generator-alfresco-docker-installer
Alfresco Docker Installer
DISCLAIMER
IMPORTANT This project is not supported by Alfresco in any way. Despite deployments using Docker Compose are considered a valid approach for ACS deployment (Community and Enterprise), this alfresco-docker-installer
tool is not the official Alfresco recommendation. Please, check https://github.com/Alfresco/acs-deployment/tree/master/docker-compose in order to understand official recommendations from Alfresco.
Description
Since Alfresco Installer was discontinued from Alfresco 5.2, this project provides a command line installer for Alfresco Community 6.1, 6.2, 7.0, 7.1, 7.2, 7.3 and 7.4 to be used in Docker Compose installations.
This project generates a Docker Compose template ready to be used including following features:
- RAM limits for every service according to global memory available for Docker
- PostgreSQL or MariaDB as database (no other option but MySQL is supported for Community)
- Search Services configured for environments using several languages for contents or from operative systems / browsers
- Outbound Email service (smtp)
- LDAP service for identification (based in OpenLDAP)
- Several Community addons available
- Wrapper Script for waiting the alfresco boot to finish
This generator creates a base Docker Template with the configuration selected, but you should review volumes, configuration, modules & tuning parameters before using this composition in Production environments.
WARNING Depending on the OS used for hosting Docker, some adjustments must be made in default volumes configuration:
- For Mac OS, produced Docker Compose template should work as is
- For Windows, safer approach is to use standard Docker Volumes are used instead of Bind Docker Volumes. This alternative is enabled when choosing "Windows host" option in the generator.
- For Linux, some local folder permission must be adjusted if you are not using 'root' to run Docker. Review the Docker Volumes section before running the produced Docker Compose template. Also checkout this tutorial with video recording on how to use this tool in Ubuntu 20.04 LTS: Installing Alfresco 6 Community Edition in Ubuntu
Installation
This program has following dependencies:
- Node.js
- Yeoman
Yeoman requires the Node to have a version higher than v14
You can download and install Node.js
from official web page:
https://nodejs.org/en/download/
Or you can use any of the package managers provided by the product:
https://nodejs.org/en/download/package-manager/
Once Node.js is installed, you can install Yeoman as a module:
$ npm install -g yo
And finally, you can install this generator:
$ npm install --global generator-alfresco-docker-installer
Note for NodeJS 16+
When using NodeJS 16+, depending on your terminal, it's required to run one of the commands below before using the project.
# macOS, Linux and Windows Git Bash
export NODE_OPTIONS=--openssl-legacy-provider
# Windows Command Prompt:
set NODE_OPTIONS=--openssl-legacy-provider
# Windows PowerShell:
$env:NODE_OPTIONS="--openssl-legacy-provider"
Deployment
Deployment is provided for Docker Compose, so following dependencies must be satisfied by the server used to run the generated configuration:
- Docker
- Docker Compose
You can install Docker Desktop for Windows or Mac and Docker Server for Linux.
https://docs.docker.com/install/
You need also to add Docker Compose program to your installation.
https://docs.docker.com/compose/install/
Running
Create a folder where Docker Compose template files are going to be produced and run the generator.
If you downloaded this project, don't reuse source code folder. Create an empty folder to generate Docker Compose template anywhere.
$ mkdir docker-compose
$ cd docker-compose
$ yo alfresco-docker-installer
Several options are provided in order to build the configuration.
? Which ACS version do you want to use? 7.4
You can use Alfresco 6.1, 6.2, 7.0, 7.1, 7.2, 7.3 or 7.4
? Do you want to deploy Alfresco in ARCH64 computer (like Apple Silicon)?
Use ARCH64 Docker Images, mandatory when using Apple Silicon computers for deployment. This feature is only provided for ACS 7.3+
? How may GB RAM are available for Alfresco (16 is minimum required)? 16
Alfresco platform could work with less than 16 GB RAM, but it's recommended to provide at least 16 GB in your Docker server. This generator will limit the amount of memory for every service in order to match your resources.
? Do you want to use HTTPs for Web Proxy?
This option enables HTTPs for every service. Default SSL certificates (public and private) are provided in config/cert
folder. These certificates are not recommended for prod environments, so it's required to replace these files with your own certificates.
? What is the name of your server?
If you are deploying on a server different than localhost
, include in this option the name of your server. For instance: alfresco.com
? Choose the password for your admin user (admin)
Alfresco provides admin
password by default, choose a different one for new deployments. When using this option on pre-populated Alfresco Repositories, this setting is not applied, since the password is already stored in the existent database. By default system.preferred.password.encoding
is using bcrypt10
algorithm, so passwords are stored in database ciphered with salt.
