added license file README

.env

@@ -4,6 +4,6 @@ ALFRESCO_LICENSE_DIR=~/alfresco/license
 PROXY_PROTOCOL=http
 PROXY_HOST=localhost
 PROXY_PORT=8080
-IDENTITY_SERVICE_PROTOCOL=http
+
-IDENTITY_SERVICE_HOST=auth.example.org
+APS_TAG=2.4.1
-IDENTITY_SERVICE_PORT=8080
+POSTGRES_TAG=13

README.md

@@ -3,3 +3,10 @@
 
 This Git Repository intends to represent environments in Docker Compose.  All environments are effectively a derivative of other environments.  The original environment is the environment represented by the `base` branch.  All derivative environments are represented by other branches.  Those branches are named in the format `{core}.{parent}`.
 
+## Licensing
+
+This version of Alfresco requires licensing.
+
+### APS
+
+APS requires a license file for it to work.  For licensing to work, you must place your license file in the following directory relative to the user home directory that runs the Docker Compose command: `alfresco/license/aps`.  The filename must be `activiti.lic`.  You can use symbolic linking if desired.

docker-compose.yml

@@ -1,331 +1,42 @@
-# Sourced from https://github.com/Alfresco/acs-deployment/blob/4.0.3/docker-compose/docker-compose.yml
+# Originally sourced from https://github.com/Alfresco/acs-deployment/blob/4.0.3/docker-compose/docker-compose.yml
 #
-# Using version 2 as 3 does not support resource constraint options (cpu_*, mem_* limits) for non swarm mode in Compose
+version: "3"
-version: "2.1"
 
