Merge branch 'base' into ldap-server

added openldap server config and initial users/groups
2021-04-02 09:12:57 -04:00 · 2021-01-13 16:30:14 -05:00
6 changed files with 88 additions and 177 deletions
--- a/.env
+++ b/.env
@@ -1,6 +0,0 @@
-ALFRESCO_DIR=~/alfresco
-ALFRESCO_LICENSE_DIR=~/alfresco/license
-
-PROXY_PROTOCOL=http
-PROXY_HOST=localhost
-PROXY_PORT=8080
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -4,95 +4,14 @@
 version: "2"

 services:
-    platform:
-        image: alfresco/alfresco-governance-repository-community:V3.4-latest
-        mem_limit: 1700m
+
+    directory:
+        image: osixia/openldap:1.4.0
        environment:
-            JAVA_OPTS: "
-                -Ddb.driver=org.postgresql.Driver
-                -Ddb.username=alfresco
-                -Ddb.password=alfresco
-                -Ddb.url=jdbc:postgresql://postgres-acs:5432/alfresco
-                -Dindex.subsystem.name=solr6
-                -Dsolr.host=search
-                -Dsolr.port=8983
-                -Dsolr.secureComms=none
-                -Dshare.host=${PROXY_HOST}
-                -Dshare.port=${PROXY_PORT}
-                -Dshare.protocol=${PROXY_PROTOCOL}
-                -Dalfresco.host=${PROXY_HOST}
-                -Dalfresco.port=${PROXY_PORT}
-                -Dalfresco.protocol=${PROXY_PROTOCOL}
-                -Daos.baseUrlOverwrite=${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}/alfresco/aos
-                -Dmessaging.broker.url=\"failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true\"
-                -Ddeployment.method=DOCKER_COMPOSE
-                -DlocalTransform.core-aio.url=http://transform-core-aio:8090/
-                -Dalfresco-pdf-renderer.url=http://transform-core-aio:8090/
-                -Djodconverter.url=http://transform-core-aio:8090/
-                -Dimg.url=http://transform-core-aio:8090/
-                -Dtika.url=http://transform-core-aio:8090/
-                -Dtransform.misc.url=http://transform-core-aio:8090/
-                -Dcsrf.filter.enabled=false
-                -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80
+            LDAP_ORGANISATION: "Example Organization"
+            LDAP_DOMAIN: example.org
+            LDAP_ADMIN_PASSWORD: admin
+        command: "--copy-service --loglevel=debug"
+        volumes:
+            - ./openldap-example.ldif:/container/service/slapd/assets/config/bootstrap/ldif/50-bootstrap.ldif:ro

