Mirrored_Repos/docker-atlassian-confluence-server
1
0
Fork 0
mirror of https://bitbucket.org/atlassian-docker/docker-atlassian-confluence-server.git synced 2024-08-30 18:22:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

DCD-545: Import config templates from Ansible, and expand and normalise the two Dockerfiles with limited permissions.

Browse Source
This commit is contained in:
Steve Smith 2019-08-06 14:19:28 +10:00
parent 53d71a4ed1
commit 00d24164db
6 changed files with 227 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
Dockerfile
View File

@ -1,7 +1,10 @@
FROM adoptopenjdk/openjdk8:slim
MAINTAINER Atlassian Confluence
ENV RUN_USER daemon
ENV RUN_GROUP daemon
ENV RUN_USER confluence
ENV RUN_GROUP confluence
ENV RUN_UID 2002
ENV RUN_GID 2002
# https://confluence.atlassian.com/doc/confluence-home-and-other-important-directories-590259707.html
ENV CONFLUENCE_HOME /var/atlassian/application-data/confluence
@ -15,24 +18,32 @@ EXPOSE 8090
EXPOSE 8091
CMD ["/entrypoint.sh", "-fg"]
ENTRYPOINT ["/tini", "--"]
ENTRYPOINT ["/sbin/tini", "--"]
RUN apt-get update \
&& apt-get install -y --no-install-recommends fontconfig \
&& apt-get clean autoclean && apt-get autoremove -y && rm -rf /var/lib/apt/lists/*
ARG TINI_VERSION=v0.18.0
ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /tini
RUN chmod +x /tini
ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /sbin/tini
RUN chmod +x /sbin/tini
COPY entrypoint.sh /entrypoint.sh
COPY scripts/* /opt/atlassian/bin/
COPY config/* /opt/atlassian/etc/
ARG CONFLUENCE_VERSION
ARG DOWNLOAD_URL=https://product-downloads.atlassian.com/software/confluence/downloads/atlassian-confluence-${CONFLUENCE_VERSION}.tar.gz
RUN mkdir -p ${CONFLUENCE_INSTALL_DIR} \
&& curl -L --silent ${DOWNLOAD_URL} | tar -xz --strip-components=1 -C "${CONFLUENCE_INSTALL_DIR}" \
&& chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/ \
&& sed -i -e 's/-Xms\([0-9]\+[kmg]\) -Xmx\([0-9]\+[kmg]\)/-Xms\${JVM_MINIMUM_MEMORY:=\1} -Xmx\${JVM_MAXIMUM_MEMORY:=\2} \${JVM_SUPPORT_RECOMMENDED_ARGS} -Dconfluence.home=\${CONFLUENCE_HOME}/g' ${CONFLUENCE_INSTALL_DIR}/bin/setenv.sh \
&& sed -i -e 's/port="8090"/port="8090" secure="${catalinaConnectorSecure}" scheme="${catalinaConnectorScheme}" proxyName="${catalinaConnectorProxyName}" proxyPort="${catalinaConnectorProxyPort}"/' ${CONFLUENCE_INSTALL_DIR}/conf/server.xml \
&& sed -i -e 's/Context path=""/Context path="${catalinaContextPath}"/' ${CONFLUENCE_INSTALL_DIR}/conf/server.xml
RUN groupadd --gid ${RUN_GID} ${RUN_GROUP} \
&& useradd --uid ${RUN_UID} --gid ${RUN_GID} --home-dir ${CONFLUENCE_HOME} ${RUN_USER} \
\
&& mkdir -p ${CONFLUENCE_INSTALL_DIR} \
&& curl -L --silent ${DOWNLOAD_URL} | tar -xz --strip-components=1 -C "${CONFLUENCE_INSTALL_DIR}" \
&& chmod -R "u=rwX,g=rX,o=rX" ${CONFLUENCE_INSTALL_DIR}/ \
&& chown -R root. ${CONFLUENCE_INSTALL_DIR}/ \
&& chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/logs \
&& chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/temp \
&& chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/work \
\
&& sed -i -e 's/-Xms\([0-9]\+[kmg]\) -Xmx\([0-9]\+[kmg]\)/-Xms\${JVM_MINIMUM_MEMORY:=\1} -Xmx\${JVM_MAXIMUM_MEMORY:=\2} \${JVM_SUPPORT_RECOMMENDED_ARGS} -Dconfluence.home=\${CONFLUENCE_HOME}/g' ${CONFLUENCE_INSTALL_DIR}/bin/setenv.sh

