Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- ALF_HOME=/alfresco
- ALF_BIN=$ALF_HOME/bin
- ALF_SETUP=$ALF_HOME/setup
- CATALINA_HOME=$ALF_HOME/tomcat
- ##################################################################
- ## CONFIGURAÇÃO DO IP DO SERVIDOR
- ##################################################################
- ALFRESCO_HOSTNAME=${ALFRESCO_HOSTNAME:-192.168.10.5}
- ALFRESCO_PROTOCOL=${ALFRESCO_PROTOCOL:-http}
- ALFRESCO_PORT=${ALFRESCO_PORT:-8080}
- SHARE_HOSTNAME=${SHARE_HOSTNAME:-192.168.10.5}
- SHARE_PROTOCOL=${SHARE_PROTOCOL:-http}
- SHARE_PORT=${SHARE_PORT:-8080}
- # if we're linked to MySQL and thus have credentials already, let's use them
- if [[ -v MYSQL_ENV_GOSU_VERSION ]]; then
- DB_KIND='mysql'
- DB_HOST='mysql'
- DB_USERNAME=${MYSQL_ENV_MYSQL_USER:-root}
- if [ "$DB_USERNAME" = 'root' ]; then
- DB_PASSWORD=${MYSQL_ENV_MYSQL_ROOT_PASSWORD}
- fi
- DB_PASSWORD=${MYSQL_ENV_MYSQL_PASSWORD}
- DB_NAME=${MYSQL_ENV_MYSQL_DATABASE:-alfresco}
- DB_URL="jdbc:mysql://mysql:3306/$DB_NAME"
- echo 'Using MysQL'
- DB_DRIVER='org.gjt.mm.mysql.Driver'
- DB_PORT='3306'
- DB_CONN_PARAMS=${DB_CONN_PARAMS:-'?useSSL=false'}
- if [ -z "$DB_PASSWORD" ]; then
- echo >&2 'error: missing required DB_PASSWORD environment variable'
- echo >&2 ' Did you forget to -e DB_PASSWORD=... ?'
- echo >&2
- echo >&2 ' (Also of interest might be DB_USERNAME and DB_NAME.)'
- exit 1
- fi
- fi
- # if we're linked to PostgreSQL and thus have credentials already, let's use them
- if [[ -v POSTGRES_ENV_GOSU_VERSION ]]; then
- DB_KIND='postgresql'
- DB_HOST='postgres'
- DB_USERNAME=${POSTGRES_ENV_POSTGRES_USER:-root}
- if [ "$DB_USERNAME" = 'postgres' ]; then
- DB_PASSWORD='postgres'
- fi
- DB_PASSWORD=${POSTGRES_ENV_POSTGRES_PASSWORD}
- DB_NAME=${POSTGRES_ENV_POSTGRES_DB:-alfresco}
- DB_URL="jdbc:postgresql://postgres:5432/$DB_NAME"
- echo 'Using PostgreSQL'
- DB_DRIVER='org.postgresql.Driver'
- DB_PORT='5432'
- if [ -z "$DB_PASSWORD" ]; then
- echo >&2 'error: missing required DB_PASSWORD environment variable'
- echo >&2 ' Did you forget to -e DB_PASSWORD=... ?'
- echo >&2
- echo >&2 ' (Also of interest might be DB_USERNAME and DB_NAME.)'
