Compare commits
No commits in common. "propagate/adw-backend.acs-aims" and "base" have entirely different histories.
propagate/
...
base
18
.env
18
.env
@ -1,18 +0,0 @@
|
||||
ALFRESCO_DIR=~/alfresco
|
||||
ALFRESCO_LICENSE_DIR=~/alfresco/license
|
||||
|
||||
PROXY_PROTOCOL=http
|
||||
PROXY_HOST=localhost
|
||||
PROXY_PORT=8080
|
||||
IDENTITY_SERVICE_PROTOCOL=http
|
||||
IDENTITY_SERVICE_HOST=auth.example.org
|
||||
IDENTITY_SERVICE_PORT=8080
|
||||
|
||||
ACS_TAG=7.4.1.1
|
||||
ATE_AIO_TAG=4.0.0
|
||||
AAMQ_TAG=latest
|
||||
POSTGRES_TAG=13
|
||||
ASIE_TAG=2.0.8.2
|
||||
APS_TAG=2.4.1
|
||||
AIS_TAG=1.8.0.1
|
||||
ACS_SHARE_TAG=7.4.1.2
|
||||
@ -3,10 +3,3 @@
|
||||
|
||||
This Git Repository intends to represent environments in Docker Compose. All environments are effectively a derivative of other environments. The original environment is the environment represented by the `base` branch. All derivative environments are represented by other branches. Those branches are named in the format `{core}.{parent}`.
|
||||
|
||||
## Licensing
|
||||
|
||||
This version of Alfresco requires licensing.
|
||||
|
||||
### APS
|
||||
|
||||
APS requires a license file for it to work. For licensing to work, you must place your license file in the following directory relative to the user home directory that runs the Docker Compose command: `alfresco/license/aps`. The filename must be `activiti.lic`. You can use symbolic linking if desired.
|
||||
|
||||
@ -1,147 +1,3 @@
|
||||
# Originally sourced from https://github.com/Alfresco/acs-deployment/blob/4.0.3/docker-compose/docker-compose.yml
|
||||
#
|
||||
version: "3"
|
||||
|
||||
services:
|
||||
|
||||
platform:
|
||||
image: alfresco/alfresco-content-repository-community:${ACS_TAG}
|
||||
environment:
|
||||
JAVA_TOOL_OPTIONS: "
|
||||
-Dencryption.keystore.type=JCEKS
|
||||
-Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding
|
||||
-Dencryption.keyAlgorithm=DESede
|
||||
-Dencryption.keystore.location=/usr/local/tomcat/shared/classes/alfresco/extension/keystore/keystore
|
||||
-Dmetadata-keystore.password=mp6yc0UD9e
|
||||
-Dmetadata-keystore.aliases=metadata
|
||||
-Dmetadata-keystore.metadata.password=oKIWzVdEdA
|
||||
-Dmetadata-keystore.metadata.algorithm=DESede
|
||||
"
|
||||
JAVA_OPTS: "
|
||||
-Xms512m -Xmx1g
|
||||
-Ddb.driver=org.postgresql.Driver
|
||||
-Ddb.username=alfresco
|
||||
-Ddb.password=alfresco
|
||||
-Ddb.url=jdbc:postgresql://postgres-acs:5432/alfresco
|
||||
-Dindex.subsystem.name=solr6
|
||||
-Dsolr.host=search
|
||||
-Dsolr.secureComms=secret
|
||||
-Dsolr.sharedSecret=alfresco-secret
|
||||
-Dalfresco.host=${PROXY_HOST}
|
||||
-Dalfresco.port=${PROXY_PORT}
|
||||
-Dalfresco.protocol=${PROXY_PROTOCOL}
|
||||
-Daos.baseUrlOverwrite=${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}/alfresco/aos
|
||||