37
Dockerfile-alpine
View File

@ -1,21 +1,22 @@
FROM adoptopenjdk/openjdk8:alpine
MAINTAINER Atlassian Confluence
ENV RUN_USER daemon
ENV RUN_GROUP daemon
ENV RUN_USER confluence
ENV RUN_GROUP confluence
ENV RUN_UID 2002
ENV RUN_GID 2002
# https://confluence.atlassian.com/doc/confluence-home-and-other-important-directories-590259707.html
ENV CONFLUENCE_HOME /var/atlassian/application-data/confluence
ENV CONFLUENCE_INSTALL_DIR /opt/atlassian/confluence
ENV CONFLUENCE_HOME /var/atlassian/application-data/confluence
ENV CONFLUENCE_INSTALL_DIR /opt/atlassian/confluence
VOLUME ["${CONFLUENCE_HOME}"]
WORKDIR $CONFLUENCE_HOME
# Expose HTTP and Synchrony ports
EXPOSE 8090
EXPOSE 8091
WORKDIR $CONFLUENCE_HOME
CMD ["/entrypoint.sh", "-fg"]
ENTRYPOINT ["/sbin/tini", "--"]
@ -27,14 +28,22 @@ RUN ln -s /usr/lib/libfontconfig.so.1 /usr/lib/libfontconfig.so \
&& ln -s /lib/libc.musl-x86_64.so.1 /usr/lib/libc.musl-x86_64.so.1
ENV LD_LIBRARY_PATH /usr/lib
COPY entrypoint.sh /entrypoint.sh
COPY entrypoint.sh /entrypoint.sh
COPY scripts/* /opt/atlassian/bin/
COPY config/* /opt/atlassian/etc/
ARG CONFLUENCE_VERSION
ARG DOWNLOAD_URL=http://www.atlassian.com/software/confluence/downloads/binary/atlassian-confluence-${CONFLUENCE_VERSION}.tar.gz
ARG DOWNLOAD_URL=https://product-downloads.atlassian.com/software/confluence/downloads/atlassian-confluence-${CONFLUENCE_VERSION}.tar.gz
RUN mkdir -p ${CONFLUENCE_INSTALL_DIR} \
&& curl -L --silent ${DOWNLOAD_URL} | tar -xz --strip-components=1 -C "$CONFLUENCE_INSTALL_DIR" \
&& chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/ \
&& sed -i -e 's/-Xms\([0-9]\+[kmg]\) -Xmx\([0-9]\+[kmg]\)/-Xms\${JVM_MINIMUM_MEMORY:=\1} -Xmx\${JVM_MAXIMUM_MEMORY:=\2} \${JVM_SUPPORT_RECOMMENDED_ARGS} -Dconfluence.home=\${CONFLUENCE_HOME}/g' ${CONFLUENCE_INSTALL_DIR}/bin/setenv.sh \
&& sed -i -e 's/port="8090"/port="8090" secure="${catalinaConnectorSecure}" scheme="${catalinaConnectorScheme}" proxyName="${catalinaConnectorProxyName}" proxyPort="${catalinaConnectorProxyPort}"/' ${CONFLUENCE_INSTALL_DIR}/conf/server.xml \
&& sed -i -e 's/Context path=""/Context path="${catalinaContextPath}"/' ${CONFLUENCE_INSTALL_DIR}/conf/server.xml
RUN addgroup -g ${RUN_GID} ${RUN_GROUP} \
&& adduser -u ${RUN_UID} -G ${RUN_GROUP} -h ${CONFLUENCE_HOME} -D ${RUN_USER} \
\
&& mkdir -p ${CONFLUENCE_INSTALL_DIR} \
&& curl -L --silent ${DOWNLOAD_URL} | tar -xz --strip-components=1 -C "${CONFLUENCE_INSTALL_DIR}" \
&& chmod -R "u=rwX,g=rX,o=rX" ${CONFLUENCE_INSTALL_DIR}/ \
&& chown -R root. ${CONFLUENCE_INSTALL_DIR}/ \
&& chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/logs \
&& chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/temp \
&& chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/work \
\
&& sed -i -e 's/-Xms\([0-9]\+[kmg]\) -Xmx\([0-9]\+[kmg]\)/-Xms\${JVM_MINIMUM_MEMORY:=\1} -Xmx\${JVM_MAXIMUM_MEMORY:=\2} \${JVM_SUPPORT_RECOMMENDED_ARGS} -Dconfluence.home=\${CONFLUENCE_HOME}/g' ${CONFLUENCE_INSTALL_DIR}/bin/setenv.sh