 services:
-    platform:
-        image: quay.io/alfresco/alfresco-governance-repository-enterprise:V3.4-latest
-        mem_limit: 2g
-        environment:
-            JAVA_OPTS: "
-                -Ddb.driver=org.postgresql.Driver
-                -Ddb.username=alfresco
-                -Ddb.password=alfresco
-                -Ddb.url=jdbc:postgresql://postgres-acs:5432/alfresco
-                -Dindex.subsystem.name=solr6
-                -Dsolr.host=search
-                -Dsolr.port=8983
-                -Dsolr.secureComms=none
-                -Dshare.host=${PROXY_HOST}
-                -Dshare.port=${PROXY_PORT}
-                -Dshare.protocol=${PROXY_PROTOCOL}
-                -Dalfresco.host=${PROXY_HOST}
-                -Dalfresco.port=${PROXY_PORT}
-                -Dalfresco.protocol=${PROXY_PROTOCOL}
-                -Daos.baseUrlOverwrite=${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}/alfresco/aos
-                -Dmessaging.broker.url=\"failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true\"
-                -Ddeployment.method=DOCKER_COMPOSE
-                -DlocalTransform.core-aio.url=http://transform-core-aio:8090/
-                -Dalfresco-pdf-renderer.url=http://transform-core-aio:8090/
-                -Djodconverter.url=http://transform-core-aio:8090/
-                -Dimg.url=http://transform-core-aio:8090/
-                -Dtika.url=http://transform-core-aio:8090/
-                -Dtransform.misc.url=http://transform-core-aio:8090/
-                -Dcsrf.filter.enabled=false
-                -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80
-
-                -Dtransform.service.enabled=true
-                -Dlocal.transform.service.enabled=false
-
-                -Dtransform.service.url=http://transform-router:8095
-                -Dsfs.url=http://shared-file-store:8099
-                -Dalfresco-pdf-renderer.url=http://transform-engine-aio:8090
-                -Djodconverter.url=http://transform-engine-aio:8090
-                -Dimg.url=http://transform-engine-aio:8090
-                -Dtika.url=http://transform-engine-aio:8090
-                -Dtransform.misc.url=http://transform-engine-aio:8090
-
-                -Ddsync.service.uris=${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}/sync
-
-                -Dauthentication.chain=aims:identity-service,builtin:alfrescoNtlm
-                -Didentity-service.authentication.defaultAdministratorUserNames=admin.1
-                -Didentity-service.auth-server-url=${IDENTITY_SERVICE_PROTOCOL}://${IDENTITY_SERVICE_HOST}:${IDENTITY_SERVICE_PORT}/auth
-                
-                -Dsystem.content.eagerOrphanCleanup=true
-                -Dsystem.content.orphanProtectDays=0
-                -Djodconverter.enabled=false
-                "
-        depends_on:
-            postgres-acs:
-                condition: service_started
-            activemq:
-                condition: service_started
-            shared-file-store:
-                condition: service_started
-            identity:
-                condition: service_healthy
-        volumes:
-            - "$ALFRESCO_LICENSE_DIR/acs:/usr/local/tomcat/shared/classes/alfresco/extension/license:ro"
-            - acsbin-volume:/usr/local/tomcat/alf_data:rw
-    
-    transform-router:
-        image: quay.io/alfresco/alfresco-transform-router:1.3.1
-        mem_limit: 128m
-        environment:
-            ACTIVEMQ_URL: "nio://activemq:61616"
-            CORE_AIO_URL : "http://transform-core-aio:8090"
-            FILE_STORE_URL: "http://shared-file-store:8099/alfresco/api/-default-/private/sfs/versions/1/file"
-        depends_on:
-            - activemq
-            - shared-file-store
-    
-    transform-core-aio:
-        image: alfresco/alfresco-transform-core-aio:2.3.6
-        mem_limit: 1g
-        environment:
-            ACTIVEMQ_URL: "nio://activemq:61616"
-            FILE_STORE_URL: "http://shared-file-store:8099/alfresco/api/-default-/private/sfs/versions/1/file"
-        depends_on:
-            - activemq
-            - shared-file-store
-
-    shared-file-store:
-        image: alfresco/alfresco-shared-file-store:0.10.0
-        mem_limit: 256m
-        volumes:
-            - shared-file-store-volume:/tmp/Alfresco/sfs
-    
-    share:
-        image: quay.io/alfresco/alfresco-governance-share-enterprise:V3.4-latest
-        mem_limit: 512m
-        environment:
-            REPO_HOST: "platform"
-            CSRF_FILTER_REFERER: "${PROXY_PROTOCOL}://${PROXY_HOST}(:${PROXY_PORT})?/?.*"
-            CSRF_FILTER_ORIGIN: "${PROXY_PROTOCOL}://${PROXY_HOST}(:${PROXY_PORT})?"
-            JAVA_OPTS: "
-                -Dshare.host=${PROXY_HOST}
-                -Dshare.port=${PROXY_PORT}
-                -Dshare.protocol=${PROXY_PROTOCOL}
-                -Dalfresco.host=${PROXY_HOST}
-                -Dalfresco.port=${PROXY_PORT}
-                -Dalfresco.protocol=${PROXY_PROTOCOL}
-                -Daims.enabled=true
-                -Daims.realm=alfresco
-                -Daims.resource=acs-share
-                -Daims.authServerUrl=${IDENTITY_SERVICE_PROTOCOL}://${IDENTITY_SERVICE_HOST}:${IDENTITY_SERVICE_PORT}/auth
-                -Daims.sslRequired=none
-                -Daims.publicClient=true
-                -Daims.autodetectBearerOnly=true
-                -Daims.alwaysRefreshToken=true
-                -Daims.principalAttribute=preferred_username
-                -Daims.enableBasicAuth=true
-                "
-    
-    postgres-acs:
-        image: postgres:11.7
-        mem_limit: 128m
-        environment:
-            - POSTGRES_PASSWORD=alfresco
-            - POSTGRES_USER=alfresco
-            - POSTGRES_DB=alfresco
-        command: postgres -c max_connections=300 -c log_min_messages=LOG
-        volumes:
-            - acsdb-volume:/var/lib/postgresql/data:rw
-    
-    search:
-        image: alfresco/alfresco-search-services:2.0.1
-        mem_limit: 1g
-        environment:
-            - SOLR_ALFRESCO_HOST=platform
-            - SOLR_ALFRESCO_PORT=8080
-            - SOLR_SOLR_HOST=search
-            - SOLR_SOLR_PORT=8983
-            - SOLR_CREATE_ALFRESCO_DEFAULTS=alfresco,archive
-            - ALFRESCO_SECURE_COMMS=none
-        volumes:
-            - solrindex-volume:/opt/alfresco-search-services/data:rw
-
-    activemq:
-        image: alfresco/alfresco-activemq:5.15.8
-        mem_limit: 512m
-        volumes:
-            - activemq-volume:/opt/activemq/data:rw
-
-    sync:
-        image: quay.io/alfresco/service-sync:3.3.3.1
-        mem_limit: 512m
-        environment:
-            JAVA_OPTS : "
-                -Dsql.db.driver=org.postgresql.Driver
-                -Dsql.db.url=jdbc:postgresql://postgres-acs:5432/alfresco
-                -Dsql.db.username=alfresco
-                -Dsql.db.password=alfresco
-                -Dmessaging.broker.host=activemq
-                -Drepo.hostname=platform
-                -Drepo.port=8080
-                -Ddw.server.applicationConnectors[0].type=http
-                -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80
-                -Didentity-service.auth-server-url=${IDENTITY_SERVICE_PROTOCOL}://${IDENTITY_SERVICE_HOST}:${IDENTITY_SERVICE_PORT}/auth
-                -Didentity-service.resource=acs-sync
-                "
-        depends_on:
-            - postgres-acs
-            - activemq
-
-    digital-workspace:
-        image: quay.io/alfresco/alfresco-digital-workspace:2.0.0-adw
-        mem_limit: 128m
-        environment:
-            BASE_PATH: ./
-            APP_CONFIG_ECM_HOST: "${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}"
-            APP_CONFIG_BPM_HOST: "${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}"
-            APP_BASE_SHARE_URL: "${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}/workspace/#/preview/s"
-            APP_CONFIG_PROVIDER: "ALL"
-            APP_CONFIG_PLUGIN_PROCESS_SERVICE: "true"
-            #APP_CONFIG_PLUGIN_PROCESS_AUTOMATION: "true"
-            APP_CONFIG_AUTH_TYPE: OAUTH
-            APP_CONFIG_OAUTH2_HOST: "${IDENTITY_SERVICE_PROTOCOL}://${IDENTITY_SERVICE_HOST}:${IDENTITY_SERVICE_PORT}/auth/realms/alfresco"
-            APP_CONFIG_OAUTH2_CLIENTID: alfresco
-            APP_CONFIG_OAUTH2_IMPLICIT_FLOW: "true"
-            APP_CONFIG_OAUTH2_REDIRECT_LOGIN: "/workspace/"
-            APP_CONFIG_OAUTH2_REDIRECT_LOGOUT: "/workspace/logout"
 