- exit 1
- fi
- fi
- DB_KIND=${DB_KIND:-postgresql}
- DB_DRIVER=${DB_DRIVER:-org.postgresql.Driver}
- DB_PORT=${DB_PORT:-5432}
- DB_USERNAME=${DB_USERNAME:-alfresco}
- DB_PASSWORD=${DB_PASSWORD:-admin}
- DB_NAME=${DB_NAME:-alfresco}
- DB_HOST=${DB_HOST:-localhost}
- if [ "$DB_KIND" == "mysql" ]; then
- DB_DRIVER='org.gjt.mm.mysql.Driver'
- DB_PORT=${DB_PORT:-'3306'}
- DB_CONN_PARAMS=${DB_CONN_PARAMS:-'?useSSL=false'}
- fi
- SYSTEM_SERVERMODE=${SYSTEM_SERVERMODE:-PRODUCTION}
- ##################################################################
- ## CONFIGURAÇÃO DO E-MAIL PARA ENVIO AUTOMÁTICO
- ##################################################################
- MAIL_HOST=${MAIL_HOST:-smtp.gmail.com}
- MAIL_PORT=${MAIL_PORT:-465}
- MAIL_SMTP_USERNAME=${MAIL_SMTP_USERNAME:-ecm.esengenharia@gmail.com}
- MAIL_SMTP_PASSWORD=${MAIL_SMTP_PASSWORD:-*****}
- MAIL_FROM_DEFAULT=${MAIL_FROM_DEFAULT:-enio@esengenharia.com}
- MAIL_PROTOCOL=${MAIL_PROTOCOL:-smtp}
- MAIL_SMTP_AUTH=${MAIL_SMTP_AUTH:-true}
- MAIL_SMTP_STARTTLS=${MAIL_SMTP_STARTTLS:-true}
- MAIL_SMTPS_AUTH=${MAIL_SMTPS_AUTH:-true}
- MAIL_SMTPS_STARTTLS_ENABLE=${MAIL_SMTPS_STARTTLS_ENABLE:-true}
- MAIL_FROM_DEFAULT_ENABLED=${MAIL_FROM_DEFAULT_ENABLED:-true}
- MAIL_ENCODING=${MAIL_ENCODING:-UTF-8}
- MAIL_SMTP_TIMEOUT=${MAIL_SMTP_TIMEOUT:-30000}
- MAIL_SMTP_DEBUG=${MAIL_SMTP_DEBUG:-true}
- ##################################################################
- ## CONFIGURAÇÃO DO E-MAIL DE TESTES
- ##################################$###############################
- MAIL_TESTMESSAGE_SEND=${MAIL_TESTMESSAGE_SEND:-true}
- MAIL_TESTMESSAGE_TO=${MAIL_TESTMESSAGE_TO:-enio@esengenharia.com}
- MAIL_TESTMESSAGE_SUBJECT=${MAIL_TESTMESSAGE_SUBJECT:-"Alfresco - Service - SMTP client online"}
- MAIL_TESTMESSAGE_TEXT=${MAIL_TESTMESSAGE_TEXT:-"Alfresco SMTP client ready and working"}
- NOTIFICATION_EMAIL_SITEINVITE=${NOTIFICATION_EMAIL_SITEINVITE:-true}
- ##################################################################
- ## CONFIGURAÇÃO DO FTP
- ##################################$###############################
- FTP_PORT=${FTP_PORT:-21}
- ##################################################################
- ## CONFIGURAÇÃO DO CIFS
- ##################################$###############################
- CIFS_ENABLED=${CIFS_ENABLED:-true}
- CIFS_SERVER_NAME=${CIFS_SERVER_NAME:-localhost}
- CIFS_DOMAIN=${CIFS_DOMAIN:-WORKGROUP}
- ##################################################################
- ## CONFIGURAÇÃO DO LDAP
- ##################################$###############################
- LDAP_ENABLED=${LDAP_ENABLED:-false}
- LDAP_KIND=${LDAP_KIND:-ldap}
- LDAP_AUTH_USERNAMEFORMAT=${LDAP_AUTH_USERNAMEFORMAT:-uid=%s,cn=users,cn=accounts,dc=example,dc=com}
- LDAP_URL=${LDAP_URL:-ldap://ldap.example.com:389}
- LDAP_DEFAULT_ADMINS=${LDAP_DEFAULT_ADMINS:-admin}
- LDAP_SECURITY_PRINCIPAL=${LDAP_SECURITY_PRINCIPAL:-uid=admin,cn=users,cn=accounts,dc=example,dc=com}
- LDAP_SECURITY_CREDENTIALS=${LDAP_SECURITY_CREDENTIALS:-password}
- LDAP_GROUP_SEARCHBASE=${LDAP_GROUP_SEARCHBASE:-cn=groups,cn=accounts,dc=example,dc=com}
- LDAP_USER_SEARCHBASE=${LDAP_USER_SEARCHBASE:-cn=users,cn=accounts,dc=example,dc=com}
- LDAP_TIMEOUT=${LDAP_TIMEOUT:-5000}
- ##################################################################
- ## CONFIGURAÇÃO DA SINCRONIZAÇÃO
- ##################################$###############################
- SYNCHRONIZATION_SYNCHRONIZECHANGESONLY=${SYNCHRONIZATION_SYNCHRONIZECHANGESONLY:-'true'}
- SYNCHRONIZATION_ALLOWDELETIONS=${SYNCHRONIZATION_ALLOWDELETIONS:-'true'}
- SYNCHRONIZATION_IMPORT_CRON=${SYNCHRONIZATION_IMPORT_CRON:-'0 0/10 * * * *'}
- SYNCHRONIZATION_SYNCONSTARTUP=${SYNCHRONIZATION_SYNCONSTARTUP:-'true'}
