Merge branch 'proxy' into aims

Merge branch 'base' into proxy
changed admin username ot alfresco defaults
2021-04-02 09:12:59 -04:00 · 2021-04-02 08:41:45 -04:00 · 2021-01-14 11:40:42 -05:00 · 2021-01-14 11:17:01 -05:00 · 2021-01-14 09:39:34 -05:00 · 2021-01-13 17:01:06 -05:00
7 changed files with 134 additions and 88 deletions
--- a/.env
+++ b/.env
@@ -0,0 +1,4 @@
 PROXY_PROTOCOL=http
 PROXY_HOST=localhost
 PROXY_PORT=8080
 IDENTITY_SERVICE_BASEURL=http://auth.example.org:8080
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -5,13 +5,26 @@ version: "2"
 services:
-    directory:
+    identity:
-        image: osixia/openldap:1.4.0
+        image: alfresco/alfresco-identity-service:1.3
        user: jboss
        environment:
-            LDAP_ORGANISATION: "Example Organization"
+            KEYCLOAK_USER: admin
-            LDAP_DOMAIN: example.org
+            KEYCLOAK_PASSWORD: admin
-            LDAP_ADMIN_PASSWORD: admin
+            KEYCLOAK_HOSTNAME: auth.example.org
-        command: "--copy-service --loglevel=debug"
+            KEYCLOAK_IMPORT: /tmp/keycloak-alfresco-realm.json
            KEYCLOAK_STATISTICS: enabled
        networks:
            default:
                aliases:
                    - "auth.example.org"
        volumes:
-            - ./openldap-example.ldif:/container/service/slapd/assets/config/bootstrap/ldif/50-bootstrap.ldif:ro
+            - ./keycloak-alfresco-realm.json:/tmp/keycloak-alfresco-realm.json:ro
    proxy:
        build: ./nginx-ingress
        image: local/nginx-ingress:aims
        ports:
            - 8080:8080
        depends_on:
            - identity
--- a/keycloak-alfresco-realm.json
+++ b/keycloak-alfresco-realm.json
@@ -0,0 +1,47 @@
 {
  "realm": "alfresco",
  "enabled": true,
  "sslRequired": "external",
  "registrationAllowed": false,
  "roles": {
    "realm": [ {
      "name": "user",
      "description": "User privileges"
    }, {
      "name": "admin",
      "description": "Administrator privileges"
    } ]
  },
  "clients": [
    {
      "clientId": "alfresco",
      "name": "Alfresco Products",
      "enabled": true,
      "alwaysDisplayInConsole": false,
      "redirectUris": [ "*" ],
      "standardFlowEnabled": true,
      "implicitFlowEnabled": true,
      "directAccessGrantsEnabled": false,
      "publicClient": true,
      "protocol": "openid-connect",
      "attributes": {
        "login_theme": "alfresco"
      }
    }
  ],
  "requiredCredentials": [ "password" ],
  "users": [
    {
      "username": "admin",
      "email": "admin@app.activiti.com",
      "enabled": true,
      "credentials" : [
        {
          "type" : "password",
          "value" : "admin"
        }
      ],
      "realmRoles": [ "user", "admin" ]
    }
  ]
 }
--- a/nginx-ingress/Dockerfile
+++ b/nginx-ingress/Dockerfile
@@ -0,0 +1,8 @@
 FROM nginx:stable-alpine
 COPY nginx.conf /etc/nginx/nginx.conf
 COPY entrypoint.sh /
 RUN chmod +x /entrypoint.sh
 ENTRYPOINT [ "/entrypoint.sh" ]
--- a/nginx-ingress/entrypoint.sh
+++ b/nginx-ingress/entrypoint.sh
@@ -0,0 +1,11 @@
 #!/bin/sh
 if [[ $AIMS_URL ]]; then
  sed -i s%http:\/\/identity:8080%"$AIMS_URL"%g /etc/nginx/nginx.conf
 fi
 if [[ $ACCESS_LOG ]]; then
  sed -i s%\#ENV_ACCESS_LOG%"access_log $ACCESS_LOG;"%g /etc/nginx/nginx.conf
 fi
 nginx -g "daemon off;"
--- a/nginx-ingress/nginx.conf
+++ b/nginx-ingress/nginx.conf
@@ -0,0 +1,43 @@
 worker_processes  1;
 events {
    worker_connections  1024;
 }
 http {
    server {
        listen *:8080;
        client_max_body_size 0;
        set  $allowOriginSite *;
        proxy_pass_request_headers on;
        proxy_pass_header Set-Cookie;
        # External settings, do not remove
        #ENV_ACCESS_LOG
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
