Compare commits
19 Commits
propagate/
...
propagate/
| Author | SHA1 | Date | |
|---|---|---|---|
|
baf69f0fb3 | ||
|
|
2d0e25fd06 | ||
|
|
926494b3ee | ||
|
|
9e49b1d3c1 | ||
|
|
6e09a9c0c9 | ||
| d753a42731 | |||
| bf6a3cb669 | |||
| 24ea707337 | |||
| da0046118b | |||
| 0999563353 | |||
| 2134cda63a | |||
| 4863e29854 | |||
| d96822cedd | |||
| 295b0711b0 | |||
| eb09f26857 | |||
| 9709aceaed | |||
| 3686a6751d | |||
| 59d082734f | |||
| bc6a8539f3 |
1
.env
1
.env
@@ -4,4 +4,3 @@ ALFRESCO_LICENSE_DIR=~/alfresco/license
|
||||
PROXY_PROTOCOL=http
|
||||
PROXY_HOST=localhost
|
||||
PROXY_PORT=8080
|
||||
IDENTITY_SERVICE_BASEURL=http://auth.example.org:8080
|
||||
|
||||
@@ -5,7 +5,7 @@ version: "2"
|
||||
|
||||
services:
|
||||
platform:
|
||||
image: alfresco/alfresco-content-repository-community:6.2.0-ga
|
||||
image: alfresco/alfresco-governance-repository-community:V3.4-latest
|
||||
mem_limit: 1700m
|
||||
environment:
|
||||
JAVA_OPTS: "
|
||||
@@ -36,10 +36,6 @@ services:
|
||||
-XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80
|
||||
|
||||
-Dtransform.service.enabled=false
|
||||
|
||||
-Dauthentication.chain=aims:identity-service,builtin:alfrescoNtlm
|
||||
-Didentity-service.authentication.defaultAdministratorUserNames=admin.1
|
||||
-Didentity-service.auth-server-url=${IDENTITY_SERVICE_BASEURL}/auth
|
||||
|
||||
-Dsystem.content.eagerOrphanCleanup=true
|
||||
-Dsystem.content.orphanProtectDays=0
|
||||
@@ -53,7 +49,7 @@ services:
|
||||
image: alfresco/alfresco-transform-core-aio:2.3.6
|
||||
|
||||
share:
|
||||
image: alfresco/alfresco-share:6.2.2
|
||||
image: alfresco/alfresco-governance-share-community:V3.4-latest
|
||||
mem_limit: 512m
|
||||
environment:
|
||||
REPO_HOST: "platform"
|
||||
@@ -66,16 +62,6 @@ services:
|
||||
-Dalfresco.host=${PROXY_HOST}
|
||||
-Dalfresco.port=${PROXY_PORT}
|
||||
-Dalfresco.protocol=${PROXY_PROTOCOL}
|
||||
-Daims.enabled=true
|
||||
-Daims.realm=alfresco
|
||||
-Daims.resource=acs-share
|
||||
-Daims.authServerUrl=${IDENTITY_SERVICE_BASEURL}/auth
|
||||
-Daims.sslRequired=none
|
||||
-Daims.publicClient=true
|
||||
-Daims.autodetectBearerOnly=true
|
||||
-Daims.alwaysRefreshToken=true
|
||||
-Daims.principalAttribute=preferred_username
|
||||
-Daims.enableBasicAuth=true
|
||||
"
|
||||
|
||||
postgres-acs:
|
||||
@@ -102,28 +88,11 @@ services:
|
||||
image: alfresco/alfresco-activemq:5.15.8
|
||||
mem_limit: 256m
|
||||
|
||||
identity:
|
||||
image: alfresco/alfresco-identity-service:1.3
|
||||
user: jboss
|
||||
environment:
|
||||
KEYCLOAK_USER: admin
|
||||
KEYCLOAK_PASSWORD: admin
|
||||
KEYCLOAK_HOSTNAME: auth.example.org
|
||||
KEYCLOAK_IMPORT: /tmp/keycloak-alfresco-realm.json
|
||||
KEYCLOAK_STATISTICS: enabled
|
||||
networks:
|
||||
default:
|
||||
aliases:
|
||||
- "auth.example.org"
|
||||
volumes:
|
||||
- ./keycloak-alfresco-realm.json:/tmp/keycloak-alfresco-realm.json:ro
|
||||
|
||||