-Dmessaging.broker.url=\"failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true\"
|
||||
-Ddeployment.method=DOCKER_COMPOSE
|
||||
-DlocalTransform.core-aio.url=http://transform-core-aio:8090/
|
||||
-Dalfresco-pdf-renderer.url=http://transform-core-aio:8090/
|
||||
-Djodconverter.url=http://transform-core-aio:8090/
|
||||
-Dimg.url=http://transform-core-aio:8090/
|
||||
-Dtika.url=http://transform-core-aio:8090/
|
||||
-Dtransform.misc.url=http://transform-core-aio:8090/
|
||||
-Dcsrf.filter.enabled=false
|
||||
-Dcors.enabled=false
|
||||
-Dtransform.service.enabled=false
|
||||
-Dlocal.transform.service.enabled=true
|
||||
-Dauthentication.chain=aims:identity-service,builtin:alfrescoNtlm
|
||||
-Didentity-service.authentication.defaultAdministratorUserNames=admin.1
|
||||
-Didentity-service.auth-server-url=${IDENTITY_SERVICE_PROTOCOL}://${IDENTITY_SERVICE_HOST}:${IDENTITY_SERVICE_PORT}/auth
|
||||
-Dsystem.content.eagerOrphanCleanup=true
|
||||
-Dsystem.content.orphanProtectDays=0
|
||||
-Djodconverter.enabled=false
|
||||
"
|
||||
depends_on:
|
||||
postgres-acs:
|
||||
condition: service_started
|
||||
activemq:
|
||||
condition: service_started
|
||||
identity:
|
||||
condition: service_healthy
|
||||
|
||||
transform-core-aio:
|
||||
image: alfresco/alfresco-transform-core-aio:${ATE_AIO_TAG}
|
||||
|
||||
postgres-acs:
|
||||
image: postgres:${POSTGRES_TAG}
|
||||
environment:
|
||||
POSTGRES_PASSWORD: alfresco
|
||||
POSTGRES_USER: alfresco
|
||||
POSTGRES_DB: alfresco
|
||||
command: postgres -c max_connections=300 -c log_min_messages=LOG
|
||||
|
||||
search:
|
||||
image: alfresco/alfresco-search-services:${ASIE_TAG}
|
||||
environment:
|
||||
SOLR_ALFRESCO_HOST: platform
|
||||
SOLR_SOLR_HOST: search
|
||||
SOLR_CREATE_ALFRESCO_DEFAULTS: alfresco,archive
|
||||
ALFRESCO_SECURE_COMMS: secret
|
||||
JAVA_TOOL_OPTIONS: "
|
||||
-Dalfresco.secureComms.secret=alfresco-secret
|
||||
"
|
||||
healthcheck:
|
||||
test: "curl -fsS http://localhost:8983/solr"
|
||||
|
||||
activemq:
|
||||
image: alfresco/alfresco-activemq:${AAMQ_TAG}
|
||||
environment:
|
||||
ACTIVEMQ_OPTS_MEMORY: -Xms64m -Xmx256m
|
||||
ACTIVEMQ_ADMIN_LOGIN: alfresco
|
||||
ACTIVEMQ_ADMIN_PASSWORD: alfresco
|
||||
|
||||
activiti-app:
|
||||
image: quay.io/alfresco/alfresco-process-services:${APS_TAG}
|
||||
environment:
|
||||
ACTIVITI_DATASOURCE_USERNAME: alfresco
|
||||
ACTIVITI_DATASOURCE_PASSWORD: alfresco
|
||||
ACTIVITI_DATASOURCE_DRIVER: org.postgresql.Driver
|
||||
ACTIVITI_HIBERNATE_DIALECT: org.hibernate.dialect.PostgreSQLDialect
|
||||
ACTIVITI_DATASOURCE_URL: 'jdbc:postgresql://postgres-aps:5432/activiti?characterEncoding=UTF-8'
|
||||
IDENTITY_SERVICE_ENABLED: "true"
|
||||
IDENTITY_SERVICE_AUTH: ${IDENTITY_SERVICE_PROTOCOL}://${IDENTITY_SERVICE_HOST}:${IDENTITY_SERVICE_PORT}/auth
|
||||
IDENTITY_SERVICE_CONTENT_SSO_REDIRECT_URI: ${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}/activiti-app/app/rest/integration/sso/confirm-auth-request
