Compare commits
2 Commits
propagate/
...
base
| Author | SHA1 | Date | |
|---|---|---|---|
| c2a9679ede | |||
| 10e7f81163 |
7
.env
7
.env
@ -1,7 +0,0 @@
|
||||
ALFRESCO_DIR=~/alfresco
|
||||
ALFRESCO_LICENSE_DIR=~/alfresco/license
|
||||
|
||||
PROXY_PROTOCOL=http
|
||||
PROXY_HOST=localhost
|
||||
PROXY_PORT=8080
|
||||
IDENTITY_SERVICE_BASEURL=http://auth.example.org:8080
|
||||
@ -1,129 +1,3 @@
|
||||
# Sourced from https://github.com/Alfresco/acs-deployment/blob/4.0.3/docker-compose/docker-compose.yml
|
||||
# Originally sourced from https://github.com/Alfresco/acs-deployment/blob/4.0.3/docker-compose/docker-compose.yml
|
||||
#
|
||||
# Using version 2 as 3 does not support resource constraint options (cpu_*, mem_* limits) for non swarm mode in Compose
|
||||
version: "2"
|
||||
|
||||
services:
|
||||
platform:
|
||||
image: alfresco/alfresco-content-repository-community:6.2.0-ga
|
||||
mem_limit: 1700m
|
||||
environment:
|
||||
JAVA_OPTS: "
|
||||
-Ddb.driver=org.postgresql.Driver
|
||||
-Ddb.username=alfresco
|
||||
-Ddb.password=alfresco
|
||||
-Ddb.url=jdbc:postgresql://postgres-acs:5432/alfresco
|
||||
-Dindex.subsystem.name=solr6
|
||||
-Dsolr.host=search
|
||||
-Dsolr.port=8983
|
||||
-Dsolr.secureComms=none
|
||||
-Dshare.host=${PROXY_HOST}
|
||||
-Dshare.port=${PROXY_PORT}
|
||||
-Dshare.protocol=${PROXY_PROTOCOL}
|
||||
-Dalfresco.host=${PROXY_HOST}
|
||||
-Dalfresco.port=${PROXY_PORT}
|
||||
-Dalfresco.protocol=${PROXY_PROTOCOL}
|
||||
-Daos.baseUrlOverwrite=${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}/alfresco/aos
|
||||
-Dmessaging.broker.url=\"failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true\"
|
||||
-Ddeployment.method=DOCKER_COMPOSE
|
||||
-DlocalTransform.core-aio.url=http://transform-core-aio:8090/
|
||||
-Dalfresco-pdf-renderer.url=http://transform-core-aio:8090/
|
||||
-Djodconverter.url=http://transform-core-aio:8090/
|
||||
-Dimg.url=http://transform-core-aio:8090/
|
||||
-Dtika.url=http://transform-core-aio:8090/
|
||||
-Dtransform.misc.url=http://transform-core-aio:8090/
|
||||
-Dcsrf.filter.enabled=false
|
||||
-XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80
|
||||
|
||||
-Dtransform.service.enabled=false
|
||||
|
||||
-Dauthentication.chain=aims:identity-service,builtin:alfrescoNtlm
|
||||
-Didentity-service.authentication.defaultAdministratorUserNames=admin.1
|
||||
-Didentity-service.auth-server-url=${IDENTITY_SERVICE_BASEURL}/auth
|
||||
|
||||
-Dsystem.content.eagerOrphanCleanup=true
|
||||
-Dsystem.content.orphanProtectDays=0
|
||||
-Djodconverter.enabled=false
|
||||
"
|
||||
depends_on:
|
||||
- postgres-acs
|
||||
- activemq
|
||||
|
||||
transform-core-aio:
|
||||
image: alfresco/alfresco-transform-core-aio:2.3.6
|
||||
|
||||
share:
|
||||
image: alfresco/alfresco-share:6.2.2
|
||||
mem_limit: 512m
|
||||
environment:
|
||||
REPO_HOST: "platform"
|
||||
CSRF_FILTER_REFERER: "${PROXY_PROTOCOL}://${PROXY_HOST}(:${PROXY_PORT})?/?.*"
|
||||
CSRF_FILTER_ORIGIN: "${PROXY_PROTOCOL}://${PROXY_HOST}(:${PROXY_PORT})?"
