if [[ $AIMS_URL ]]; then
  sed -i s%http:\/\/identity:8080%"$AIMS_URL"%g /etc/nginx/nginx.conf
 fi
--- a/nginx-ingress/nginx.conf
+++ b/nginx-ingress/nginx.conf
@@ -28,57 +28,9 @@ http {
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass_header Set-Cookie;
        # Protect access to SOLR APIs
        location ~ ^(/.*/service/api/solr/.*)$ {return 403;}
        location ~ ^(/.*/s/api/solr/.*)$ {return 403;}
        location ~ ^(/.*/wcservice/api/solr/.*)$ {return 403;}
        location ~ ^(/.*/wcs/api/solr/.*)$ {return 403;}
        location ~ ^(/.*/proxy/alfresco/api/solr/.*)$ {return 403 ;}
        location ~ ^(/.*/-default-/proxy/alfresco/api/.*)$ {return 403;}
        # Protect access to Prometheus endpoint
        location ~ ^(/.*/s/prometheus)$ {return 403;}
        location / {
-            proxy_pass http://platform:8080;
+            return 301 $scheme://$http_host/auth;
        }
        location /alfresco/ {
            proxy_pass http://platform:8080;
            # If using external proxy / load balancer (for initial redirect if no trailing slash)
            absolute_redirect off;
        }
        location /sync/ {
            proxy_pass http://sync:9090/alfresco/;
        }
        location /activiti-app/ {
            proxy_pass http://activiti-app:8080;
            # If using external proxy / load balancer (for initial redirect if no trailing slash)
            absolute_redirect off;
        }
        location /activiti-admin/ {
            proxy_pass http://activiti-admin:8080;
            # If using external proxy / load balancer (for initial redirect if no trailing slash)
            absolute_redirect off;
        }
        location /share/ {
            proxy_pass http://share:8080;
        }
        location /workspace/ {
            proxy_pass http://digital-workspace:8080/;
            # If using external proxy / load balancer (for initial redirect if no trailing slash)
            absolute_redirect off;
        }
        location /auth/ {
Author	SHA1	Message	Date
Brian Long	adbfea6606	Merge branch 'aims' into aims-persist	2023-11-01 10:36:57 -04:00
Brian M. Long	3e3bca3991	Merge branch 'aims' into aims-persist	2023-10-25 20:07:43 -04:00
Brian M. Long	ac95b938c5	Merge branch 'aims' into aims-persist	2022-11-01 17:54:38 -04:00
Brian Long	c338927a4b	Merge branch 'aims' into aims-persist	2021-07-30 16:44:51 -04:00
Brian Long	20de0cf640	Merge branch 'aims' into aims-persist	2021-06-22 09:11:42 -04:00
Brian Long	91cefa2f80	Merge branch 'aims' into aims-persist	2021-05-06 14:13:22 -04:00
brian	96e4ea2d20	Merge branch 'aims' into aims-persist	2021-04-02 09:13:34 -04:00
brian	0469d435a4	Merge branch 'aims' into aims-persist	2021-01-14 11:41:00 -05:00
brian	a933edb6bd	Merge branch 'aims' into aims-persist	2021-01-14 11:21:18 -05:00
Brian Long	366a5121de	added persistence	2021-01-13 17:02:53 -05:00