? What HTTP port do you want to use (all the services are using the same port)? 80 or 443
HTTP port to be used by every service. If you are running on a Linux computer, you'll need to specify a port greater than 1024 when not starting as root
user.
? Do you want to use FTP (port 2121)? No
Enable configuration for FTP, using by default port 2121.
? Do you want to use MariaDB instead of PostgreSQL? No
Alfresco uses PostgreSQL by default, but alternatively MariaDB
can be used as database.
? Are you using different languages (this is the most common scenario)? Yes
By default, many organizations are storing document in different languages or the users are accessing the platform with browser configured in different languages. If this is your case, enable this configuration.
? Do you want to search in the content of the documents?
By default, Alfresco is indexing the content of a document (in addition to the metadata). Disable this option if you don't require searching by the content of the documents.
? Would you like to use HTTP or Shared Secret for Alfresco-SOLR communication?
http << Not available when using ACS 7.2+
https
secret
By default, communication between Alfresco and SOLR happens in plain http
. Since external APIs are protected by proxy
and SOLR Web Console is protected by user and password, default configuration may be the right one for many deployments. This option has been disabled from ACS 7.2!
When using secret
option (only available from 7.1.0), Alfresco and SOLR communication is happening in plain HTTP but including a shared secret word in HTTP Header. This should be a safer approach for open environments.
In addition, when using https
option, communication between SOLR and Alfresco is using Mutual TLS. This protocol includes client authentication using digital certificates, that may be also a safe alternative.
? Do you want to use the Events service (ActiveMQ)? No
This question is only available from ACS 7.3+. ActiveMQ for Community Edition is only required when using Out-Of-Process SDK, it may be omitted for other use cases.
? Do you want to use credentials for Events service (ActiveMQ)? No
By default, there is no authentication for ActiveMQ service. When choosing Yes
for this option, you'll be prompted for username and password to be used to access ActiveMQ Alfresco Broker. In case you enable this option, remember to use these credentials to consume messages from ActiveMQ when using Out of Process SDK or similar.
? Do you want to create an internal SMTP server? No
This service provides an internal SMTP server (for outgoing emails) based in a Postfix Relay. If you want to use your own mail server, you can configure it manually after the generation of the Docker Compose template.
? Do you want to create an internal LDAP server? No
This service provides an internal OpenLDAP server (for authentication). If you want to use your own LDAP or AD server, you can configure it manually after the generation of the Docker Compose template.
? Select the addons to be installed:
Google Docs 3.1.0 : https://github.com/Alfresco/google-docs/tree/V3.0.3
JavaScript Console 0.7 : https://github.com/AFaust/js-console
Order of the Bee Support Tools 1.1.0.0 : https://github.com/OrderOfTheBee/ootbee-support-tools
Share Site Creators 0.0.8 : https://github.com/jpotts/share-site-creators
Simple OCR 2.3.1 (for ACS 6.x) : https://github.com/keensoft/alfresco-simple-ocr
Alfresco OCR Transformer 1.0.0 (for ACS 7+) : https://github.com/aborroy/alf-tengine-ocr
ESign Cert 1.8.2 : https://github.com/keensoft/alfresco-esign-cert
Edit with LibreOffice in Alfresco Share 0.3.0 : https://github.com/zylklab/alfresco-share-online-edition-addon
Alfresco PDF Toolkit 1.4.x : https://github.com/OrderOfTheBee/alfresco-pdf-toolkit
A small catalog of trusted addons is provided by default, but you can install any other using the deployment folders.
? Are you using a Windows host to run Docker?
When using a Windows host to run Docker, standard Docker Volumes are used instead of Bind Docker Volumes. This options is easier to run in Docker Windows environments.
? Do you want to use a start script? Yes
The wrapper script for the docker-compose file allows nice features as a wait for alfresco to finish the boot and much more. Use "./start.sh -h" for more information.
? Do you want to get the script to create host volumes? No
When using Linux as host, you can get the script create_volumes.sh
in Docker Compose folder. The script should be run only once, and be the first one to be executed, before the docker-compose up command, to create the initial data
and logs
host folders with the expected permissions.
Passing parameters from command line
Default values for options can be specified in the command line, using a --name=value
pattern. When an options is specified in the command line, the question is not prompted to the user, so you can generate a Docker Compose template with no user interaction.