        proxy_redirect off;
 #        proxy_buffering off;
        proxy_buffer_size	64k;
        proxy_buffers		4 256k;
        proxy_busy_buffers_size	256k;
        proxy_set_header Host              $http_host;
        proxy_set_header X-Real-IP         $remote_addr;
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass_header Set-Cookie;
        location / {
            return 301 $scheme://$http_host/auth;
        }
        location /auth/ {
            proxy_pass http://identity:8080;
            # If using external proxy / load balancer (for initial redirect if no trailing slash)
            absolute_redirect off;
        }
    }
 }
--- a/openldap-example.ldif
+++ b/openldap-example.ldif
@@ -1,80 +0,0 @@
 version: 1
 dn: uid=admin.1,dc=example,dc=org
 objectClass: organizationalPerson
 objectClass: person
 objectClass: top
 objectClass: uidObject
 objectClass: simpleSecurityObject
 objectClass: mailAccount
 cn: #1
 sn: Administrator
 uid: admin.1
 userPassword: {SSHA}m2qOFBapko4Bky4vbQYCVyW4+KWeuswg/BqObw==
 mail: admin.1@example.org
 dn: uid=manager.1,dc=example,dc=org
 objectClass: organizationalPerson
 objectClass: person
 objectClass: top
 objectClass: uidObject
 objectClass: simpleSecurityObject
 objectClass: mailAccount
 cn: #1
 sn: Manager
 uid: manager.1
 userPassword: {SSHA}m2qOFBapko4Bky4vbQYCVyW4+KWeuswg/BqObw==
 mail: manager.1@example.org
 dn: uid=user.1,dc=example,dc=org
 objectClass: organizationalPerson
 objectClass: person
 objectClass: top
 objectClass: uidObject
 objectClass: simpleSecurityObject
 objectClass: mailAccount
 cn: #1
 sn: User
 uid: user.1
 userPassword: {SSHA}m2qOFBapko4Bky4vbQYCVyW4+KWeuswg/BqObw==
 mail: user.1@example.org
 dn: uid=user.2,dc=example,dc=org
 objectClass: organizationalPerson
 objectClass: person
 objectClass: top
 objectClass: uidObject
 objectClass: simpleSecurityObject
 objectClass: mailAccount
 cn: #2
 sn: User
 uid: user.2
 userPassword: {SSHA}m2qOFBapko4Bky4vbQYCVyW4+KWeuswg/BqObw==
 mail: user.2@example.org
 dn: cn=power-users,dc=example,dc=org
 objectClass: groupOfNames
 objectClass: top
 cn: power-users
 member: uid=manager.1,dc=example,dc=org
 dn: cn=admins,dc=example,dc=org
 objectClass: groupOfNames
 objectClass: top
 cn: admins
 member: uid=admin.1,dc=example,dc=org
 dn: cn=acs-users,dc=example,dc=org
 objectClass: groupOfNames
 objectClass: top
 cn: acs-users
 member: cn=power-users,dc=example,dc=org
 member: uid=user.1,dc=example,dc=org
 dn: cn=aps-users,dc=example,dc=org
 objectClass: groupOfNames
 objectClass: top
 cn: aps-users
 member: cn=power-users,dc=example,dc=org
 member: uid=user.2,dc=example,dc=org
Author	SHA1	Message	Date
brian	f23cda3fd1	Merge branch 'proxy' into aims	2021-04-02 09:12:59 -04:00
Brian Long	3d6aa1d4bc	Merge branch 'base' into proxy	2021-04-02 08:41:45 -04:00
Brian Long	b4be2e251c	changed admin username ot alfresco defaults	2021-01-14 11:40:42 -05:00
Brian Long	44b6f26f4f	updates after some acs-enterprise testing	2021-01-14 11:17:01 -05:00
Brian Long	b124cd027c	added default admin.1 user	2021-01-14 09:39:34 -05:00
Brian Long	919d842d61	added identity service	2021-01-13 17:01:06 -05:00
Brian Long	ac18d6d637	fixed host/protocol URL rewrites	2021-01-06 12:21:21 -05:00
Brian Long	817b062dfd	merged platform/share into single proxy	2020-12-26 13:54:31 -05:00
Brian Long	d6b7a879b1	added .env configurable platform/share context	2020-12-26 11:15:44 -05:00
Brian Long	5e618569bc	Merge branch 'base' into proxy.base	2020-12-26 11:11:16 -05:00
Brian Long	4e8453becd	removed port from reverse proxy; allows it to work when port changes	2020-12-25 23:08:07 -05:00
Brian Long	a42af25649	added port for localhost	2020-12-17 16:19:34 -05:00
Brian Long	f1df9c3217	initial nginx dynamic docker image config	2020-12-17 16:03:33 -05:00