Compare commits
6 Commits
dbp-persis
...
aims-persi
| Author | SHA1 | Date | |
|---|---|---|---|
| adbfea6606 | |||
| 3e3bca3991 | |||
| ac95b938c5 | |||
| c338927a4b | |||
| 20de0cf640 | |||
| 91cefa2f80 |
14
.env
14
.env
@@ -1,6 +1,3 @@
|
||||
ALFRESCO_DIR=~/alfresco
|
||||
ALFRESCO_LICENSE_DIR=~/alfresco/license
|
||||
|
||||
PROXY_PROTOCOL=http
|
||||
PROXY_HOST=localhost
|
||||
PROXY_PORT=8080
|
||||
@@ -8,15 +5,4 @@ IDENTITY_SERVICE_PROTOCOL=http
|
||||
IDENTITY_SERVICE_HOST=auth.example.org
|
||||
IDENTITY_SERVICE_PORT=8080
|
||||
|
||||
ACS_TAG=7.4.1.1
|
||||
ATR_TAG=3.0.0
|
||||
ATE_AIO_TAG=4.0.0
|
||||
ASFS_TAG=3.0.0
|
||||
APS_TAG=2.4.1
|
||||
AIS_TAG=1.8.0.1
|
||||
AAMQ_TAG=latest
|
||||
POSTGRES_TAG=13
|
||||
ASIE_TAG=2.0.8.2
|
||||
ACS_SHARE_TAG=7.4.1.2
|
||||
ALF_SYNC_SERV_TAG=3.9.0
|
||||
ADW_TAG=4.1.0
|
||||
|
||||
11
README.md
11
README.md
@@ -3,14 +3,3 @@
|
||||
|
||||
This Git Repository intends to represent environments in Docker Compose. All environments are effectively a derivative of other environments. The original environment is the environment represented by the `base` branch. All derivative environments are represented by other branches. Those branches are named in the format `{core}.{parent}`.
|
||||
|
||||
## Licensing
|
||||
|
||||
This version of Alfresco requires licensing.
|
||||
|
||||
### ACS Enterprise
|
||||
|
||||
The enterprise version of ACS requires a license file for it to work for more than 2 days. This means it isn't really required, but it is becomes important when you utilize any `persist` branch. For licensing to work, you must place your license file in the following directory relative to the user home directory that runs the Docker Compose command: `alfresco/license/acs`. There must be just one file in there that ends in `.lic`.
|
||||
|
||||
### APS
|
||||
|
||||
APS requires a license file for it to work. For licensing to work, you must place your license file in the following directory relative to the user home directory that runs the Docker Compose command: `alfresco/license/aps`. The filename must be `activiti.lic`. You can use symbolic linking if desired.
|
||||
|
||||
@@ -4,243 +4,6 @@ version: "3"
|
||||
|
||||
services:
|
||||
|
||||
platform:
|
||||
image: quay.io/alfresco/alfresco-governance-repository-enterprise:${ACS_TAG}
|
||||
environment:
|
||||
JAVA_TOOL_OPTIONS: "
|
||||
-Dencryption.keystore.type=JCEKS
|
||||
-Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding
|
||||
-Dencryption.keyAlgorithm=DESede
|
||||
-Dencryption.keystore.location=/usr/local/tomcat/shared/classes/alfresco/extension/keystore/keystore
|
||||
-Dmetadata-keystore.password=mp6yc0UD9e
|
||||
-Dmetadata-keystore.aliases=metadata
|
||||
-Dmetadata-keystore.metadata.password=oKIWzVdEdA
|
||||
-Dmetadata-keystore.metadata.algorithm=DESede
|
||||
"
|
||||
JAVA_OPTS: "
|
||||
-Xms512m -Xmx1g
|
||||
-Ddb.driver=org.postgresql.Driver
|
||||
-Ddb.username=alfresco
|
||||
-Ddb.password=alfresco
|
||||
-Ddb.url=jdbc:postgresql://postgres-acs:5432/alfresco
|
||||
-Dindex.subsystem.name=solr6
|
||||
-Dsolr.host=search
|
||||
-Dsolr.secureComms=secret
|
||||