-                -Dtransform.service.enabled=false
-                
-                -Dsystem.content.eagerOrphanCleanup=true
-                -Dsystem.content.orphanProtectDays=0
-                -Djodconverter.enabled=false
-                "
-        depends_on:
-            - postgres-acs
-            - activemq
-    
-    transform-core-aio:
-        image: alfresco/alfresco-transform-core-aio:2.3.6
-    
-    share:
-        image: alfresco/alfresco-governance-share-community:V3.4-latest
-        mem_limit: 512m
-        environment:
-            REPO_HOST: "platform"
-            CSRF_FILTER_REFERER: "${PROXY_PROTOCOL}://${PROXY_HOST}(:${PROXY_PORT})?/?.*"
-            CSRF_FILTER_ORIGIN: "${PROXY_PROTOCOL}://${PROXY_HOST}(:${PROXY_PORT})?"
-            JAVA_OPTS: "
-                -Dshare.host=${PROXY_HOST}
-                -Dshare.port=${PROXY_PORT}
-                -Dshare.protocol=${PROXY_PROTOCOL}
-                -Dalfresco.host=${PROXY_HOST}
-                -Dalfresco.port=${PROXY_PORT}
-                -Dalfresco.protocol=${PROXY_PROTOCOL}
-                "
-    
-    postgres-acs:
-        image: postgres:11.7
-        mem_limit: 512m
-        environment:
-            - POSTGRES_PASSWORD=alfresco
-            - POSTGRES_USER=alfresco
-            - POSTGRES_DB=alfresco
-        command: postgres -c max_connections=300 -c log_min_messages=LOG
-    
-    search:
-        image: alfresco/alfresco-search-services:2.0.1
-        mem_limit: 2g
-        environment:
-            - SOLR_ALFRESCO_HOST=platform
-            - SOLR_ALFRESCO_PORT=8080
-            - SOLR_SOLR_HOST=search
-            - SOLR_SOLR_PORT=8983
-            - SOLR_CREATE_ALFRESCO_DEFAULTS=alfresco,archive
-            - ALFRESCO_SECURE_COMMS=none
-
-    activemq:
-        image: alfresco/alfresco-activemq:5.15.8
-        mem_limit: 256m
-
-    proxy:
-        build: ./nginx-ingress
-        image: local/nginx-ingress:acs-share
-        ports:
-            - 8080:8080
-        depends_on:
-            - platform
-            - share
--- a/nginx-ingress/Dockerfile
+++ b/nginx-ingress/Dockerfile
@@ -1,8 +0,0 @@
-FROM nginx:stable-alpine
-
-COPY nginx.conf /etc/nginx/nginx.conf
-
-COPY entrypoint.sh /
-RUN chmod +x /entrypoint.sh
-
-ENTRYPOINT [ "/entrypoint.sh" ]
--- a/nginx-ingress/entrypoint.sh
+++ b/nginx-ingress/entrypoint.sh
@@ -1,15 +0,0 @@
-#!/bin/sh
-
-if [[ $ACS_PLATFORM_URL ]]; then
-  sed -i s%http:\/\/platform:8080%"$ACS_PLATFORM_URL"%g /etc/nginx/nginx.conf
-fi
-
-if [[ $ACS_SHARE_URL ]]; then
-  sed -i s%http:\/\/share:8080%"$ACS_SHARE_URL"%g /etc/nginx/nginx.conf
-fi
-
-if [[ $ACCESS_LOG ]]; then
-  sed -i s%\#ENV_ACCESS_LOG%"access_log $ACCESS_LOG;"%g /etc/nginx/nginx.conf
-fi
-
-nginx -g "daemon off;"
--- a/nginx-ingress/nginx.conf
+++ b/nginx-ingress/nginx.conf
@@ -1,59 +0,0 @@
-worker_processes  1;
-
-events {
-    worker_connections  1024;
-}
-
-http {
-    server {
-        listen *:8080;
-
-        client_max_body_size 0;
-
-        set  $allowOriginSite *;
-        proxy_pass_request_headers on;
-        proxy_pass_header Set-Cookie;
-
-        # External settings, do not remove
-        #ENV_ACCESS_LOG
-
-        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
-        proxy_redirect off;
-        proxy_buffering off;
-        proxy_set_header Host              $http_host;
-        proxy_set_header X-Real-IP         $remote_addr;
-        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_pass_header Set-Cookie;
-        
-        # Protect access to SOLR APIs
-        location ~ ^(/.*/service/api/solr/.*)$ {return 403;}
-        location ~ ^(/.*/s/api/solr/.*)$ {return 403;}
-        location ~ ^(/.*/wcservice/api/solr/.*)$ {return 403;}
-        location ~ ^(/.*/wcs/api/solr/.*)$ {return 403;}
-
-        location ~ ^(/.*/proxy/alfresco/api/solr/.*)$ {return 403 ;}
-        location ~ ^(/.*/-default-/proxy/alfresco/api/.*)$ {return 403;}
-        
-        # Protect access to Prometheus endpoint
-        location ~ ^(/.*/s/prometheus)$ {return 403;}
-        
-        location / {
-            proxy_pass http://platform:8080;
-        }
-
-        location /alfresco/ {
-            proxy_pass http://platform:8080;
-
-            # If using external proxy / load balancer (for initial redirect if no trailing slash)
-            absolute_redirect off;
-        }
-
-        location /share/ {
-            proxy_pass http://share:8080;
-
-            # If using external proxy / load balancer (for initial redirect if no trailing slash)
-            absolute_redirect off;
-        }
-    }
-}
--- a/openldap-example.ldif
+++ b/openldap-example.ldif
@@ -0,0 +1,80 @@
+version: 1
+
+dn: uid=admin.1,dc=example,dc=org
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+objectClass: uidObject
+objectClass: simpleSecurityObject
+objectClass: mailAccount
+cn: #1
+sn: Administrator
+uid: admin.1
+userPassword: {SSHA}m2qOFBapko4Bky4vbQYCVyW4+KWeuswg/BqObw==
+mail: admin.1@example.org
+
+dn: uid=manager.1,dc=example,dc=org
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+objectClass: uidObject
+objectClass: simpleSecurityObject
+objectClass: mailAccount
+cn: #1
+sn: Manager
+uid: manager.1
+userPassword: {SSHA}m2qOFBapko4Bky4vbQYCVyW4+KWeuswg/BqObw==
+mail: manager.1@example.org
+
+dn: uid=user.1,dc=example,dc=org
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+objectClass: uidObject
+objectClass: simpleSecurityObject
+objectClass: mailAccount
+cn: #1
+sn: User
+uid: user.1
+userPassword: {SSHA}m2qOFBapko4Bky4vbQYCVyW4+KWeuswg/BqObw==
+mail: user.1@example.org
+
+dn: uid=user.2,dc=example,dc=org
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+objectClass: uidObject
+objectClass: simpleSecurityObject
+objectClass: mailAccount
+cn: #2
+sn: User
+uid: user.2
+userPassword: {SSHA}m2qOFBapko4Bky4vbQYCVyW4+KWeuswg/BqObw==
+mail: user.2@example.org
+
+dn: cn=power-users,dc=example,dc=org
+objectClass: groupOfNames
+objectClass: top
+cn: power-users
+member: uid=manager.1,dc=example,dc=org
+
+dn: cn=admins,dc=example,dc=org
+objectClass: groupOfNames
+objectClass: top
+cn: admins
+member: uid=admin.1,dc=example,dc=org
+
+dn: cn=acs-users,dc=example,dc=org
+objectClass: groupOfNames
+objectClass: top
+cn: acs-users
+member: cn=power-users,dc=example,dc=org
+member: uid=user.1,dc=example,dc=org
+
+dn: cn=aps-users,dc=example,dc=org
+objectClass: groupOfNames
+objectClass: top
+cn: aps-users
+member: cn=power-users,dc=example,dc=org
+member: uid=user.2,dc=example,dc=org
+
Author	SHA1	Message	Date
brian	cac59d7a9c	Merge branch 'base' into ldap-server	2021-04-02 09:12:57 -04:00
Brian Long	c9439a7902	added openldap server config and initial users/groups	2021-01-13 16:30:14 -05:00