1
config/confluence-init.properties.j2 Normal file
View File

@ -0,0 +1 @@
confluence.home = {{ atl_product_home }}

42
config/confluence.cfg.xml.j2 Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<confluence-configuration>
<setupStep>setupstart</setupStep>
<setupType>custom</setupType>
<buildNumber>0</buildNumber>
<properties>
<property name="confluence.database.choice">postgresql</property>
<property name="confluence.database.connection.type">database-type-standard</property>
<property name="hibernate.dialect">com.atlassian.confluence.impl.hibernate.dialect.PostgreSQLDialect</property>
<property name="webwork.multipart.saveDir">${localHome}/temp</property>
<property name="attachments.dir">${confluenceHome}/attachments</property>
<property name="hibernate.connection.driver_class">{{ atl_db_driver }}</property>
<property name="hibernate.connection.url">{{ atl_jdbc_url }}</property>
<property name="hibernate.connection.username">{{ atl_jdbc_user }}</property>
<property name="hibernate.connection.password">{{ atl_jdbc_password }}</property>
<property name="hibernate.c3p0.min_size">{{ atl_db_poolminsize }}</property>
<property name="hibernate.c3p0.max_size">{{ atl_db_poolmaxsize }}</property>
<property name="hibernate.c3p0.timeout">{{ atl_db_timeout }}</property>
<property name="hibernate.c3p0.idle_test_period">{{ atl_db_idletestperiod }}</property>
<property name="hibernate.c3p0.max_statements">{{ atl_db_maxstatements }}</property>
<property name="hibernate.c3p0.validate">{{ atl_db_validate }}</property>
<property name="hibernate.c3p0.acquire_increment">{{ atl_db_acquireincrement }}</property>
<property name="hibernate.c3p0.preferredTestQuery">select version();</property>
<property name="shared-home">{{ atl_product_home_shared }}</property>
<property name="confluence.cluster">true</property>
<property name="confluence.cluster.home">{{ atl_product_home_shared }}</property>
<property name="confluence.cluster.aws.iam.role">{{ atl_hazelcast_network_aws_iam_role }}</property>
<property name="confluence.cluster.aws.region">{{ atl_hazelcast_network_aws_iam_region }}</property>
<property name="confluence.cluster.aws.host.header">{{ atl_hazelcast_network_aws_host_header }}</property>
<property name="confluence.cluster.aws.tag.key">{{ atl_hazelcast_network_aws_tag_key }}</property>
<property name="confluence.cluster.aws.tag.value">{{ atl_hazelcast_network_aws_tag_value }}</property>
<property name="confluence.cluster.join.type">aws</property>
<property name="confluence.cluster.name">{{ atl_aws_stack_name }}</property>
<property name="confluence.cluster.ttl">1</property>
</properties>
</confluence-configuration>