-Dsolr.sharedSecret=alfresco-secret
|
||||
-Dshare.host=${PROXY_HOST}
|
||||
-Dshare.port=${PROXY_PORT}
|
||||
-Dshare.protocol=${PROXY_PROTOCOL}
|
||||
-Dalfresco.host=${PROXY_HOST}
|
||||
-Dalfresco.port=${PROXY_PORT}
|
||||
-Dalfresco.protocol=${PROXY_PROTOCOL}
|
||||
-Daos.baseUrlOverwrite=${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}/alfresco/aos
|
||||
-Dmessaging.broker.url=\"failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true\"
|
||||
-Ddeployment.method=DOCKER_COMPOSE
|
||||
-Dcsrf.filter.enabled=false
|
||||
-Dcors.enabled=false
|
||||
-Dtransform.service.enabled=true
|
||||
-Dtransform.service.url=http://transform-router:8095
|
||||
-Dsfs.url=http://shared-file-store:8099
|
||||
-Dlocal.transform.service.enabled=true
|
||||
-Dalfresco-pdf-renderer.url=http://transform-engine-aio:8090
|
||||
-Djodconverter.url=http://transform-engine-aio:8090
|
||||
-Dimg.url=http://transform-engine-aio:8090
|
||||
-Dtika.url=http://transform-engine-aio:8090
|
||||
-Dtransform.misc.url=http://transform-engine-aio:8090
|
||||
-Ddsync.service.uris=${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}/sync
|
||||
-Dauthentication.chain=aims:identity-service,builtin:alfrescoNtlm
|
||||
-Didentity-service.authentication.defaultAdministratorUserNames=admin.1
|
||||
-Didentity-service.auth-server-url=${IDENTITY_SERVICE_PROTOCOL}://${IDENTITY_SERVICE_HOST}:${IDENTITY_SERVICE_PORT}/auth
|
||||
-Dsystem.content.eagerOrphanCleanup=true
|
||||
-Dsystem.content.orphanProtectDays=0
|
||||
-Djodconverter.enabled=false
|
||||
"
|
||||
depends_on:
|
||||
postgres-acs:
|
||||
condition: service_started
|
||||
activemq:
|
||||
condition: service_started
|
||||
shared-file-store:
|
||||
condition: service_started
|
||||
identity:
|
||||
condition: service_healthy
|
||||
volumes:
|
||||
- "$ALFRESCO_LICENSE_DIR/acs:/usr/local/tomcat/shared/classes/alfresco/extension/license:ro"
|
||||
- acsbin-volume:/usr/local/tomcat/alf_data:rw
|
||||
|
||||
transform-router:
|
||||
image: quay.io/alfresco/alfresco-transform-router:${ATR_TAG}
|
||||
environment:
|
||||
ACTIVEMQ_URL: "nio://activemq:61616"
|
||||
CORE_AIO_URL : "http://transform-core-aio:8090"
|
||||
FILE_STORE_URL: "http://shared-file-store:8099/alfresco/api/-default-/private/sfs/versions/1/file"
|
||||
depends_on:
|
||||
- activemq
|
||||
- shared-file-store
|
||||
|
||||
transform-core-aio:
|
||||
image: alfresco/alfresco-transform-core-aio:${ATE_AIO_TAG}
|
||||
environment:
|
||||
ACTIVEMQ_URL: "nio://activemq:61616"
|
||||
FILE_STORE_URL: "http://shared-file-store:8099/alfresco/api/-default-/private/sfs/versions/1/file"
|
||||
depends_on:
|
||||
- activemq
|
||||
- shared-file-store
|
||||
|
||||
shared-file-store:
|
||||
image: quay.io/alfresco/alfresco-shared-file-store:${ASFS_TAG}
|
||||
volumes:
|
||||
- shared-file-store-volume:/tmp/Alfresco/sfs
|
||||
|
||||
share:
|
||||
image: quay.io/alfresco/alfresco-governance-share-enterprise:${ACS_SHARE_TAG}
|
||||
environment:
|
||||
REPO_HOST: "platform"
|
||||
CSRF_FILTER_REFERER: "${PROXY_PROTOCOL}://${PROXY_HOST}(:${PROXY_PORT})?/?.*"
|
||||
CSRF_FILTER_ORIGIN: "${PROXY_PROTOCOL}://${PROXY_HOST}(:${PROXY_PORT})?"