$ yo alfresco-docker-installer --acsVersion=6.1
Parameter names reference
--acsVersion
: 6.1, 6.2, 7.0, 7.1, 7.2, 7.3 or 7.4--ram
: number of GB available for Docker--mariadb
: true or false--crossLocale
: true or false--smtp
: true or false--ldap
: true or false--addons
: list of addons to be installed: js-console, ootbee-support-tools, share-site-creators, simple-ocr, alf-tengine-ocr, esign-cert--startscript
: true or false--volumesscript
: true or false--https
: true or false--serverName
: localhost default--password
: admin user default password--port
: 80 default--ftp
: true or false--solrHttpMode
: http, https or secret
Deploying additional addons
If you want to deploy additional addons, use deployment folders for Alfresco and Share services.
Alfresco
βββ alfresco
βΒ Β βββ modules > Deployment directory for addons
βΒ Β βΒ Β βββ amps > Repository addons with AMP format
βΒ Β βΒ Β βββ jars > Repository addons with JAR format
Share
βββ share
βββ modules > Deployment directory for addons
βββ amps > Share addons with AMP format
βββ jars > Share addons with JAR format
Using Docker Compose
Once the files have been generated, review that configuration is what you expected and add or modify any other settings. After that, just start Docker Compose.
$ docker-compose up --build --force-recreate -d
You can shutdown it at any moment using following command.
$ docker-compose down
Alternatively if you choose to apply the start script, you can start the deployment with
./start.sh
It will wait until alfresco is reachable and shutdown with
./start.sh -d
More options are available with.
./start.sh -h
Following folder structure is generated when Docker Compose is running. Depending on the configuration selected, some folders cannot be available in your server.
βββ alfresco > DOCKER
βΒ Β βββ Dockerfile > Docker Image for Alfresco Repository
βΒ Β βββ bin > [OCR] Shell script to communicate with OCR Service
βΒ Β βββ modules > Deployment directory for addons
βΒ Β βΒ Β βββ amps > Repository addons with AMP format
βΒ Β βΒ Β βββ jars > Repository addons with JAR format
βΒ Β βββ ssh > [OCR] Shared key to communicate with OCR Service
βββ config > CONFIGURATION
βΒ Β βββ nginx.conf > NGINX Configuration file
βΒ Β βββ nginx.htpasswd > Password to protect the access to Solr Web Console
βββ config/cert > SSL Certificates (only when using HTTPs)
βΒ Β βββ localhost.cer > Public part for the SSL Certificate
βΒ Β βββ localhost.key > Private part for the SSL Certificate
βββ data > DATA STORAGE (it's recommend to perform a backup of this folder)
βΒ Β βββ alf-repo-data > Content Store for Alfresco Repository
βΒ Β βββ activemq-data > Message Store for ActiveMQ
βΒ Β βββ ldap > [LDAP] Internal database
βΒ Β βββ ocr > [OCR] Temporal folder shared between Alfresco Repository and OCR
βΒ Β βββ postgres-data > Internal storage for database
βΒ Β βββ slap.d > [LDAP] Control folder
βΒ Β βββ solr-data > Internal storage for SOLR
βββ docker-compose.yml > Main Docker Compose template
βββ logs > LOGS
βΒ Β βββ alfresco > Alfresco Repository logs
βΒ Β βββ postgres > PostgreSQL database logs
βΒ Β βββ share > Share Web Application logs
βββ ocrmypdf > OCR
βΒ Β βββ Dockerfile > Docker Image for ocrmypdf program
βΒ Β βββ assets > Additional configuration to communicate with Alfresco Repository
βββ search > SOLR
βΒ Β βββ Dockerfile > Docker Image for SOLR
βββ share > SHARE
βββ Dockerfile > Docker Image for Share
βββ modules > Deployment directory for addons
βββ amps > Share addons with AMP format
βββ jars > Share addons with JAR format
Docker Volumes
In order to enable persistent storage, several Docker Volumes are configured by default. When using from Linux, some permissions on your local folders need to be set.
You can skip all the following steps and have the volumes automatically configured by using the create_volumes.sh script optionally created during the project creation.
Identifying the right UID for every folder can be obtained by starting Docker Compose without the volumes declaration. Following lines should be commented in docker-compose.yml
file.
alfresco:
# volumes:
# - ./data/alf-repo-data:/usr/local/tomcat/alf_data
# - ./logs/alfresco:/usr/local/tomcat/logs
postgres:
# volumes:
# - ./data/postgres-data:/var/lib/postgresql/data
# - ./logs/postgres:/var/log/postgresql
solr6:
# volumes:
# - ./data/solr-data:/opt/alfresco-search-services/data
activemq:
# volumes:
# - activemq-data:/opt/activemq/data <% } %>
Once the volumes have been commented, start Docker Compose.
$ docker-compose up --build --force-recreate
After that, you can find the SOLR Docker Image and the UID of the user owning data folders (solr
by default).