|
||||
JAVA_OPTS: "-Xms128m -Xmx256m"
|
||||
depends_on:
|
||||
- postgres-aps
|
||||
volumes:
|
||||
- "$ALFRESCO_LICENSE_DIR/aps:/home/alfresco/.activiti/enterprise-license:ro"
|
||||
|
||||
postgres-aps:
|
||||
image: postgres:${POSTGRES_TAG}
|
||||
environment:
|
||||
POSTGRES_DB: activiti
|
||||
POSTGRES_USER: alfresco
|
||||
POSTGRES_PASSWORD: alfresco
|
||||
command: postgres -c max_connections=300 -c log_min_messages=LOG
|
||||
|
||||
identity:
|
||||
image: alfresco/alfresco-identity-service:${AIS_TAG}
|
||||
user: jboss
|
||||
environment:
|
||||
KEYCLOAK_USER: admin
|
||||
KEYCLOAK_PASSWORD: admin
|
||||
KEYCLOAK_HOSTNAME: ${IDENTITY_SERVICE_HOST}
|
||||
KEYCLOAK_IMPORT: /tmp/keycloak-alfresco-realm.json
|
||||
KEYCLOAK_STATISTICS: enabled
|
||||
networks:
|
||||
default:
|
||||
aliases:
|
||||
- "${IDENTITY_SERVICE_HOST}"
|
||||
healthcheck:
|
||||
test: ["CMD", "curl", "-f", "http://localhost:8080/auth/realms/alfresco"]
|
||||
interval: 10s
|
||||
timeout: 10s
|
||||
# Really long startup times on Windows
|
||||
retries: 18
|
||||
volumes:
|
||||
- ./keycloak-alfresco-realm.json:/tmp/keycloak-alfresco-realm.json:ro
|
||||
|
||||
proxy:
|
||||
build: ./nginx-ingress
|
||||
image: local/nginx-ingress:acs-aps-aims
|
||||
ports:
|
||||
- 8080:8080
|
||||
depends_on:
|
||||
- platform
|
||||
- activiti-app
|
||||
- identity
|
||||
|
||||
@ -1,62 +0,0 @@
|
||||
{
|
||||
"realm": "alfresco",
|
||||
"enabled": true,
|
||||
"sslRequired": "external",
|
||||
"registrationAllowed": false,
|
||||
"roles": {
|
||||
"realm": [ {
|
||||
"name": "user",
|
||||
"description": "User privileges"
|
||||
}, {
|
||||
"name": "admin",
|
||||
"description": "Administrator privileges"
|
||||
} ]
|
||||
},
|
||||
"clients": [
|
||||
{
|
||||
"clientId": "alfresco",
|
||||
"name": "Alfresco Products",
|
||||
"enabled": true,
|
||||
"alwaysDisplayInConsole": false,
|
||||
"redirectUris": [ "*" ],
|
||||
"standardFlowEnabled": true,
|
||||
"implicitFlowEnabled": true,
|
||||
"directAccessGrantsEnabled": false,
|
||||
"publicClient": true,
|
||||
"protocol": "openid-connect",
|
||||
"attributes": {
|
||||
"login_theme": "alfresco"
|
||||
}
|
||||
},
|
||||
{
|
||||
"clientId": "acs-share",
|
||||
"name": "ACS Share",
|
||||
"enabled": true,
|
||||
"alwaysDisplayInConsole": false,
|
||||
"redirectUris": [ "*" ],
|
||||
"standardFlowEnabled": true,
|
||||
"implicitFlowEnabled": false,
|
||||
"directAccessGrantsEnabled": false,
|
||||
"publicClient": true,
|
||||
"protocol": "openid-connect",
|
||||
"attributes": {
|
||||
"login_theme": "alfresco"
|
||||
}
|
||||
}
|
||||
],
|
||||
"requiredCredentials": [ "password" ],
|
||||
"users": [
|
||||
{
|
||||
"username": "admin",
|
||||
"email": "admin@app.activiti.com",
|
||||
"enabled": true,
|
||||
"credentials" : [