|
||||
JAVA_OPTS: "
|
||||
-Dshare.host=${PROXY_HOST}
|
||||
-Dshare.port=${PROXY_PORT}
|
||||
-Dshare.protocol=${PROXY_PROTOCOL}
|
||||
-Dalfresco.host=${PROXY_HOST}
|
||||
-Dalfresco.port=${PROXY_PORT}
|
||||
-Dalfresco.protocol=${PROXY_PROTOCOL}
|
||||
-Daims.enabled=true
|
||||
-Daims.realm=alfresco
|
||||
-Daims.resource=acs-share
|
||||
-Daims.authServerUrl=${IDENTITY_SERVICE_PROTOCOL}://${IDENTITY_SERVICE_HOST}:${IDENTITY_SERVICE_PORT}/auth
|
||||
-Daims.sslRequired=none
|
||||
-Daims.publicClient=true
|
||||
-Daims.autodetectBearerOnly=true
|
||||
-Daims.alwaysRefreshToken=true
|
||||
-Daims.principalAttribute=preferred_username
|
||||
-Daims.enableBasicAuth=true
|
||||
"
|
||||
|
||||
postgres-acs:
|
||||
image: postgres:${POSTGRES_TAG}
|
||||
environment:
|
||||
POSTGRES_PASSWORD: alfresco
|
||||
POSTGRES_USER: alfresco
|
||||
POSTGRES_DB: alfresco
|
||||
command: postgres -c max_connections=300 -c log_min_messages=LOG
|
||||
volumes:
|
||||
- acsdb-volume:/var/lib/postgresql/data:rw
|
||||
|
||||
search:
|
||||
image: alfresco/alfresco-search-services:${ASIE_TAG}
|
||||
environment:
|
||||
SOLR_ALFRESCO_HOST: platform
|
||||
SOLR_SOLR_HOST: search
|
||||
SOLR_CREATE_ALFRESCO_DEFAULTS: alfresco,archive
|
||||
ALFRESCO_SECURE_COMMS: secret
|
||||
JAVA_TOOL_OPTIONS: "
|
||||
-Dalfresco.secureComms.secret=alfresco-secret
|
||||
"
|
||||
healthcheck:
|
||||
test: "curl -fsS http://localhost:8983/solr"
|
||||
volumes:
|
||||
- solrindex-volume:/opt/alfresco-search-services/data:rw
|
||||
|
||||
activemq:
|
||||
image: alfresco/alfresco-activemq:${AAMQ_TAG}
|
||||
environment:
|
||||
ACTIVEMQ_OPTS_MEMORY: -Xms64m -Xmx256m
|
||||
ACTIVEMQ_ADMIN_LOGIN: alfresco
|
||||
ACTIVEMQ_ADMIN_PASSWORD: alfresco
|
||||
volumes:
|
||||
- activemq-volume:/opt/activemq/data:rw
|
||||
|
||||
sync:
|
||||
image: quay.io/alfresco/service-sync:${ALF_SYNC_SERV_TAG}
|
||||
environment:
|
||||
JAVA_OPTS : "
|
||||
-Xms64m -Xmx256m
|
||||
-Dsql.db.driver=org.postgresql.Driver
|
||||
-Dsql.db.url=jdbc:postgresql://postgres-acs:5432/alfresco
|
||||
-Dsql.db.username=alfresco
|
||||
-Dsql.db.password=alfresco
|
||||
-Dmessaging.broker.host=activemq
|
||||
-Drepo.hostname=platform
|
||||
-Drepo.port=8080
|
||||
-Ddw.server.applicationConnectors[0].type=http
|
||||
-Didentity-service.auth-server-url=${IDENTITY_SERVICE_PROTOCOL}://${IDENTITY_SERVICE_HOST}:${IDENTITY_SERVICE_PORT}/auth
|
||||
-Didentity-service.resource=acs-sync
|
||||
"
|
||||
depends_on:
|
||||
- postgres-acs
|
||||
- activemq
|
||||
|
||||
digital-workspace:
|
||||
image: quay.io/alfresco/alfresco-digital-workspace:${ADW_TAG}
|
||||
environment:
|
||||
BASE_PATH: ./
|
||||