$ docker ps
ded1748f961f nginx:stable-alpine tmp_proxy_1
b01e0abb3c0e tmp_alfresco tmp_alfresco_1
4fef719112ad postgres:10.1 tmp_postgres_1
99a4bd6ede52 tmp_share tmp_share_1
554236b9bedf tmp_solr6 tmp_solr6_1
$ docker exec -it tmp_solr6_1 sh
$ cd /opt/alfresco-search-services/
$ ls -la
drwxr-xr-x 5 solr solr 4096 Nov 21 13:07 data
$ id -u solr
33007
Stop Docker Container and set the right permissions on your host folder.
$ docker-compose down
$ sudo chown -R 33007 data/solr-data
You could need to adjust also the permissions for postgres
user inside PostgreSQL Docker Image. By default the UID is 999, but you can perform similar operations as above to guess this number.
$ docker ps
ded1748f961f nginx:stable-alpine tmp_proxy_1
b01e0abb3c0e tmp_alfresco tmp_alfresco_1
4fef719112ad postgres:10.1 tmp_postgres_1
99a4bd6ede52 tmp_share tmp_share_1
554236b9bedf tmp_solr6 tmp_solr6_1
$ docker exec -it tmp_postgres_1 sh
$ cd /var/lib/postgresql/
$ ls -la
drwx------ 19 postgres postgres 4096 Jul 24 14:05 data
$ id -u postgres
999
Stop Docker Container and set the right permissions on your host folder.
$ sudo chown -R 999 data/postgres-data
$ sudo chown -R 999 logs/postgres
Additionally, permissions for alfresco
user inside Alfresco Docker Image may be adjusted.
$ docker ps
ded1748f961f nginx:stable-alpine tmp_proxy_1
b01e0abb3c0e tmp_alfresco tmp_alfresco_1
4fef719112ad postgres:10.1 tmp_postgres_1
99a4bd6ede52 tmp_share tmp_share_1
554236b9bedf tmp_solr6 tmp_solr6_1
$ docker exec -it tmp_alfresco_1 sh
$ ls -la alf_data
drwx------ 19 alfresco alfresco 4096 Jul 24 14:05 alf_data
$ id -u alfresco
33000
Stop Docker Container and set the right permissions on your host folder.
$ sudo chown -R 33000 data/alf-repo-data
$ sudo chown -R 33000 logs/alfresco
Finally, you may set the right permissions for activemq
Docker Image by using following commands:
$ mkdir -p ./data/activemq-data
$ sudo chown -R 33031 data/activemq-data
Uncomment the lines in your docker-compose.yml
for the volumes declaration and your Docker Compose should be ready to use.
Windows volumes
When using Windows, standard Docker Volumes can be used instead of Bind Docker Volumes.
For instance, for an installation in a folder named tmp
, following volumes are created.
$ docker volume ls --filter name=tmp_
DRIVER VOLUME NAME
local tmp_alf-repo-data
local tmp_alf-repo-logs
local tmp_alf-share-logs
local tmp_postgres-data
local tmp_postgres-logs
local tmp_solr-data
You need to take care of this volumes for backup and other operations.
In case you want to clean your environment (loosing all the data inside), you can remove all this Docker containers to start from scratch.
For instance, for an installation in a folder name tmp
, following command will remove all the information persisted.
$ docker volume rm $(docker volume ls -q --filter name=tmp_)
Docker Images
- alfresco-content-repository-community
- alfresco-share
- alfresco-search-services
- postgres
- nginx:stable-alpine
- mwader/postfix-relay
- osixia/openldap
- osixia/phpldapadmin
- jbarlow83/ocrmypdf:latest
- angelborroy/alfresco-tengine-ocr
Service URLs
These are default URLs, selecting HTTP port 80.
-
If you selected a different port (for instance 8080), the services will be available in http://localhost:8080.
-
If you selected
https
, the services will be available in https://localhost -
If you included a different server name from
localhost
(for instancealfresco.com
), the services will be available in http://alfresco.com or https://alfresco.com
Default URLs
Default credentials
- user: admin
- password: admin (or chosen password)
Default credentials
- user: admin
- password: admin (or chosen password)
Default credentials
- user: admin
- password: admin (or chosen password)
Default credentials
- user: admin
- password: admin
Default credentials
- user: admin
- password: admin (or chosen password)
Default credentials: none (or the username and password chosen)
Default credentials
- user: cn=admin,dc=alfresco,dc=org
- password: admin
Building
It's not required to build or download this project in order to use it. But this can be done using default npm tools.
The module is available at npm:
https://www.npmjs.com/package/generator-alfresco-docker-installer
If you want to build it locally, you need an environment with Node.js and Yeoman. And from the root folder of the project, just type:
$ npm link
$ npm update