69
config/seraph-config.xml.j2 Normal file
View File

@ -0,0 +1,69 @@
<security-config>
<parameters>
<init-param>
<param-name>login.url</param-name>
<param-value>/login.action?os_destination=${originalurl}&amp;permissionViolation=true</param-value>
</init-param>
<init-param>
<param-name>link.login.url</param-name>
<param-value>/login.action</param-value>
</init-param>
<init-param>
<param-name>cookie.encoding</param-name>
<param-value>cNf</param-value>
</init-param>
<init-param>
<param-name>login.cookie.key</param-name>
<param-value>seraph.confluence</param-value>
</init-param>
<init-param>
<param-name>autologin.cookie.age</param-name>
<param-value>{{ atl_autologin_cookie_age }}</param-value>
</init-param>
<!--only basic authentication available-->
<init-param>
<param-name>authentication.type</param-name>
<param-value>os_authType</param-value>
</init-param>
<!-- Invalidate session on login to prevent session fixation attack -->
<init-param>
<param-name>invalidate.session.on.login</param-name>
<param-value>true</param-value>
</init-param>
<!-- Add names for session attributes that must not be copied to a new session when the old one gets invalidated.
Currently it is empty (i.e. all attributes will be copied). -->
<init-param>
<param-name>invalidate.session.exclude.list</param-name>
<param-value></param-value>
</init-param>
</parameters>
<rolemapper class="com.atlassian.confluence.security.ConfluenceRoleMapper"/>
<controller class="com.atlassian.confluence.setup.seraph.ConfluenceSecurityController"/>
<!-- Default Confluence authenticator, which uses the configured user management for authentication. -->
<authenticator class="com.atlassian.confluence.user.ConfluenceAuthenticator"/>
<!-- Custom authenticators appear below. To enable one of them, comment out the default authenticator above and uncomment the one below. -->
<!-- Authenticator with support for Crowd single-sign on (SSO). -->
<!-- <authenticator class="com.atlassian.confluence.user.ConfluenceCrowdSSOAuthenticator"/> -->
<!-- Specialised version of the default authenticator which adds authenticated users to confluence-users if they aren't already a member. -->
<!-- <authenticator class="com.atlassian.confluence.user.ConfluenceGroupJoiningAuthenticator"/> -->
<services>
<service class="com.atlassian.seraph.service.PathService">
<init-param>
<param-name>config.file</param-name>
<param-value>seraph-paths.xml</param-value>
</init-param>
</service>
</services>
<elevatedsecurityguard class="com.atlassian.confluence.security.seraph.ConfluenceElevatedSecurityGuard"/>
</security-config>

70
config/server.xml.j2 Normal file
View File

@ -0,0 +1,70 @@
<?xml version="1.0" encoding="utf-8"?>
<Server port="{{ atl_tomcat_mgmt_port }}"
shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener"/>
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on"/>
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>
<Service name="Catalina">
<Connector port="{{ atl_tomcat_port }}"
maxThreads="{{ atl_tomcat_maxthreads }}"
minSpareThreads="{{ atl_tomcat_minsparethreads }}"
connectionTimeout="{{ atl_tomcat_connectiontimeout }}"
enableLookups="{{ atl_tomcat_enablelookups }}"
protocol="{{ atl_tomcat_protocol }}"
redirectPort="{{ atl_tomcat_redirectport }}"
acceptCount="{{ atl_tomcat_acceptcount }}"
secure="{{ atl_tomcat_secure }}"
scheme="{{ atl_tomcat_scheme }}"
proxyName="{{ atl_proxy_name }}"
proxyPort="{{ atl_proxy_port }}"
relaxedPathChars="[]|"
relaxedQueryChars="[]|{}^\`&quot;&lt;&gt;"
bindOnInit="false"
maxHttpHeaderSize="8192"
useBodyEncodingForURI="true"
disableUploadTimeout="true" />
<Engine name="Standalone"
defaultHost="localhost"
debug="0">
<Host name="localhost"
debug="0"
appBase="webapps"
unpackWARs="true"
autoDeploy="false"
startStopThreads="4">
<Context path="{{ atl_tomcat_contextpath }}"
docBase="../confluence"
debug="0"
reloadable="false"
useHttpOnly="true">
<!-- Logging configuration for Confluence is specified in confluence/WEB-INF/classes/log4j.properties -->
<Manager pathname=""/>
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve"
threshold="60"/>
</Context>
<Context path="${confluence.context.path}/synchrony-proxy"
docBase="../synchrony-proxy"
debug="0"
reloadable="false"
useHttpOnly="true">
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve"
threshold="60"/>
</Context>
</Host>
</Engine>
</Service>
</Server>