|
||||
JAVA_OPTS: "
|
||||
-Dshare.host=${PROXY_HOST}
|
||||
-Dshare.port=${PROXY_PORT}
|
||||
-Dshare.protocol=${PROXY_PROTOCOL}
|
||||
-Dalfresco.host=${PROXY_HOST}
|
||||
-Dalfresco.port=${PROXY_PORT}
|
||||
-Dalfresco.protocol=${PROXY_PROTOCOL}
|
||||
-Daims.enabled=true
|
||||
-Daims.realm=alfresco
|
||||
-Daims.resource=acs-share
|
||||
-Daims.authServerUrl=${IDENTITY_SERVICE_BASEURL}/auth
|
||||
-Daims.sslRequired=none
|
||||
-Daims.publicClient=true
|
||||
-Daims.autodetectBearerOnly=true
|
||||
-Daims.alwaysRefreshToken=true
|
||||
-Daims.principalAttribute=preferred_username
|
||||
-Daims.enableBasicAuth=true
|
||||
"
|
||||
|
||||
postgres-acs:
|
||||
image: postgres:11.7
|
||||
mem_limit: 512m
|
||||
environment:
|
||||
- POSTGRES_PASSWORD=alfresco
|
||||
- POSTGRES_USER=alfresco
|
||||
- POSTGRES_DB=alfresco
|
||||
command: postgres -c max_connections=300 -c log_min_messages=LOG
|
||||
|
||||
search:
|
||||
image: alfresco/alfresco-search-services:2.0.1
|
||||
mem_limit: 2g
|
||||
environment:
|
||||
- SOLR_ALFRESCO_HOST=platform
|
||||
- SOLR_ALFRESCO_PORT=8080
|
||||
- SOLR_SOLR_HOST=search
|
||||
- SOLR_SOLR_PORT=8983
|
||||
- SOLR_CREATE_ALFRESCO_DEFAULTS=alfresco,archive
|
||||
- ALFRESCO_SECURE_COMMS=none
|
||||
|
||||
activemq:
|
||||
image: alfresco/alfresco-activemq:5.15.8
|
||||
mem_limit: 256m
|
||||
|
||||
identity:
|
||||
image: alfresco/alfresco-identity-service:1.3
|
||||
user: jboss
|
||||
environment:
|
||||
KEYCLOAK_USER: admin
|
||||
KEYCLOAK_PASSWORD: admin
|
||||
KEYCLOAK_HOSTNAME: auth.example.org
|
||||
KEYCLOAK_IMPORT: /tmp/keycloak-alfresco-realm.json
|
||||
KEYCLOAK_STATISTICS: enabled
|
||||
networks:
|
||||
default:
|
||||
aliases:
|
||||
- "auth.example.org"
|
||||
volumes:
|
||||
- ./keycloak-alfresco-realm.json:/tmp/keycloak-alfresco-realm.json:ro
|
||||
|
||||
proxy:
|
||||
build: ./nginx-ingress
|
||||
image: local/nginx-ingress:acs-share-aims
|
||||
ports:
|
||||
- 8080:8080
|
||||
depends_on:
|
||||
- platform
|
||||
- share
|
||||
- identity
|
||||
version: "3"
|
||||
|
||||
@ -1,62 +0,0 @@
|
||||
{
|
||||
"realm": "alfresco",
|
||||
"enabled": true,
|
||||
"sslRequired": "external",
|
||||
"registrationAllowed": false,
|
||||
"roles": {
|
||||
"realm": [ {
|
||||
"name": "user",
|
||||
"description": "User privileges"
|
||||
}, {
|
||||
"name": "admin",
|
||||
"description": "Administrator privileges"
|
||||
} ]
|
||||
},
|
||||
"clients": [
|
||||
{
|
||||
"clientId": "alfresco",
|
||||
"name": "Alfresco Products",
|
||||
"enabled": true,
|
||||
"alwaysDisplayInConsole": false,
|
||||
"redirectUris": [ "*" ],
|
||||
"standardFlowEnabled": true,
|
||||
"implicitFlowEnabled": true,
|
||||
"directAccessGrantsEnabled": false,
|
||||
"publicClient": true,
|
||||
"protocol": "openid-connect",
|
||||
"attributes": {
|
||||
"login_theme": "alfresco"
|
||||
}
|
||||
},
|
||||
{
|
||||
"clientId": "acs-share",
|
||||
"name": "ACS Share",
|
||||
"enabled": true,
|
||||
"alwaysDisplayInConsole": false,
|
||||
"redirectUris": [ "*" ],
|
||||
"standardFlowEnabled": true,
|
||||
"implicitFlowEnabled": false,
|
||||
"directAccessGrantsEnabled": false,
|
||||
"publicClient": true,