proxy:
|
||||
build: ./nginx-ingress
|
||||
image: local/nginx-ingress:acs-share-aims
|
||||
image: local/nginx-ingress:acs-share
|
||||
ports:
|
||||
- 8080:8080
|
||||
depends_on:
|
||||
- platform
|
||||
- share
|
||||
- identity
|
||||
|
||||
@@ -1,62 +0,0 @@
|
||||
{
|
||||
"realm": "alfresco",
|
||||
"enabled": true,
|
||||
"sslRequired": "external",
|
||||
"registrationAllowed": false,
|
||||
"roles": {
|
||||
"realm": [ {
|
||||
"name": "user",
|
||||
"description": "User privileges"
|
||||
}, {
|
||||
"name": "admin",
|
||||
"description": "Administrator privileges"
|
||||
} ]
|
||||
},
|
||||
"clients": [
|
||||
{
|
||||
"clientId": "alfresco",
|
||||
"name": "Alfresco Products",
|
||||
"enabled": true,
|
||||
"alwaysDisplayInConsole": false,
|
||||
"redirectUris": [ "*" ],
|
||||
"standardFlowEnabled": true,
|
||||
"implicitFlowEnabled": true,
|
||||
"directAccessGrantsEnabled": false,
|
||||
"publicClient": true,
|
||||
"protocol": "openid-connect",
|
||||
"attributes": {
|
||||
"login_theme": "alfresco"
|
||||
}
|
||||
},
|
||||
{
|
||||
"clientId": "acs-share",
|
||||
"name": "ACS Share",
|
||||
"enabled": true,
|
||||
"alwaysDisplayInConsole": false,
|
||||
"redirectUris": [ "*" ],
|
||||
"standardFlowEnabled": true,
|
||||
"implicitFlowEnabled": false,
|
||||
"directAccessGrantsEnabled": false,
|
||||
"publicClient": true,
|
||||
"protocol": "openid-connect",
|
||||
"attributes": {
|
||||
"login_theme": "alfresco"
|
||||
}
|
||||
}
|
||||
],
|
||||
"requiredCredentials": [ "password" ],
|
||||
"users": [
|
||||
{
|
||||
"username": "admin",
|
||||
"email": "admin@app.activiti.com",
|
||||
"enabled": true,
|
||||
"credentials" : [
|
||||
{
|
||||
"type" : "password",
|
||||
"value" : "admin"
|
||||
}
|
||||
],
|
||||
"realmRoles": [ "user", "admin" ]
|
||||
}
|
||||
]
|
||||
}
|
||||
@@ -8,10 +8,6 @@ if [[ $ACS_SHARE_URL ]]; then
|
||||
sed -i s%http:\/\/share:8080%"$ACS_SHARE_URL"%g /etc/nginx/nginx.conf
|
||||
fi
|
||||
|
||||
if [[ $AIMS_URL ]]; then
|
||||
sed -i s%http:\/\/identity:8080%"$AIMS_URL"%g /etc/nginx/nginx.conf
|
||||
fi
|
||||
|
||||
if [[ $ACCESS_LOG ]]; then
|
||||
sed -i s%\#ENV_ACCESS_LOG%"access_log $ACCESS_LOG;"%g /etc/nginx/nginx.conf
|
||||
fi
|
||||
|
||||
@@ -19,10 +19,7 @@ http {
|
||||
|
||||
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
|
||||
proxy_redirect off;
|
||||
# proxy_buffering off;
|
||||
proxy_buffer_size 64k;
|
||||
proxy_buffers 4 256k;
|
||||
proxy_busy_buffers_size 256k;
|
||||
proxy_buffering off;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
@@ -54,10 +51,6 @@ http {
|
||||
|
||||
location /share/ {
|
||||
proxy_pass http://share:8080;
|
||||
}
|
||||
|
||||
location /auth/ {
|
||||
proxy_pass http://identity:8080;
|
||||
|
||||
# If using external proxy / load balancer (for initial redirect if no trailing slash)
|
||||
absolute_redirect off;
|
||||
|
||||
Reference in New Issue
Block a user