     activiti-app:
-        image: alfresco/process-services:1.11.1.1
+        image: quay.io/alfresco/alfresco-process-services:${APS_TAG}
-        mem_limit: 512m
         environment:
-            ACTIVITI_DATASOURCE_USERNAME: alfresco
-            ACTIVITI_DATASOURCE_PASSWORD: alfresco
-            ACTIVITI_DATASOURCE_DRIVER: org.postgresql.Driver
-            ACTIVITI_HIBERNATE_DIALECT: org.hibernate.dialect.PostgreSQLDialect
             ACTIVITI_DATASOURCE_URL: 'jdbc:postgresql://postgres-aps:5432/activiti?characterEncoding=UTF-8'
-            ACTIVITI_ES_SERVER_TYPE: rest
-            ACTIVITI_ES_REST_CLIENT_ADDRESS: search-aps
-            ACTIVITI_ES_REST_CLIENT_PORT: 9200
-            ACTIVITI_ES_REST_CLIENT_SCHEMA: http
-            IDENTITY_SERVICE_ENABLED: "true"
-            IDENTITY_SERVICE_AUTH: ${IDENTITY_SERVICE_PROTOCOL}://${IDENTITY_SERVICE_HOST}:${IDENTITY_SERVICE_PORT}/auth
-            IDENTITY_SERVICE_CONTENT_SSO_REDIRECT_URI: ${PROXY_PROTOCOL}://${PROXY_HOST}:${PROXY_PORT}/activiti-app/app/rest/integration/sso/confirm-auth-request
-            JAVA_OPTS: "-XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80"
         depends_on:
             - postgres-aps
         volumes:
             - "$ALFRESCO_LICENSE_DIR/aps:/root/.activiti/enterprise-license:ro"
-            - apsbin-volume:/var/lib/postgresql/data:rw
     
     activiti-admin:
-        image: alfresco/process-services-admin:1.11.1.1
+        image: quay.io/alfresco/alfresco-process-services-admin:${APS_TAG}
-        mem_limit: 256m
         environment:
-            ACTIVITI_ADMIN_DATASOURCE_USERNAME: alfresco
-            ACTIVITI_ADMIN_DATASOURCE_PASSWORD: alfresco
-            ACTIVITI_ADMIN_DATASOURCE_DRIVER: org.postgresql.Driver
-            ACTIVITI_ADMIN_HIBERNATE_DIALECT: org.hibernate.dialect.PostgreSQLDialect
             ACTIVITI_ADMIN_DATASOURCE_URL: 'jdbc:postgresql://postgres-aps-admin:5432/activiti-admin?characterEncoding=UTF-8'
             ACTIVITI_ADMIN_REST_APP_HOST: http://activiti-app
-            ACTIVITI_ADMIN_REST_APP_PORT: 8080
-            JAVA_OPTS: "-XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80"
         depends_on:
             - postgres-aps-admin
             - activiti-app
     