- SYNCHRONIZATION_SYNCWHENMISSINGPEOPLELOGIN=${SYNCHRONIZATION_SYNCWHENMISSINGPEOPLELOGIN:-'true'}
- SYNCHRONIZATION_AUTOCREATEPEOPLEONLOGIN=${SYNCHRONIZATION_AUTOCREATEPEOPLEONLOGIN:-'true'}
- CONTENT_STORE=${CONTENT_STORE:-\$\{dir.root\}}
- REVERSE_PROXY_URL=${REVERSE_PROXY_URL:-}
- OOO_ENABLED=${OOO_ENABLED:-true}
- function cfg_replace_option {
- grep "$1" "$3" > /dev/null
- if [ $? -eq 0 ]; then
- # replace option
- echo "replacing option $1=$2 in $3"
- sed -i "s#^\($1\s*=\s*\).*\$#\1$2#" $3
- if (( $? )); then
- echo "cfg_replace_option failed"
- exit 1
- fi
- else
- # add option if it does not exist
- echo "adding option $1=$2 in $3"
- echo "$1=$2" >> $3
- fi
- }
- function tweak_alfresco {
- ALFRESCO_GLOBAL_PROPERTIES=$CATALINA_HOME/shared/classes/alfresco-global.properties
- echo -e "\n### Configurações adicionadas pelo script de inicialização" >> $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option alfresco.host $ALFRESCO_HOSTNAME $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option alfresco.protocol $ALFRESCO_PROTOCOL $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option alfresco.port $ALFRESCO_PORT $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option share.host $SHARE_HOSTNAME $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option share.protocol $SHARE_PROTOCOL $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option share.port $SHARE_PORT $ALFRESCO_GLOBAL_PROPERTIES
- #db.schema.update=true
- cfg_replace_option db.driver $DB_DRIVER $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option db.username $DB_USERNAME $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option db.password $DB_PASSWORD $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option db.name $DB_NAME $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option db.url "jdbc:${DB_KIND,,}://${DB_HOST}:${DB_PORT}/${DB_NAME}${DB_CONN_PARAMS}" $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option ftp.port $FTP_PORT $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option ooo.enabled $OOO_ENABLED $ALFRESCO_GLOBAL_PROPERTIES
- # @see https://forums.alfresco.com/en/viewtopic.php?f=8&t=20893
- # CIFS works, but you have to login as a native Alfresco account, like admin
- # because CIFS does not work with LDAP authentication
- cfg_replace_option cifs.enabled $CIFS_ENABLED $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option cifs.Server.Name $CIFS_SERVER_NAME $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option cifs.domain $CIFS_DOMAIN $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option cifs.hostannounce "true" $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option cifs.broadcast "0.0.0.255" $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option cifs.ipv6.enabled "false" $ALFRESCO_GLOBAL_PROPERTIES
- # MAIL/SMTP Configuration
- # https://wiki.alfresco.com/wiki/Outbound_E-mail_Configuration
- cfg_replace_option mail.host $MAIL_HOST $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option mail.port $MAIL_PORT $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option mail.username $MAIL_USERNAME $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option mail.password $MAIL_PASSWORD $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option mail.from.default $MAIL_FROM_DEFAULT $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option mail.from.enabled $MAIL_FROM_DEFAULT_ENABLED $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option mail.encoding $MAIL_ENCODING $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option mail.smtp.timeout $MAIL_SMTP_TIMEOUT $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option