forked from camunda/docker-camunda-bpm-platform
-
Notifications
You must be signed in to change notification settings - Fork 1
/
patch_api_auth-group0-user_admin-next.diff
119 lines (108 loc) · 3.63 KB
/
patch_api_auth-group0-user_admin-next.diff
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
diff --git a/Dockerfile b/Dockerfile
index 3848303..187af85 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -71,7 +71,9 @@ RUN apk add --no-cache \
&& chmod +x /usr/local/bin/wait-for-it.sh
RUN addgroup -g 1000 -S camunda && \
- adduser -u 1000 -S camunda -G camunda -h /camunda -s /bin/bash -D camunda
+ adduser -u 1000 -S camunda -G camunda -h /camunda -s /bin/bash -D camunda && \
+ adduser camunda root
+
WORKDIR /camunda
USER camunda
@@ -79,3 +81,16 @@ ENTRYPOINT ["/sbin/tini", "--"]
CMD ["./camunda.sh"]
COPY --chown=camunda:camunda --from=builder /camunda .
+COPY lib/camunda.administrativeuser.plugin-0.1.0-SNAPSHOT.jar /camunda/lib/
+RUN mkdir /camunda/data
+COPY camunda-administrativeuser.xml \
+ camunda-administrativeuser.xsl \
+ /camunda/data/
+RUN mkdir /camunda/scripts
+COPY camunda-administrativeuser.sh \
+ /camunda/scripts/
+RUN chmod +x /camunda/scripts/camunda-administrativeuser.sh
+
+# compat openshift gid=0
+RUN chgrp -R 0 /camunda && \
+ chmod -R g=u /camunda
diff --git a/README.md b/README.md
index c3a5068..300425b 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,17 @@
+# for production
+
+- add custom admin account (instead of demo/demo) with environ variables:
+ ADMIN_USERNAME=admin
+ ADMIN_PASSWORD=adminpassword
+ ADMIN_EMAIL=admin@email
+ ADMIN_FIRSTNAME=first
+ ADMIN_LASTNAME=last
+
+- able to enabme API REST
+ ENGINE_REST_AUTH_ENABLE=1
+
+- compatible with openshift & no-root in image: the user camunda is in group 0
+
# Camunda Platform Docker Images
[](https://travis-ci.com/camunda/docker-camunda-bpm-platform)
@@ -320,6 +334,19 @@ docker build -t camunda-bpm-platform \
```
## Use Cases
+### set default admin user
+You can choose to set a admin user, instead of the default demo user.
+(use https://github.com/DigitalState/camunda-administrative-user-plugin/releases/tag/v0.1)
+
+```
+docker run -d --name camunda -p 8080:8080 \
+ -e ADMIN_USERNAME=admin \
+ -e ADMIN_PASSWORD=adminpassword \
+ -e ADMIN_EMAIL=admin@email \
+ -e ADMIN_FIRSTNAME=first \
+ -e ADMIN_LASTNAME=lats \
+ camunda/camunda-bpm-platform:latest
+```
### Change Configuration Files
@@ -348,6 +375,14 @@ This also allows you to modify the app outside of the container and it will
be redeployed inside the platform.
+### Enforce AUTH in API REST
+
+```
+docker run -d --name camunda -p 8080:8080 \
+ --env ENGINE_REST_AUTH_ENABLE=1 \
+ camunda/camunda-bpm-platform:latest
+```
+
### Clean Distro Without Webapps and Examples
To remove all webapps and examples from the distro and only deploy your
diff --git a/camunda-tomcat.sh b/camunda-tomcat.sh
index 8cd1c80..dffa42a 100755
--- a/camunda-tomcat.sh
+++ b/camunda-tomcat.sh
@@ -43,6 +43,25 @@ if [ -z "$SKIP_DB_CONFIG" ]; then
"${CATALINA_HOME}/conf/server.xml"
fi
+/camunda/scripts/camunda-administrativeuser.sh \
+ /camunda/conf/bpm-platform.xml \
+ /camunda/data/camunda-administrativeuser.xsl \
+ /camunda/data/camunda-administrativeuser.xml
+if [ $? -ne 0 ] ; then
+ echo "ERROR camunda.administrativeuser.sh"
+ exit 1
+fi
+
+
+/camunda/scripts/camunda-engine-rest-enable-auth.sh \
+ /camunda/webapps/engine-rest/WEB-INF/web.xml \
+ /camunda/data/camunda-engine-rest-enable-auth.xsl \
+ /camunda/data/camunda-engine-rest-enable-auth.xml
+if [ $? -ne 0 ] ; then
+ echo "ERROR: /camunda/scripts/camunda-engine-rest-enable-auth.sh"
+ exit 1
+fi
+
CMD="${CATALINA_HOME}/bin/catalina.sh"
if [ "${DEBUG}" = "true" ]; then
echo "Enabling debug mode, JPDA accesible under port 8000"