     postgres-aps:
-        image: postgres:11.6
+        image: postgres:${POSTGRES_TAG}
-        mem_limit: 128m
         environment:
             POSTGRES_DB: activiti
-            POSTGRES_USER: alfresco
-            POSTGRES_PASSWORD: alfresco
-        command: postgres -c max_connections=300 -c log_min_messages=LOG
-        volumes:
-            - apsdb-volume:/var/lib/postgresql/data:rw
     
     postgres-aps-admin:
-        image: postgres:11.6
+        image: postgres:${POSTGRES_TAG}
-        mem_limit: 128m
         environment:
             POSTGRES_DB: activiti-admin
-            POSTGRES_USER: alfresco
-            POSTGRES_PASSWORD: alfresco
-        command: postgres -c max_connections=50 -c log_min_messages=LOG
-        volumes:
-            - apsadmindb-volume:/var/lib/postgresql/data:rw
-    
-    search-aps:
-        image: elasticsearch:7.6.0
-        mem_limit: 512m
-        environment:
-            discovery.type: single-node
-            ES_JAVA_OPTS: "-Xms128m -Xmx256m"
-        ulimits:
-            memlock:
-                soft: -1
-                hard: -1
-        depends_on:
-            - activiti-app
-        volumes:
-            - esindex-volume:/var/lib/postgresql/data:rw
-
-    identity:
-        image: alfresco/alfresco-identity-service:1.4.0
-        mem_limit: 512m
-        user: jboss
-        environment:
-            KEYCLOAK_USER: admin
-            KEYCLOAK_PASSWORD: admin
-            KEYCLOAK_HOSTNAME: ${IDENTITY_SERVICE_HOST}
-            KEYCLOAK_IMPORT: /tmp/keycloak-alfresco-realm.json
-            KEYCLOAK_STATISTICS: enabled
-        networks:
-            default:
-                aliases:
-                    - "${IDENTITY_SERVICE_HOST}"
-        healthcheck:
-            test: ["CMD", "curl", "-f", "http://localhost:8080/auth/realms/alfresco"]
-            interval: 10s
-            timeout: 10s
-            # Really long startup times on Windows
-            retries: 18
-        volumes:
-            - ./keycloak-alfresco-realm.json:/tmp/keycloak-alfresco-realm.json:ro
-            - keycloak-volume:/opt/jboss/keycloak/standalone/data:rw
 
     proxy:
         build: ./nginx-ingress
-        image: local/nginx-ingress:acs-sync-share-adw-aps-aims
+        image: local/nginx-ingress:aps
-        mem_limit: 256m
         ports:
             - 8080:8080
         depends_on:
-            - platform
-            - sync
-            - share
-            - digital-workspace
             - activiti-app
             - activiti-admin
-            - identity
-
-volumes:
-    shared-file-store-volume:
-        driver_opts:
-            type: tmpfs
-            device: tmpfs
-    acsbin-volume:
-        driver: local
-    acsdb-volume:
-        driver: local
-    activemq-volume:
-        driver: local
-    solrindex-volume:
-        driver: local
-    apsbin-volume:
-        driver: local
-    apsdb-volume:
-        driver: local
-    apsadmindb-volume:
-        driver: local
-    esindex-volume:
-        driver: local
-    keycloak-volume:
-        driver: local