APP_CONFIG_ECM_HOST: "${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}"
|
||||
APP_CONFIG_BPM_HOST: "${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}"
|
||||
APP_BASE_SHARE_URL: "${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}/workspace/#/preview/s"
|
||||
APP_CONFIG_PROVIDER: "ALL"
|
||||
APP_CONFIG_PLUGIN_PROCESS_SERVICE: "true"
|
||||
#APP_CONFIG_PLUGIN_PROCESS_AUTOMATION: "true"
|
||||
APP_CONFIG_AUTH_TYPE: OAUTH
|
||||
APP_CONFIG_OAUTH2_HOST: "${IDENTITY_SERVICE_PROTOCOL}://${IDENTITY_SERVICE_HOST}:${IDENTITY_SERVICE_PORT}/auth/realms/alfresco"
|
||||
APP_CONFIG_OAUTH2_CLIENTID: alfresco
|
||||
APP_CONFIG_OAUTH2_IMPLICIT_FLOW: "true"
|
||||
APP_CONFIG_OAUTH2_REDIRECT_LOGIN: "/workspace/"
|
||||
APP_CONFIG_OAUTH2_REDIRECT_LOGOUT: "/workspace/logout"
|
||||
|
||||
activiti-app:
|
||||
image: quay.io/alfresco/alfresco-process-services:${APS_TAG}
|
||||
environment:
|
||||
ACTIVITI_DATASOURCE_USERNAME: alfresco
|
||||
ACTIVITI_DATASOURCE_PASSWORD: alfresco
|
||||
ACTIVITI_DATASOURCE_DRIVER: org.postgresql.Driver
|
||||
ACTIVITI_HIBERNATE_DIALECT: org.hibernate.dialect.PostgreSQLDialect
|
||||
ACTIVITI_DATASOURCE_URL: 'jdbc:postgresql://postgres-aps:5432/activiti?characterEncoding=UTF-8'
|
||||
IDENTITY_SERVICE_ENABLED: "true"
|
||||
IDENTITY_SERVICE_AUTH: http://identity:8080/auth
|
||||
IDENTITY_SERVICE_CONTENT_SSO_REDIRECT_URI: ${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}/activiti-app/app/rest/integration/sso/confirm-auth-request
|
||||
JAVA_OPTS: "-Xms128m -Xmx256m"
|
||||
depends_on:
|
||||
- postgres-aps
|
||||
volumes:
|
||||
- "$ALFRESCO_LICENSE_DIR/aps:/home/alfresco/.activiti/enterprise-license:ro"
|
||||
- apsbin-volume:/var/lib/postgresql/data:rw
|
||||
|
||||
activiti-admin:
|
||||
image: quay.io/alfresco/alfresco-process-services-admin:${APS_TAG}
|
||||
environment:
|
||||
ACTIVITI_ADMIN_DATASOURCE_USERNAME: alfresco
|
||||
ACTIVITI_ADMIN_DATASOURCE_PASSWORD: alfresco
|
||||
ACTIVITI_ADMIN_DATASOURCE_DRIVER: org.postgresql.Driver
|
||||
ACTIVITI_ADMIN_HIBERNATE_DIALECT: org.hibernate.dialect.PostgreSQLDialect
|
||||
ACTIVITI_ADMIN_DATASOURCE_URL: 'jdbc:postgresql://postgres-aps-admin:5432/activiti-admin?characterEncoding=UTF-8'
|
||||
ACTIVITI_ADMIN_REST_APP_HOST: http://activiti-app
|
||||
ACTIVITI_ADMIN_REST_APP_PORT: 8080
|
||||
JAVA_OPTS: "-Xms64m -Xmx128m"
|
||||
depends_on:
|
||||
- postgres-aps-admin
|
||||
- activiti-app
|
||||
|
||||
postgres-aps:
|
||||
image: postgres:${POSTGRES_TAG}
|
||||
environment:
|
||||
POSTGRES_DB: activiti
|
||||
POSTGRES_USER: alfresco
|
||||
POSTGRES_PASSWORD: alfresco
|
||||
command: postgres -c max_connections=300 -c log_min_messages=LOG
