Compare commits
5 Commits
propagate/
...
propagate/
| Author | SHA1 | Date | |
|---|---|---|---|
|
f23cda3fd1 | ||
| b4be2e251c | |||
| 44b6f26f4f | |||
| b124cd027c | |||
| 919d842d61 |
4
.env
4
.env
@@ -1,6 +1,4 @@
|
||||
ALFRESCO_DIR=~/alfresco
|
||||
ALFRESCO_LICENSE_DIR=~/alfresco/license
|
||||
|
||||
PROXY_PROTOCOL=http
|
||||
PROXY_HOST=localhost
|
||||
PROXY_PORT=8080
|
||||
IDENTITY_SERVICE_BASEURL=http://auth.example.org:8080
|
||||
|
||||
@@ -1,16 +0,0 @@
|
||||
FROM alfresco/alfresco-content-repository:latest
|
||||
|
||||
ARG USERNAME=alfresco
|
||||
ARG TOMCAT_DIR=/usr/local/tomcat
|
||||
|
||||
USER root
|
||||
|
||||
COPY catalina.policy /tmp/catalina.policy.ext
|
||||
COPY tomcat-platform-context.xml ${TOMCAT_DIR}/conf/Catalina/localhost/alfresco.xml
|
||||
COPY *.amp ${TOMCAT_DIR}/amps/
|
||||
|
||||
RUN java -jar ${TOMCAT_DIR}/alfresco-mmt/alfresco-mmt*.jar install ${TOMCAT_DIR}/amps ${TOMCAT_DIR}/webapps/alfresco -nobackup -directory && \
|
||||
mkdir -p ${TOMCAT_DIR}/modules && \
|
||||
cat /tmp/catalina.policy.ext >> ${TOMCAT_DIR}/conf/catalina.policy
|
||||
|
||||
USER ${USERNAME}
|
||||
@@ -1,3 +0,0 @@
|
||||
## Usage
|
||||
|
||||
Download all AMP files needed into this directory. All of them will be copied into a new Docker image and installed into the Alfresco Platform web application.
|
||||
@@ -1,4 +0,0 @@
|
||||
grant codeBase "file:${catalina.base}/modules/-" {
|
||||
permission java.security.AllPermission;
|
||||
};
|
||||
|
||||
@@ -1,7 +0,0 @@
|
||||
<?xml version="1.0" encoding="utf-8" ?>
|
||||
<Context>
|
||||
<Resources>
|
||||
<PreResources base="${catalina.base}/modules" className="org.apache.catalina.webresources.DirResourceSet" webAppMount="/WEB-INF/lib" readOnly="true" />
|
||||
</Resources>
|
||||
</Context>
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
## Usage
|
||||
|
||||
Download all JAR module files needed into this directory. All of them will be dynamically loaded into the Docker container and loaded into the Alfresco Platform web application.
|
||||
@@ -4,34 +4,27 @@
|
||||
version: "2"
|
||||
|
||||
services:
|
||||
platform:
|
||||
build: ./alfresco-content-repository/docker
|
||||
image: local/alfresco-content-repository:latest
|
||||
|
||||
identity:
|
||||
image: alfresco/alfresco-identity-service:1.3
|
||||
user: jboss
|
||||
environment:
|
||||
JAVA_OPTS: "
|
||||
-Ddb.driver=org.postgresql.Driver
|
||||
-Ddb.url=jdbc:postgresql://postgres-acs:5432/alfresco
|
||||
-Dalfresco.host=${PROXY_HOST}
|
||||
-Dalfresco.port=${PROXY_PORT}
|
||||
-Dalfresco.protocol=${PROXY_PROTOCOL}
|
||||
-Dmessaging.broker.url=\"failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true\"
|
||||
"
|
||||
depends_on:
|
||||
- postgres-acs
|
||||
- activemq
|
||||
KEYCLOAK_USER: admin
|
||||
KEYCLOAK_PASSWORD: admin
|
||||
KEYCLOAK_HOSTNAME: auth.example.org
|
||||
KEYCLOAK_IMPORT: /tmp/keycloak-alfresco-realm.json
|
||||
KEYCLOAK_STATISTICS: enabled
|
||||
networks:
|
||||
default:
|
||||
aliases:
|
||||
- "auth.example.org"
|
||||
volumes:
|
||||
- "./alfresco-content-repository/modules:/usr/local/tomcat/modules:ro"
|
||||
|
||||
postgres-acs:
|
||||
image: postgres:latest
|
||||
|
||||
activemq:
|
||||
image: alfresco/alfresco-activemq:latest