keycloak-alfresco-realm.json

@@ -1,80 +0,0 @@
-{
-  "realm": "alfresco",
-  "enabled": true,
-  "sslRequired": "external",
-  "registrationAllowed": false,
-  "roles": {
-    "realm": [ {
-      "name": "user",
-      "description": "User privileges"
-    }, {
-      "name": "admin",
-      "description": "Administrator privileges"
-    } ]
-  },
-  "clients": [
-    {
-      "clientId": "alfresco",
-      "name": "Alfresco Products",
-      "enabled": true,
-      "alwaysDisplayInConsole": false,
-      "redirectUris": [ "*" ],
-      "standardFlowEnabled": true,
-      "implicitFlowEnabled": true,
-      "directAccessGrantsEnabled": false,
-      "publicClient": true,
-      "protocol": "openid-connect",
-      "attributes": {
-        "login_theme": "alfresco"
-      }
-    },
-    {
-      "clientId": "acs-share",
-      "name": "ACS Share",
-      "enabled": true,
-      "alwaysDisplayInConsole": false,
-      "redirectUris": [ "*" ],
-      "standardFlowEnabled": true,
-      "implicitFlowEnabled": false,
-      "directAccessGrantsEnabled": false,
-      "publicClient": true,
-      "protocol": "openid-connect",
-      "attributes": {
-        "login_theme": "alfresco"
-      }
-    },
-    {
-      "clientId": "acs-sync",
-      "name": "Alfresco Sync Service Clients",
-      "enabled": true,
-      "alwaysDisplayInConsole": false,
-      "redirectUris": [
-        "http://127.0.0.1*",
-        "http://localhost*"
-      ],
-      "standardFlowEnabled": true,
-      "implicitFlowEnabled": false,
-      "directAccessGrantsEnabled": false,
-      "publicClient": true,
-      "protocol": "openid-connect",
-      "attributes": {
-        "login_theme": "alfresco"
-      }
-    }
-  ],
-  "requiredCredentials": [ "password" ],
-  "users": [
-    {
-      "username": "admin",
-      "email": "admin@app.activiti.com",
-      "enabled": true,
-      "credentials" : [
-        {
-          "type" : "password",
-          "value" : "admin"
-        }
-      ],
-      "realmRoles": [ "user", "admin" ]
-    }
-  ]
-}

nginx-ingress/entrypoint.sh

@@ -1,21 +1,5 @@
 #!/bin/sh
 
-if [[ $ACS_PLATFORM_URL ]]; then
-  sed -i s%http:\/\/platform:8080%"$ACS_PLATFORM_URL"%g /etc/nginx/nginx.conf
-fi
-
-if [[ $ACS_SYNC_URL ]]; then
-  sed -i s%http:\/\/sync:9090%"$ACS_SYNC_URL"%g /etc/nginx/nginx.conf
-fi
-
-if [[ $ACS_SHARE_URL ]]; then
-  sed -i s%http:\/\/share:8080%"$ACS_SHARE_URL"%g /etc/nginx/nginx.conf
-fi
-
-if [[ $ADW_URL ]]; then
-  sed -i s%http:\/\/digital-workspace:8080%"$ADW_URL"%g /etc/nginx/nginx.conf
-fi
-
 if [[ $APS_APP_URL ]]; then
   sed -i s%http:\/\/activiti-app:8080%"$APS_APP_URL"%g /etc/nginx/nginx.conf
 fi
@@ -24,10 +8,6 @@ if [[ $APS_ADMIN_URL ]]; then
   sed -i s%http:\/\/activiti-admin:8080%"$APS_ADMIN_URL"%g /etc/nginx/nginx.conf
 fi
 
-if [[ $AIMS_URL ]]; then
-  sed -i s%http:\/\/identity:8080%"$AIMS_URL"%g /etc/nginx/nginx.conf
-fi
-
 if [[ $ACCESS_LOG ]]; then
   sed -i s%\#ENV_ACCESS_LOG%"access_log $ACCESS_LOG;"%g /etc/nginx/nginx.conf
 fi

nginx-ingress/nginx.conf

@@ -19,10 +19,7 @@ http {
 
         proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
         proxy_redirect off;
-#        proxy_buffering off;
+        proxy_buffering off;
-        proxy_buffer_size	64k;
-        proxy_buffers		4 256k;
-        proxy_busy_buffers_size	256k;
         proxy_set_header Host              $http_host;
         proxy_set_header X-Real-IP         $remote_addr;
         proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
@@ -42,18 +39,7 @@ http {
         location ~ ^(/.*/s/prometheus)$ {return 403;}
         
         location / {
-            proxy_pass http://platform:8080;
+            return 301 $scheme://$http_host/activiti-app;
-        }
-
-        location /alfresco/ {
-            proxy_pass http://platform:8080;
-
-            # If using external proxy / load balancer (for initial redirect if no trailing slash)
-            absolute_redirect off;
-        }
-        
-        location /sync/ {
-            proxy_pass http://sync:9090/alfresco/;
         }
 
         location /activiti-app/ {
@@ -69,23 +55,5 @@ http {
             # If using external proxy / load balancer (for initial redirect if no trailing slash)
             absolute_redirect off;
         }
-
-        location /share/ {
-            proxy_pass http://share:8080;
-        }
-        
-        location /workspace/ {
-            proxy_pass http://digital-workspace:8080/;
-
-            # If using external proxy / load balancer (for initial redirect if no trailing slash)
-            absolute_redirect off;
-        }
-
-        location /auth/ {
-            proxy_pass http://identity:8080;
-
-            # If using external proxy / load balancer (for initial redirect if no trailing slash)
-            absolute_redirect off;
-        }
     }
 }