|
||||
volumes:
|
||||
- apsdb-volume:/var/lib/postgresql/data:rw
|
||||
|
||||
postgres-aps-admin:
|
||||
image: postgres:${POSTGRES_TAG}
|
||||
environment:
|
||||
POSTGRES_DB: activiti-admin
|
||||
POSTGRES_USER: alfresco
|
||||
POSTGRES_PASSWORD: alfresco
|
||||
command: postgres -c max_connections=50 -c log_min_messages=LOG
|
||||
volumes:
|
||||
- apsadmindb-volume:/var/lib/postgresql/data:rw
|
||||
|
||||
identity:
|
||||
image: alfresco/alfresco-identity-service:${AIS_TAG}
|
||||
user: jboss
|
||||
@@ -266,36 +29,12 @@ services:
|
||||
|
||||
proxy:
|
||||
build: ./nginx-ingress
|
||||
image: local/nginx-ingress:acs-sync-share-adw-aps-aims
|
||||
image: local/nginx-ingress:aims
|
||||
ports:
|
||||
- 8080:8080
|
||||
depends_on:
|
||||
- platform
|
||||
- sync
|
||||
- share
|
||||
- digital-workspace
|
||||
- activiti-app
|
||||
- activiti-admin
|
||||
- identity
|
||||
|
||||
volumes:
|
||||
shared-file-store-volume:
|
||||
driver_opts:
|
||||
type: tmpfs
|
||||
device: tmpfs
|
||||
acsbin-volume:
|
||||
driver: local
|
||||
acsdb-volume:
|
||||
driver: local
|
||||
activemq-volume:
|
||||
driver: local
|
||||
solrindex-volume:
|
||||
driver: local
|
||||
apsbin-volume:
|
||||
driver: local
|
||||
apsdb-volume:
|
||||
driver: local
|
||||
apsadmindb-volume:
|
||||
driver: local
|
||||
keycloak-volume:
|
||||
driver: local
|
||||
|
||||
@@ -27,39 +27,6 @@
|
||||
"attributes": {
|
||||
"login_theme": "alfresco"
|
||||
}
|
||||
},
|
||||
{
|
||||
"clientId": "acs-share",
|
||||
"name": "ACS Share",
|
||||
"enabled": true,
|
||||
"alwaysDisplayInConsole": false,
|
||||
"redirectUris": [ "*" ],
|
||||
"standardFlowEnabled": true,
|
||||
"implicitFlowEnabled": false,
|
||||
"directAccessGrantsEnabled": false,
|
||||
"publicClient": true,
|
||||
"protocol": "openid-connect",
|
||||
"attributes": {
|
||||
"login_theme": "alfresco"
|
||||
}
|
||||
},
|
||||
{
|
||||
"clientId": "acs-sync",
|
||||
"name": "Alfresco Sync Service Clients",
|
||||
"enabled": true,
|
||||
"alwaysDisplayInConsole": false,
|
||||
"redirectUris": [
|
||||
"http://127.0.0.1*",
|
||||
"http://localhost*"
|
||||
],
|
||||
"standardFlowEnabled": true,
|
||||
"implicitFlowEnabled": false,
|
||||
"directAccessGrantsEnabled": false,
|
||||
"publicClient": true,
|
||||
"protocol": "openid-connect",
|
||||
"attributes": {
|
||||
"login_theme": "alfresco"
|
||||
}
|
||||
}
|
||||
],
|
||||
"requiredCredentials": [ "password" ],
|
||||
|
||||
@@ -1,29 +1,5 @@
|
||||
#!/bin/sh
|
||||
|
||||
if [[ $ACS_PLATFORM_URL ]]; then
|
||||
sed -i s%http:\/\/platform:8080%"$ACS_PLATFORM_URL"%g /etc/nginx/nginx.conf
|
||||
fi
|
||||
|
||||
if [[ $ACS_SYNC_URL ]]; then
