Compare commits
13 Commits
propagate/
...
propagate/
| Author | SHA1 | Date | |
|---|---|---|---|
|
d15d9d291c | ||
|
|
ec79404d1c | ||
|
|
f23cda3fd1 | ||
|
|
fd79be4aed | ||
| b4be2e251c | |||
| 0be038fe07 | |||
| 25d0633fdb | |||
| 44b6f26f4f | |||
| ca420b43e2 | |||
| 8be7673ad3 | |||
| b124cd027c | |||
| 77f2c5e0f1 | |||
| 919d842d61 |
1
.env
1
.env
@@ -4,3 +4,4 @@ ALFRESCO_LICENSE_DIR=~/alfresco/license
|
||||
PROXY_PROTOCOL=http
|
||||
PROXY_HOST=localhost
|
||||
PROXY_PORT=8080
|
||||
IDENTITY_SERVICE_BASEURL=http://auth.example.org:8080
|
||||
|
||||
@@ -9,10 +9,10 @@ services:
|
||||
mem_limit: 1700m
|
||||
environment:
|
||||
JAVA_OPTS: "
|
||||
-Ddb.driver=com.mysql.jdbc.Driver
|
||||
-Ddb.driver=org.postgresql.Driver
|
||||
-Ddb.username=alfresco
|
||||
-Ddb.password=alfresco
|
||||
-Ddb.url=jdbc:mysql://mysql-acs:3306/alfresco?useUnicode=yes\\&characterEncoding=UTF-8\\&useSSL=false
|
||||
-Ddb.url=jdbc:postgresql://postgres-acs:5432/alfresco
|
||||
-Dindex.subsystem.name=solr6
|
||||
-Dsolr.host=search
|
||||
-Dsolr.port=8983
|
||||
@@ -37,16 +37,17 @@ services:
|
||||
|
||||
-Dtransform.service.enabled=false
|
||||
|
||||
-Dauthentication.chain=aims:identity-service,builtin:alfrescoNtlm
|
||||
-Didentity-service.authentication.defaultAdministratorUserNames=admin.1
|
||||
-Didentity-service.auth-server-url=${IDENTITY_SERVICE_BASEURL}/auth
|
||||
|
||||
-Dsystem.content.eagerOrphanCleanup=true
|
||||
-Dsystem.content.orphanProtectDays=0
|
||||
-Djodconverter.enabled=false
|
||||
"
|
||||
depends_on:
|
||||
- mysql-acs
|
||||
- postgres-acs
|
||||
- activemq
|
||||
volumes:
|
||||
- acsbin-volume:/usr/local/tomcat/alf_data:rw
|
||||
- /usr/share/java/mysql.jar:/usr/local/tomcat/lib/mysql.jar:ro
|
||||
|
||||
transform-core-aio:
|
||||
image: alfresco/alfresco-transform-core-aio:2.3.6
|
||||
@@ -65,18 +66,26 @@ services:
|
||||
-Dalfresco.host=${PROXY_HOST}
|
||||
-Dalfresco.port=${PROXY_PORT}
|
||||
-Dalfresco.protocol=${PROXY_PROTOCOL}
|
||||
-Daims.enabled=true
|
||||
-Daims.realm=alfresco
|
||||
-Daims.resource=acs-share
|
||||
-Daims.authServerUrl=${IDENTITY_SERVICE_BASEURL}/auth
|
||||
-Daims.sslRequired=none
|
||||
-Daims.publicClient=true
|
||||
-Daims.autodetectBearerOnly=true
|
||||
-Daims.alwaysRefreshToken=true
|
||||
-Daims.principalAttribute=preferred_username
|
||||
-Daims.enableBasicAuth=true
|
||||
"
|
||||
|
||||
mysql-acs:
|
||||
image: mysql:5.7
|
||||
postgres-acs:
|
||||
image: postgres:11.7
|
||||
mem_limit: 512m
|
||||
environment:
|
||||
- MYSQL_RANDOM_ROOT_PASSWORD=true
|
||||
- MYSQL_PASSWORD=alfresco
|
||||
- MYSQL_USER=alfresco
|
||||
- MYSQL_DATABASE=alfresco
|
||||
volumes:
|
||||
- acsdb-volume:/var/lib/mysql:rw
|
||||
- POSTGRES_PASSWORD=alfresco
|
||||
- POSTGRES_USER=alfresco
|
||||
- POSTGRES_DB=alfresco
|
||||
command: postgres -c max_connections=300 -c log_min_messages=LOG
|
||||
|
||||
search:
|
||||
image: alfresco/alfresco-search-services:2.0.1
|
||||
@@ -88,31 +97,33 @@ services:
|
||||
- SOLR_SOLR_PORT=8983
|
||||
- SOLR_CREATE_ALFRESCO_DEFAULTS=alfresco,archive
|
||||
- ALFRESCO_SECURE_COMMS=none
|
||||
volumes:
|
||||
- solrindex-volume:/opt/alfresco-search-services/data:rw
|
||||
|
||||
activemq:
|
||||
image: alfresco/alfresco-activemq:5.15.8
|
||||
mem_limit: 256m
|
||||
|
||||
identity:
|
||||
image: alfresco/alfresco-identity-service:1.3
|
||||
user: jboss
|
||||
environment:
|
||||
KEYCLOAK_USER: admin
|
||||
KEYCLOAK_PASSWORD: admin
|
||||
KEYCLOAK_HOSTNAME: auth.example.org
|
||||