mail.smtp.debug $MAIL_SMTP_DEBUG $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option mail.protocol $MAIL_PROTOCOL $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option mail.smtp.auth $MAIL_SMTP_AUTH $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option mail.smtp.starttls.enable $MAIL_SMTP_STARTTLS $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option mail.smtps.auth $MAIL_SMTPS_AUTH $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option mail.smtps.starttls.enable $MAIL_SMTPS_STARTTLS_ENABLE $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option mail.testmessage.send $MAIL_TESTMESSAGE_SEND $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option mail.testmessage.to $MAIL_TESTMESSAGE_TO $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option mail.testmessage.subject "$MAIL_TESTMESSAGE_SUBJECT" $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option mail.testmessage.text "$MAIL_TESTMESSAGE_TEXT" $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option notification.email.siteinvite $NOTIFICATION_EMAIL_SITEINVITE $ALFRESCO_GLOBAL_PROPERTIES
- # authentication
- if [ "$LDAP_ENABLED" == "true" ]; then
- cfg_replace_option authentication.chain "alfrescoNtlm1:alfrescoNtlm,ldap1:${LDAP_KIND}" $ALFRESCO_GLOBAL_PROPERTIES
- # now make substitutions in the LDAP config file
- LDAP_CONFIG_FILE=$CATALINA_HOME/shared/classes/alfresco/extension/subsystems/Authentication/${LDAP_KIND}/ldap1/${LDAP_KIND}-authentication.properties
- cfg_replace_option ldap.authentication.userNameFormat $LDAP_AUTH_USERNAMEFORMAT $LDAP_CONFIG_FILE
- cfg_replace_option ldap.authentication.java.naming.provider.url "$LDAP_URL" $LDAP_CONFIG_FILE
- cfg_replace_option ldap.authentication.defaultAdministratorUserNames $LDAP_DEFAULT_ADMINS $LDAP_CONFIG_FILE
- cfg_replace_option ldap.synchronization.java.naming.security.principal $LDAP_SECURITY_PRINCIPAL $LDAP_CONFIG_FILE
- cfg_replace_option ldap.synchronization.java.naming.security.credentials $LDAP_SECURITY_CREDENTIALS $LDAP_CONFIG_FILE
- cfg_replace_option ldap.synchronization.groupSearchBase $LDAP_GROUP_SEARCHBASE $LDAP_CONFIG_FILE
- cfg_replace_option ldap.synchronization.userSearchBase $LDAP_USER_SEARCHBASE $LDAP_CONFIG_FILE
- cfg_replace_option ldap.authentication.java.naming.read.timeout $LDAP_TIMEOUT $LDAP_CONFIG_FILE
- else
- cfg_replace_option authentication.chain "alfrescoNtlm1:alfrescoNtlm" $ALFRESCO_GLOBAL_PROPERTIES
- fi
- # Synchronization
- if [ "$LDAP_ENABLED" == "true" ]; then
- cfg_replace_option synchronization.synchronizeChangesOnly $SYNCHRONIZATION_SYNCHRONIZECHANGESONLY $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option synchronization.allowDeletions $SYNCHRONIZATION_ALLOWDELETIONS $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option synchronization.import.cron "$SYNCHRONIZATION_IMPORT_CRON" $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option synchronization.syncOnStartup $SYNCHRONIZATION_SYNCONSTARTUP $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option synchronization.syncWhenMissingPeopleLogIn $SYNCHRONIZATION_SYNCWHENMISSINGPEOPLELOGIN $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option synchronization.autoCreatePeopleOnLogin $SYNCHRONIZATION_AUTOCREATEPEOPLEONLOGIN $ALFRESCO_GLOBAL_PROPERTIES
- fi
- # content store
- cfg_replace_option dir.contentstore "${CONTENT_STORE}/contentstore" $ALFRESCO_GLOBAL_PROPERTIES
- cfg_replace_option dir.contentstore.deleted "${CONTENT_STORE}/contentstore.deleted" $ALFRESCO_GLOBAL_PROPERTIES
- }
- function set_reverse_proxy {
- if [ -z $REVERSE_PROXY_URL ]; then
- echo "INFO: Reverse proxy not configured"
- else