|
||||
sed -i s%http:\/\/sync:9090%"$ACS_SYNC_URL"%g /etc/nginx/nginx.conf
|
||||
fi
|
||||
|
||||
if [[ $ACS_SHARE_URL ]]; then
|
||||
sed -i s%http:\/\/share:8080%"$ACS_SHARE_URL"%g /etc/nginx/nginx.conf
|
||||
fi
|
||||
|
||||
if [[ $ADW_URL ]]; then
|
||||
sed -i s%http:\/\/digital-workspace:8080%"$ADW_URL"%g /etc/nginx/nginx.conf
|
||||
fi
|
||||
|
||||
if [[ $APS_APP_URL ]]; then
|
||||
sed -i s%http:\/\/activiti-app:8080%"$APS_APP_URL"%g /etc/nginx/nginx.conf
|
||||
fi
|
||||
|
||||
if [[ $APS_ADMIN_URL ]]; then
|
||||
sed -i s%http:\/\/activiti-admin:8080%"$APS_ADMIN_URL"%g /etc/nginx/nginx.conf
|
||||
fi
|
||||
|
||||
if [[ $AIMS_URL ]]; then
|
||||
sed -i s%http:\/\/identity:8080%"$AIMS_URL"%g /etc/nginx/nginx.conf
|
||||
fi
|
||||
|
||||
@@ -29,56 +29,8 @@ http {
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_pass_header Set-Cookie;
|
||||
|
||||
# Protect access to SOLR APIs
|
||||
location ~ ^(/.*/service/api/solr/.*)$ {return 403;}
|
||||
location ~ ^(/.*/s/api/solr/.*)$ {return 403;}
|
||||
location ~ ^(/.*/wcservice/api/solr/.*)$ {return 403;}
|
||||
location ~ ^(/.*/wcs/api/solr/.*)$ {return 403;}
|
||||
|
||||
location ~ ^(/.*/proxy/alfresco/api/solr/.*)$ {return 403 ;}
|
||||
location ~ ^(/.*/-default-/proxy/alfresco/api/.*)$ {return 403;}
|
||||
|
||||
# Protect access to Prometheus endpoint
|
||||
location ~ ^(/.*/s/prometheus)$ {return 403;}
|
||||
|
||||
location / {
|
||||
proxy_pass http://platform:8080;
|
||||
}
|
||||
|
||||
location /alfresco/ {
|
||||
proxy_pass http://platform:8080;
|
||||
|
||||
# If using external proxy / load balancer (for initial redirect if no trailing slash)
|
||||
absolute_redirect off;
|
||||
}
|
||||
|
||||
location /sync/ {
|
||||
proxy_pass http://sync:9090/alfresco/;
|
||||
}
|
||||
|
||||
location /activiti-app/ {
|
||||
proxy_pass http://activiti-app:8080;
|
||||
|
||||
# If using external proxy / load balancer (for initial redirect if no trailing slash)
|
||||
absolute_redirect off;
|
||||
}
|
||||
|
||||
location /activiti-admin/ {
|
||||
proxy_pass http://activiti-admin:8080;
|
||||
|
||||
# If using external proxy / load balancer (for initial redirect if no trailing slash)
|
||||
absolute_redirect off;
|
||||
}
|
||||
|
||||
location /share/ {
|
||||
proxy_pass http://share:8080;
|
||||
}
|
||||
|
||||
location /workspace/ {
|
||||
proxy_pass http://digital-workspace:8080/;
|
||||
|
||||
# If using external proxy / load balancer (for initial redirect if no trailing slash)
|
||||
absolute_redirect off;
|
||||
return 301 $scheme://$http_host/auth;
|
||||
}
|
||||
|
||||
location /auth/ {
|
||||
|
||||
Reference in New Issue
Block a user