KEYCLOAK_IMPORT: /tmp/keycloak-alfresco-realm.json
|
||||
KEYCLOAK_STATISTICS: enabled
|
||||
networks:
|
||||
default:
|
||||
aliases:
|
||||
- "auth.example.org"
|
||||
volumes:
|
||||
- activemq-volume:/opt/activemq/data:rw
|
||||
- ./keycloak-alfresco-realm.json:/tmp/keycloak-alfresco-realm.json:ro
|
||||
|
||||
proxy:
|
||||
build: ./nginx-ingress
|
||||
image: local/nginx-ingress:acs-share
|
||||
image: local/nginx-ingress:acs-share-aims
|
||||
ports:
|
||||
- 8080:8080
|
||||
depends_on:
|
||||
- platform
|
||||
- share
|
||||
|
||||
volumes:
|
||||
acsbin-volume:
|
||||
driver: local
|
||||
acsdb-volume:
|
||||
driver: local
|
||||
activemq-volume:
|
||||
driver: local
|
||||
solrindex-volume:
|
||||
driver: local
|
||||
|
||||
- identity
|
||||
|
||||
62
keycloak-alfresco-realm.json
Normal file
62
keycloak-alfresco-realm.json
Normal file
@@ -0,0 +1,62 @@
|
||||
{
|
||||
"realm": "alfresco",
|
||||
"enabled": true,
|
||||
"sslRequired": "external",
|
||||
"registrationAllowed": false,
|
||||
"roles": {
|
||||
"realm": [ {
|
||||
"name": "user",
|
||||
"description": "User privileges"
|
||||
}, {
|
||||
"name": "admin",
|
||||
"description": "Administrator privileges"
|
||||
} ]
|
||||
},
|
||||
"clients": [
|
||||
{
|
||||
"clientId": "alfresco",
|
||||
"name": "Alfresco Products",
|
||||
"enabled": true,
|
||||
"alwaysDisplayInConsole": false,
|
||||
"redirectUris": [ "*" ],
|
||||
"standardFlowEnabled": true,
|
||||
"implicitFlowEnabled": true,
|
||||
"directAccessGrantsEnabled": false,
|
||||
"publicClient": true,
|
||||
"protocol": "openid-connect",
|
||||
"attributes": {
|
||||
"login_theme": "alfresco"
|
||||
}
|
||||
},
|
||||
{
|
||||
"clientId": "acs-share",
|
||||
"name": "ACS Share",
|
||||
"enabled": true,
|
||||
"alwaysDisplayInConsole": false,
|
||||
"redirectUris": [ "*" ],
|
||||
"standardFlowEnabled": true,
|
||||
"implicitFlowEnabled": false,
|
||||
"directAccessGrantsEnabled": false,
|
||||
"publicClient": true,
|
||||
"protocol": "openid-connect",
|
||||
"attributes": {
|
||||
"login_theme": "alfresco"
|
||||
}
|
||||
}
|
||||
],
|
||||
"requiredCredentials": [ "password" ],
|
||||
"users": [
|
||||
{
|
||||
"username": "admin",
|
||||
"email": "admin@app.activiti.com",
|
||||
"enabled": true,
|
||||
"credentials" : [
|
||||
{
|
||||
"type" : "password",
|
||||
"value" : "admin"
|
||||
}
|
||||
],
|
||||
"realmRoles": [ "user", "admin" ]
|
||||
}
|
||||
]
|
||||
}
|
||||
@@ -8,6 +8,10 @@ if [[ $ACS_SHARE_URL ]]; then
|
||||
sed -i s%http:\/\/share:8080%"$ACS_SHARE_URL"%g /etc/nginx/nginx.conf
|
||||
fi
|
||||
|
||||
if [[ $AIMS_URL ]]; then
|
||||
sed -i s%http:\/\/identity:8080%"$AIMS_URL"%g /etc/nginx/nginx.conf
|
||||
fi
|
||||
|
||||
if [[ $ACCESS_LOG ]]; then
|
||||
sed -i s%\#ENV_ACCESS_LOG%"access_log $ACCESS_LOG;"%g /etc/nginx/nginx.conf
|
||||
fi
|
||||
|
||||
@@ -19,7 +19,10 @@ http {
|
||||
|
||||
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
|
||||
proxy_redirect off;
|
||||
proxy_buffering off;
|
||||
# proxy_buffering off;
|
||||
proxy_buffer_size 64k;
|
||||
proxy_buffers 4 256k;
|
||||
proxy_busy_buffers_size 256k;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
@@ -51,6 +54,10 @@ http {
|
||||
|
||||
location /share/ {
|
||||
proxy_pass http://share:8080;
|
||||
}
|
||||
|
||||
location /auth/ {
|
||||
proxy_pass http://identity:8080;
|
||||
|
||||
# If using external proxy / load balancer (for initial redirect if no trailing slash)
|
||||
absolute_redirect off;
|
||||
|
||||
Reference in New Issue
Block a user