|
||||
"protocol": "openid-connect",
|
||||
"attributes": {
|
||||
"login_theme": "alfresco"
|
||||
}
|
||||
}
|
||||
],
|
||||
"requiredCredentials": [ "password" ],
|
||||
"users": [
|
||||
{
|
||||
"username": "admin",
|
||||
"email": "admin@app.activiti.com",
|
||||
"enabled": true,
|
||||
"credentials" : [
|
||||
{
|
||||
"type" : "password",
|
||||
"value" : "admin"
|
||||
}
|
||||
],
|
||||
"realmRoles": [ "user", "admin" ]
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -1,8 +0,0 @@
|
||||
FROM nginx:stable-alpine
|
||||
|
||||
COPY nginx.conf /etc/nginx/nginx.conf
|
||||
|
||||
COPY entrypoint.sh /
|
||||
RUN chmod +x /entrypoint.sh
|
||||
|
||||
ENTRYPOINT [ "/entrypoint.sh" ]
|
||||
@ -1,19 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
if [[ $ACS_PLATFORM_URL ]]; then
|
||||
sed -i s%http:\/\/platform:8080%"$ACS_PLATFORM_URL"%g /etc/nginx/nginx.conf
|
||||
fi
|
||||
|
||||
if [[ $ACS_SHARE_URL ]]; then
|
||||
sed -i s%http:\/\/share:8080%"$ACS_SHARE_URL"%g /etc/nginx/nginx.conf
|
||||
fi
|
||||
|
||||
if [[ $AIMS_URL ]]; then
|
||||
sed -i s%http:\/\/identity:8080%"$AIMS_URL"%g /etc/nginx/nginx.conf
|
||||
fi
|
||||
|
||||
if [[ $ACCESS_LOG ]]; then
|
||||
sed -i s%\#ENV_ACCESS_LOG%"access_log $ACCESS_LOG;"%g /etc/nginx/nginx.conf
|
||||
fi
|
||||
|
||||
nginx -g "daemon off;"
|
||||
@ -1,66 +0,0 @@
|
||||
worker_processes 1;
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
http {
|
||||
server {
|
||||
listen *:8080;
|
||||
|
||||
client_max_body_size 0;
|
||||
|
||||
set $allowOriginSite *;
|
||||
proxy_pass_request_headers on;
|
||||
proxy_pass_header Set-Cookie;
|
||||
|
||||
# External settings, do not remove
|
||||
#ENV_ACCESS_LOG
|
||||
|
||||
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
|
||||
proxy_redirect off;
|
||||
# proxy_buffering off;
|
||||
proxy_buffer_size 64k;
|
||||
proxy_buffers 4 256k;
|
||||
proxy_busy_buffers_size 256k;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_pass_header Set-Cookie;
|
||||
|
||||
# Protect access to SOLR APIs
|
||||
location ~ ^(/.*/service/api/solr/.*)$ {return 403;}
|
||||
location ~ ^(/.*/s/api/solr/.*)$ {return 403;}
|
||||
location ~ ^(/.*/wcservice/api/solr/.*)$ {return 403;}
|
||||
location ~ ^(/.*/wcs/api/solr/.*)$ {return 403;}
|
||||
|
||||
location ~ ^(/.*/proxy/alfresco/api/solr/.*)$ {return 403 ;}
|
||||
location ~ ^(/.*/-default-/proxy/alfresco/api/.*)$ {return 403;}
|
||||
|
||||
# Protect access to Prometheus endpoint
|
||||
location ~ ^(/.*/s/prometheus)$ {return 403;}
|
||||
|
||||
location / {
|
||||
proxy_pass http://platform:8080;
|
||||
}
|
||||
|
||||
location /alfresco/ {
|
||||
proxy_pass http://platform:8080;
|
||||
|
||||
# If using external proxy / load balancer (for initial redirect if no trailing slash)
|
||||
absolute_redirect off;
|
||||
}
|
||||
|
||||
location /share/ {
|
||||
proxy_pass http://share:8080;
|
||||
}
|
||||
|
||||
location /auth/ {
|
||||
proxy_pass http://identity:8080;
|
||||
|
||||
# If using external proxy / load balancer (for initial redirect if no trailing slash)
|
||||
absolute_redirect off;
|
||||
}
|
||||
}
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user