|
||||
- ./keycloak-alfresco-realm.json:/tmp/keycloak-alfresco-realm.json:ro
|
||||
|
||||
proxy:
|
||||
build: ./nginx-ingress
|
||||
image: local/nginx-ingress:acs
|
||||
image: local/nginx-ingress:aims
|
||||
ports:
|
||||
- 8080:8080
|
||||
depends_on:
|
||||
- platform
|
||||
- identity
|
||||
|
||||
47
keycloak-alfresco-realm.json
Normal file
47
keycloak-alfresco-realm.json
Normal file
@@ -0,0 +1,47 @@
|
||||
{
|
||||
"realm": "alfresco",
|
||||
"enabled": true,
|
||||
"sslRequired": "external",
|
||||
"registrationAllowed": false,
|
||||
"roles": {
|
||||
"realm": [ {
|
||||
"name": "user",
|
||||
"description": "User privileges"
|
||||
}, {
|
||||
"name": "admin",
|
||||
"description": "Administrator privileges"
|
||||
} ]
|
||||
},
|
||||
"clients": [
|
||||
{
|
||||
"clientId": "alfresco",
|
||||
"name": "Alfresco Products",
|
||||
"enabled": true,
|
||||
"alwaysDisplayInConsole": false,
|
||||
"redirectUris": [ "*" ],
|
||||
"standardFlowEnabled": true,
|
||||
"implicitFlowEnabled": true,
|
||||
"directAccessGrantsEnabled": false,
|
||||
"publicClient": true,
|
||||
"protocol": "openid-connect",
|
||||
"attributes": {
|
||||
"login_theme": "alfresco"
|
||||
}
|
||||
}
|
||||
],
|
||||
"requiredCredentials": [ "password" ],
|
||||
"users": [
|
||||
{
|
||||
"username": "admin",
|
||||
"email": "admin@app.activiti.com",
|
||||
"enabled": true,
|
||||
"credentials" : [
|
||||
{
|
||||
"type" : "password",
|
||||
"value" : "admin"
|
||||
}
|
||||
],
|
||||
"realmRoles": [ "user", "admin" ]
|
||||
}
|
||||
]
|
||||
}
|
||||
@@ -1,7 +1,7 @@
|
||||
#!/bin/sh
|
||||
|
||||
if [[ $ACS_PLATFORM_URL ]]; then
|
||||
sed -i s%http:\/\/platform:8080%"$ACS_PLATFORM_URL"%g /etc/nginx/nginx.conf
|
||||
if [[ $AIMS_URL ]]; then
|
||||
sed -i s%http:\/\/identity:8080%"$AIMS_URL"%g /etc/nginx/nginx.conf
|
||||
fi
|
||||
|
||||
if [[ $ACCESS_LOG ]]; then
|
||||
|
||||
@@ -19,31 +19,22 @@ http {
|
||||
|
||||
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
|
||||
proxy_redirect off;
|
||||
proxy_buffering off;
|
||||
# proxy_buffering off;
|
||||
proxy_buffer_size 64k;
|
||||
proxy_buffers 4 256k;
|
||||
proxy_busy_buffers_size 256k;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_pass_header Set-Cookie;
|
||||
|
||||
# Protect access to SOLR APIs
|
||||
location ~ ^(/.*/service/api/solr/.*)$ {return 403;}
|
||||
location ~ ^(/.*/s/api/solr/.*)$ {return 403;}
|
||||
location ~ ^(/.*/wcservice/api/solr/.*)$ {return 403;}
|
||||
location ~ ^(/.*/wcs/api/solr/.*)$ {return 403;}
|
||||
|
||||
location ~ ^(/.*/proxy/alfresco/api/solr/.*)$ {return 403 ;}
|
||||
location ~ ^(/.*/-default-/proxy/alfresco/api/.*)$ {return 403;}
|
||||
|
||||
# Protect access to Prometheus endpoint
|
||||
location ~ ^(/.*/s/prometheus)$ {return 403;}
|
||||
|
||||
location / {
|
||||
proxy_pass http://platform:8080;
|
||||
return 301 $scheme://$http_host/auth;
|
||||
}
|
||||
|
||||
location /alfresco/ {
|
||||
proxy_pass http://platform:8080;
|
||||
location /auth/ {
|
||||
proxy_pass http://identity:8080;
|
||||
|
||||
# If using external proxy / load balancer (for initial redirect if no trailing slash)
|
||||
absolute_redirect off;
|
||||
|
||||
Reference in New Issue
Block a user