|
||||
{
|
||||
"type" : "password",
|
||||
"value" : "admin"
|
||||
}
|
||||
],
|
||||
"realmRoles": [ "user", "admin" ]
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -1,8 +0,0 @@
|
||||
FROM nginx:stable-alpine
|
||||
|
||||
COPY nginx.conf /etc/nginx/nginx.conf
|
||||
|
||||
COPY entrypoint.sh /
|
||||
RUN chmod +x /entrypoint.sh
|
||||
|
||||
ENTRYPOINT [ "/entrypoint.sh" ]
|
||||
@ -1,19 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
if [[ $ACS_PLATFORM_URL ]]; then
|
||||
sed -i s%http:\/\/platform:8080%"$ACS_PLATFORM_URL"%g /etc/nginx/nginx.conf
|
||||
fi
|
||||
|
||||
if [[ $APS_APP_URL ]]; then
|
||||
sed -i s%http:\/\/activiti-app:8080%"$APS_APP_URL"%g /etc/nginx/nginx.conf
|
||||
fi
|
||||
|
||||
if [[ $AIMS_URL ]]; then
|
||||
sed -i s%http:\/\/identity:8080%"$AIMS_URL"%g /etc/nginx/nginx.conf
|
||||
fi
|
||||
|
||||
if [[ $ACCESS_LOG ]]; then
|
||||
sed -i s%\#ENV_ACCESS_LOG%"access_log $ACCESS_LOG;"%g /etc/nginx/nginx.conf
|
||||
fi
|
||||
|
||||
nginx -g "daemon off;"
|
||||
@ -1,66 +0,0 @@
|
||||
worker_processes 1;
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
http {
|
||||
server {
|
||||
listen *:8080;
|
||||
|
||||
client_max_body_size 0;
|
||||
|
||||
set $allowOriginSite *;
|
||||
proxy_pass_request_headers on;
|
||||
proxy_pass_header Set-Cookie;
|
||||
|
||||
# External settings, do not remove
|
||||
#ENV_ACCESS_LOG
|
||||
|
||||
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
|
||||
proxy_redirect off;
|
||||
# proxy_buffering off;
|
||||
proxy_buffer_size 64k;
|
||||
proxy_buffers 4 256k;
|
||||
proxy_busy_buffers_size 256k;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_pass_header Set-Cookie;
|
||||
|
||||
# Protect access to SOLR APIs
|
||||
location ~ ^(/.*/service/api/solr/.*)$ {return 403;}
|
||||
location ~ ^(/.*/s/api/solr/.*)$ {return 403;}
|
||||
location ~ ^(/.*/wcservice/api/solr/.*)$ {return 403;}
|
||||
location ~ ^(/.*/wcs/api/solr/.*)$ {return 403;}
|
||||
|
||||
location ~ ^(/.*/proxy/alfresco/api/solr/.*)$ {return 403 ;}
|
||||
location ~ ^(/.*/-default-/proxy/alfresco/api/.*)$ {return 403;}
|
||||
|
||||
# Protect access to Prometheus endpoint
|
||||
location ~ ^(/.*/s/prometheus)$ {return 403;}
|
||||
|
||||
location / {
|
||||
proxy_pass http://platform:8080;
|
||||
}
|
||||
|
||||
location /alfresco/ {
|
||||
proxy_pass http://platform:8080;
|
||||
}
|
||||
|
||||
location /activiti-app/ {
|
||||
proxy_pass http://activiti-app:8080;
|
||||
|
||||
# If using external proxy / load balancer (for initial redirect if no trailing slash)
|
||||
absolute_redirect off;
|
||||
}
|
||||
|
||||
location /auth/ {
|
||||
proxy_pass http://identity:8080;
|
||||
|
||||
# If using external proxy / load balancer (for initial redirect if no trailing slash)
|
||||
absolute_redirect off;
|
||||
}
|
||||
}
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user