- echo "INFO: Configuring alfresco for independant reverse-proxy support"
- SHARE_SECURITY_CONFIG="${CATALINA_HOME}/webapps/share/WEB-INF/classes/alfresco/share-security-config.xml"
- SHARE_SECURITY_TEMP="${CATALINA_HOME}/webapps/share/WEB-INF/classes/alfresco/share-security-config.xml.tmp"
- SHARE_CONFIG_CUSTOM="${CATALINA_HOME}/shared/classes/alfresco/web-extension/share-config-custom.xml"
- # Write CSRF node in temp file
- xmlstarlet sel -E utf-8 -t -c '/alfresco-config/config[@condition="CSRFPolicy" and not(@replace)]' ${SHARE_SECURITY_CONFIG} > ${SHARE_SECURITY_TEMP}
- # Insert rever-proxy config in temp file
- xmlstarlet ed \
- -L \
- -i '/config[@condition="CSRFPolicy" and not(@replace)]' \
- -t 'attr' -n 'replace' -v 'true' \
- -s '/config[@condition="CSRFPolicy"]/filter/rule/action[@name="assertOrigin"]' \
- -t 'elem' -n 'param' -v "$REVERSE_PROXY_URL" \
- -i '/config[@condition="CSRFPolicy"]/filter/rule/action[@name="assertOrigin"]/param[not(@name)]' \
- -t 'attr' -n 'name' -v 'origin' \
- -s '/config[@condition="CSRFPolicy"]/filter/rule/action[@name="assertReferer"]' \
- -t 'elem' -n 'param' -v "$REVERSE_PROXY_URL/.*" \
- -i '/config[@condition="CSRFPolicy"]/filter/rule/action[@name="assertReferer"]/param[not(@name)]' \
- -t 'attr' -n 'name' -v 'referer' \
- ${SHARE_SECURITY_TEMP}
- # Backup Restore share-config-custom.xml to prevent doubled insertion
- if ! [ -f ${SHARE_CONFIG_CUSTOM}.backup ]; then
- cp ${SHARE_CONFIG_CUSTOM} ${SHARE_CONFIG_CUSTOM}.backup
- else
- cp ${SHARE_CONFIG_CUSTOM}.backup ${SHARE_CONFIG_CUSTOM}
- fi
- # Remove closing root node
- sed -i 's/<\/alfresco\-config>//g' ${SHARE_CONFIG_CUSTOM}
- # Insert CSRF config in share-config-custom.xml
- xmlstarlet sel -E utf-8 -t -c '/config[@condition="CSRFPolicy" and (@replace)="true"]' ${SHARE_SECURITY_TEMP} >> ${SHARE_CONFIG_CUSTOM}
- # Restore closing root node
- echo '</alfresco-config>' >> ${SHARE_CONFIG_CUSTOM}
- # Remove temp file
- rm -f ${SHARE_SECURITY_TEMP}
- fi
- echo ------------------------------
- echo CSRF rule configuration
- echo ------------------------------
- xmlstarlet sel -t -c '/alfresco-config/config[@condition="CSRFPolicy"]/filter/rule' $CATALINA_HOME/shared/classes/alfresco/web-extension/share-config-custom.xml
- }
- tweak_alfresco
- set_reverse_proxy
- if [ -d "$AMP_DIR_ALFRESCO" ]; then
- echo "Installing Alfresco AMPs from $AMP_DIR_ALFRESCO..."
- $ALF_HOME/java/bin/java -jar $ALF_HOME/bin/alfresco-mmt.jar install $AMP_DIR_ALFRESCO $CATALINA_HOME/webapps/alfresco.war -directory -force -verbose
- $ALF_HOME/java/bin/java -jar $ALF_HOME/bin/alfresco-mmt.jar list $CATALINA_HOME/webapps/alfresco.war
- fi
- if [ -d "$AMP_DIR_SHARE" ]; then
- echo "Installing Share AMPs from $AMP_DIR_SHARE..."
- $ALF_HOME/java/bin/java -jar $ALF_HOME/bin/alfresco-mmt.jar install $AMP_DIR_SHARE $CATALINA_HOME/webapps/share.war -directory -force -verbose
- $ALF_HOME/java/bin/java -jar $ALF_HOME/bin/alfresco-mmt.jar list $CATALINA_HOME/webapps/share.war
- fi
- # setup environment
- source $ALF_HOME/scripts/setenv.sh
- # Fix Libreoffice startup
- if [[ ! -f /alfresco/postgresql/scripts/ctl.sh.disabled ]]; then
- sed -e 's/\\;/;/g' /alfresco/libreoffice/scripts/libreoffice_ctl.sh > /alfresco/libreoffice/scripts/ctl.sh && \
- chmod +x /alfresco/libreoffice/scripts/ctl.sh && \
- mv -f /alfresco/postgresql/scripts/ctl.sh /alfresco/postgresql/scripts/ctl.sh.disabled
- fi
- # start internal postgres server only if the host is localhost
- if [ "${DB_KIND,,}" == "postgresql" ] && [ "$DB_HOST" == "localhost" ]; then
- $ALF_HOME/postgresql/scripts/ctl.sh start
- fi
- # start Tomcat
- exec "$@"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement