├── LICENSE
├── README.md
├── camunda-tomcat-hardened
    ├── Dockerfile
    ├── README.md
    ├── docker-tomcat-camunda-bpm.png
    └── test
    │   ├── bpm-platform.xml
    │   ├── engine-rest-web.xml
    │   └── server.xml
├── docker-compose.yml
├── other-examples
    ├── camunda-bpm-tomcat-ee
    │   ├── Dockerfile
    │   └── wait-for-connection.sh
    ├── camunda-standalone-webapp-ee
    │   ├── Dockerfile
    │   └── camunda-enterprise-login.env
    ├── camunda-standalone-webapp-tomcat-ee
    │   ├── Dockerfile
    │   ├── camunda-enterprise-login.env
    │   └── wait-for-connection.sh
    ├── tomcat-camunda-bpm-ee
    │   ├── Dockerfile
    │   ├── Dockerfile-install-local-distro
    │   ├── README.md
    │   ├── camunda-enterprise-login.env
    │   ├── docker-build-from-local-distro.sh
    │   ├── docker-build.sh
    │   ├── docker-tomcat-camunda-bpm.png
    │   └── docker-tomcat-camunda-bpm.xcf
    ├── tomcat-camunda-standalone-war
    │   ├── .docker-env
    │   ├── Dockerfile
    │   ├── README.md
    │   └── bin
    │   │   ├── configure_and_run.sh
    │   │   ├── configure_datasource.sh
    │   │   ├── create_tomcat_admin_user.sh
    │   │   └── download_database_drivers.sh
    └── wildfly+postgres
    │   ├── README.md
    │   ├── camunda-bpm-wildfly-ee
    │       ├── Dockerfile
    │       ├── camunda-enterprise-login.env
    │       └── wait-for-connection.sh
    │   ├── docker-compose.yml
    │   └── postgres-camunda-bpm-ee
    │       ├── Dockerfile
    │       ├── README.md
    │       ├── camunda-enterprise-license.sql
    │       └── camunda-enterprise-login.env
└── postgres-camunda-ee
    ├── Dockerfile
    ├── README.md
    └── camunda-enterprise-license.sql


/LICENSE:
--------------------------------------------------------------------------------
  1 |                                  Apache License
  2 |                            Version 2.0, January 2004
  3 |                         http://www.apache.org/licenses/
  4 | 
  5 |    TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
  6 | 
  7 |    1. Definitions.
  8 | 
  9 |       "License" shall mean the terms and conditions for use, reproduction,
 10 |       and distribution as defined by Sections 1 through 9 of this document.
 11 | 
 12 |       "Licensor" shall mean the copyright owner or entity authorized by
 13 |       the copyright owner that is granting the License.
 14 | 
 15 |       "Legal Entity" shall mean the union of the acting entity and all
 16 |       other entities that control, are controlled by, or are under common
 17 |       control with that entity. For the purposes of this definition,
 18 |       "control" means (i) the power, direct or indirect, to cause the
 19 |       direction or management of such entity, whether by contract or
 20 |       otherwise, or (ii) ownership of fifty percent (50%) or more of the
 21 |       outstanding shares, or (iii) beneficial ownership of such entity.
 22 | 
 23 |       "You" (or "Your") shall mean an individual or Legal Entity
 24 |       exercising permissions granted by this License.
 25 | 
 26 |       "Source" form shall mean the preferred form for making modifications,
 27 |       including but not limited to software source code, documentation
 28 |       source, and configuration files.
 29 | 
 30 |       "Object" form shall mean any form resulting from mechanical
 31 |       transformation or translation of a Source form, including but
 32 |       not limited to compiled object code, generated documentation,
 33 |       and conversions to other media types.
 34 | 
 35 |       "Work" shall mean the work of authorship, whether in Source or
 36 |       Object form, made available under the License, as indicated by a
 37 |       copyright notice that is included in or attached to the work
 38 |       (an example is provided in the Appendix below).
 39 | 
 40 |       "Derivative Works" shall mean any work, whether in Source or Object
 41 |       form, that is based on (or derived from) the Work and for which the
 42 |       editorial revisions, annotations, elaborations, or other modifications
 43 |       represent, as a whole, an original work of authorship. For the purposes
 44 |       of this License, Derivative Works shall not include works that remain
 45 |       separable from, or merely link (or bind by name) to the interfaces of,
 46 |       the Work and Derivative Works thereof.
 47 | 
 48 |       "Contribution" shall mean any work of authorship, including
 49 |       the original version of the Work and any modifications or additions
 50 |       to that Work or Derivative Works thereof, that is intentionally
 51 |       submitted to Licensor for inclusion in the Work by the copyright owner
 52 |       or by an individual or Legal Entity authorized to submit on behalf of
 53 |       the copyright owner. For the purposes of this definition, "submitted"
 54 |       means any form of electronic, verbal, or written communication sent
 55 |       to the Licensor or its representatives, including but not limited to
 56 |       communication on electronic mailing lists, source code control systems,
 57 |       and issue tracking systems that are managed by, or on behalf of, the
 58 |       Licensor for the purpose of discussing and improving the Work, but
 59 |       excluding communication that is conspicuously marked or otherwise
 60 |       designated in writing by the copyright owner as "Not a Contribution."
 61 | 
 62 |       "Contributor" shall mean Licensor and any individual or Legal Entity
 63 |       on behalf of whom a Contribution has been received by Licensor and
 64 |       subsequently incorporated within the Work.
 65 | 
 66 |    2. Grant of Copyright License. Subject to the terms and conditions of
 67 |       this License, each Contributor hereby grants to You a perpetual,
 68 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 69 |       copyright license to reproduce, prepare Derivative Works of,
 70 |       publicly display, publicly perform, sublicense, and distribute the
 71 |       Work and such Derivative Works in Source or Object form.
 72 | 
 73 |    3. Grant of Patent License. Subject to the terms and conditions of
 74 |       this License, each Contributor hereby grants to You a perpetual,
 75 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 76 |       (except as stated in this section) patent license to make, have made,
 77 |       use, offer to sell, sell, import, and otherwise transfer the Work,
 78 |       where such license applies only to those patent claims licensable
 79 |       by such Contributor that are necessarily infringed by their
 80 |       Contribution(s) alone or by combination of their Contribution(s)
 81 |       with the Work to which such Contribution(s) was submitted. If You
 82 |       institute patent litigation against any entity (including a
 83 |       cross-claim or counterclaim in a lawsuit) alleging that the Work
 84 |       or a Contribution incorporated within the Work constitutes direct
 85 |       or contributory patent infringement, then any patent licenses
 86 |       granted to You under this License for that Work shall terminate
 87 |       as of the date such litigation is filed.
 88 | 
 89 |    4. Redistribution. You may reproduce and distribute copies of the
 90 |       Work or Derivative Works thereof in any medium, with or without
 91 |       modifications, and in Source or Object form, provided that You
 92 |       meet the following conditions:
 93 | 
 94 |       (a) You must give any other recipients of the Work or
 95 |           Derivative Works a copy of this License; and
 96 | 
 97 |       (b) You must cause any modified files to carry prominent notices
 98 |           stating that You changed the files; and
 99 | 
100 |       (c) You must retain, in the Source form of any Derivative Works
101 |           that You distribute, all copyright, patent, trademark, and
102 |           attribution notices from the Source form of the Work,
103 |           excluding those notices that do not pertain to any part of
104 |           the Derivative Works; and
105 | 
106 |       (d) If the Work includes a "NOTICE" text file as part of its
107 |           distribution, then any Derivative Works that You distribute must
108 |           include a readable copy of the attribution notices contained
109 |           within such NOTICE file, excluding those notices that do not
110 |           pertain to any part of the Derivative Works, in at least one
111 |           of the following places: within a NOTICE text file distributed
112 |           as part of the Derivative Works; within the Source form or
113 |           documentation, if provided along with the Derivative Works; or,
114 |           within a display generated by the Derivative Works, if and
115 |           wherever such third-party notices normally appear. The contents
116 |           of the NOTICE file are for informational purposes only and
117 |           do not modify the License. You may add Your own attribution
118 |           notices within Derivative Works that You distribute, alongside
119 |           or as an addendum to the NOTICE text from the Work, provided
120 |           that such additional attribution notices cannot be construed
121 |           as modifying the License.
122 | 
123 |       You may add Your own copyright statement to Your modifications and
124 |       may provide additional or different license terms and conditions
125 |       for use, reproduction, or distribution of Your modifications, or
126 |       for any such Derivative Works as a whole, provided Your use,
127 |       reproduction, and distribution of the Work otherwise complies with
128 |       the conditions stated in this License.
129 | 
130 |    5. Submission of Contributions. Unless You explicitly state otherwise,
131 |       any Contribution intentionally submitted for inclusion in the Work
132 |       by You to the Licensor shall be under the terms and conditions of
133 |       this License, without any additional terms or conditions.
134 |       Notwithstanding the above, nothing herein shall supersede or modify
135 |       the terms of any separate license agreement you may have executed
136 |       with Licensor regarding such Contributions.
137 | 
138 |    6. Trademarks. This License does not grant permission to use the trade
139 |       names, trademarks, service marks, or product names of the Licensor,
140 |       except as required for reasonable and customary use in describing the
141 |       origin of the Work and reproducing the content of the NOTICE file.
142 | 
143 |    7. Disclaimer of Warranty. Unless required by applicable law or
144 |       agreed to in writing, Licensor provides the Work (and each
145 |       Contributor provides its Contributions) on an "AS IS" BASIS,
146 |       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 |       implied, including, without limitation, any warranties or conditions
148 |       of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 |       PARTICULAR PURPOSE. You are solely responsible for determining the
150 |       appropriateness of using or redistributing the Work and assume any
151 |       risks associated with Your exercise of permissions under this License.
152 | 
153 |    8. Limitation of Liability. In no event and under no legal theory,
154 |       whether in tort (including negligence), contract, or otherwise,
155 |       unless required by applicable law (such as deliberate and grossly
156 |       negligent acts) or agreed to in writing, shall any Contributor be
157 |       liable to You for damages, including any direct, indirect, special,
158 |       incidental, or consequential damages of any character arising as a
159 |       result of this License or out of the use or inability to use the
160 |       Work (including but not limited to damages for loss of goodwill,
161 |       work stoppage, computer failure or malfunction, or any and all
162 |       other commercial damages or losses), even if such Contributor
163 |       has been advised of the possibility of such damages.
164 | 
165 |    9. Accepting Warranty or Additional Liability. While redistributing
166 |       the Work or Derivative Works thereof, You may choose to offer,
167 |       and charge a fee for, acceptance of support, warranty, indemnity,
168 |       or other liability obligations and/or rights consistent with this
169 |       License. However, in accepting such obligations, You may act only
170 |       on Your own behalf and on Your sole responsibility, not on behalf
171 |       of any other Contributor, and only if You agree to indemnify,
172 |       defend, and hold each Contributor harmless for any liability
173 |       incurred by, or claims asserted against, such Contributor by reason
174 |       of your accepting any such warranty or additional liability.
175 | 
176 |    END OF TERMS AND CONDITIONS
177 | 
178 |    APPENDIX: How to apply the Apache License to your work.
179 | 
180 |       To apply the Apache License to your work, attach the following
181 |       boilerplate notice, with the fields enclosed by brackets "{}"
182 |       replaced with your own identifying information. (Don't include
183 |       the brackets!)  The text should be enclosed in the appropriate
184 |       comment syntax for the file format. We also recommend that a
185 |       file or class name and description of purpose be included on the
186 |       same "printed page" as the copyright notice for easier
187 |       identification within third-party archives.
188 | 
189 |    Copyright {yyyy} {name of copyright owner}
190 | 
191 |    Licensed under the Apache License, Version 2.0 (the "License");
192 |    you may not use this file except in compliance with the License.
193 |    You may obtain a copy of the License at
194 | 
195 |        http://www.apache.org/licenses/LICENSE-2.0
196 | 
197 |    Unless required by applicable law or agreed to in writing, software
198 |    distributed under the License is distributed on an "AS IS" BASIS,
199 |    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200 |    See the License for the specific language governing permissions and
201 |    limitations under the License.
202 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Example Dockerfiles for Camunda Enterprise Edition
 2 | 
 3 | see also: https://docs.camunda.org/manual/latest/installation/docker/
 4 | 
 5 | ## Folder Structure
 6 | 
 7 | Folder/File | Description
 8 | ---|---
 9 | ./camunda-tomcat-hardened | Dockerfile for Camunda Tomcat distro incl. Tasklist and Cockpit
10 | ./postgres-camunda-ee | Dockerfile for PostreSQL incl. Camunda tables and license
11 | docker-compose.yml | Docker composition that wires all services together
12 | 
13 | ## Running
14 | 
15 | - Build and run all Docker images:
16 | 
17 |       docker-compose up -d --build
18 | 
19 | - View the logs:
20 | 
21 |       docker-compose logs -f
22 | 
23 | - Shut down all containers and delete all volumes:
24 | 
25 |       docker-compose down -v
26 | 
27 | ## Access to running services
28 | 
29 | - [Camunda Cockpit](http://localhost:8080/camunda/app/cockpit/default/) (username: demo, password: demo)
30 | - jdbc:postgresql://localhost:5432/camunda (username: camunda, password: camunda)
31 | 


--------------------------------------------------------------------------------
/camunda-tomcat-hardened/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM registry.camunda.cloud/camunda-bpm-platform-ee:tomcat-7.10.5
 2 | # see: https://docs.camunda.org/manual/latest/installation/docker/
 3 | 
 4 | # timezone
 5 | ENV TZ=Europe/Berlin
 6 | 
 7 | # Remove Tomcat example applications
 8 | # see also https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html
 9 | RUN rm -fr /camunda/webapps/ROOT \
10 |            /camunda/webapps/docs \
11 |            /camunda/webapps/examples \
12 |            /camunda/webapps/host-manager \
13 |            /camunda/webapps/manager \
14 | # remove Camunda example applications
15 |            /camunda/webapps/camunda-welcome \
16 |            /camunda/webapps/camunda-invoice \
17 |            #/camunda/webapps/engine-rest
18 |            /camunda/webapps/h2 \
19 | # remove Groovy scripting language
20 |            /camunda/lib/groovy-all-*.jar \
21 | # remove connectors
22 |            /camunda/lib/camunda-connect-*.jar \
23 |            /camunda/lib/camunda-engine-plugin-connect-*.jar && \
24 |    xmlstarlet edit --ps --inplace \
25 |    -N 'N=http://www.camunda.org/schema/1.0/BpmPlatform' \
26 |    --delete "//N:plugin[N:class = 'org.camunda.connect.plugin.impl.ConnectProcessEnginePlugin']" \
27 |    /camunda/conf/bpm-platform.xml && \
28 | # add SQL connection check
29 | # <Resource name="jdbc/ProcessEngine" testOnBorrow="true" validationQuery="SELECT 1" />
30 |     xmlstarlet edit --ps --inplace \
31 |     --insert "//Resource[@name='jdbc/ProcessEngine']" --type attr \
32 |     -n testOnBorrow -v true \
33 |     --insert "//Resource[@name='jdbc/ProcessEngine']" --type attr \
34 |     -n validationQuery -v "SELECT 1" \
35 |     /camunda/conf/server.xml && \
36 | # Enable HTTP Basic Authentication for Camunda REST API
37 | # see: https://docs.camunda.org/manual/latest/user-guide/security/
38 |    sed -i -e 's#<!-- <filter>#<filter>#' -e 's#</filter-mapping> -->#</filter-mapping>#' \
39 |    /camunda/webapps/engine-rest/WEB-INF/web.xml && \
40 | # Remove unused Tomcat Connectors
41 | # By default, an HTTP and an AJP connector are configured. Connectors that will not be used should be removed from server.xml.
42 | # see: https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Connectors
43 | # <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
44 |    xmlstarlet edit --ps --inplace \
45 |    --delete '//Connector[@protocol="AJP/1.3"]' \
46 |    /camunda/conf/server.xml
47 | 
48 | # TODO Configure LDAP
49 | 
50 | # TODO SSL either via API Gateway/Reverse Proxy or in Tomcat
51 | # see: https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html
52 | 
53 | # TODO Maybe enable Security manager
54 | # Enabling the security manager causes web applications to be run in a sandbox, significantly limiting a web application's ability to perform malicious actions such as calling System.exit(), establishing network connections or accessing the file system outside of the web application's root and temporary directories.
55 | # see: https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Security_manager
56 | 
57 | # TODO Maybe use Hikari connection pool
58 | # see: https://community.liferay.com/blogs/-/blogs/tomcat-hikaricp
59 | # see: https://github.com/brettwooldridge/HikariCP#configuration-knobs-baby
60 | 


--------------------------------------------------------------------------------
/camunda-tomcat-hardened/README.md:
--------------------------------------------------------------------------------
 1 | # Example Dockerfile for Camunda on Tomcat
 2 | 
 3 | This [Dockerfile](Dockerfile) is based on the official Docker image for the Camunda Enterprise Edition and hardens it for production use by removing examples and enabling security features.
 4 | 
 5 | ![Docker Tomcat Camunda BPM](docker-tomcat-camunda-bpm.png)
 6 | 
 7 | Build the image from Dockerfile
 8 | 
 9 | ```shell
10 | docker login registry.camunda.cloud
11 | docker build --tag my-camunda-tomcat .
12 | ```
13 | 
14 | Run the Tomcat container
15 | 
16 | ```shell
17 | docker run -p 8080:8080 my-camunda-tomcat
18 | ```
19 | 
20 | Open in browser: 
21 | 
22 | * [Camunda Webapp](http://localhost:8080/camunda/)
23 | 
24 | 
25 | For available configuration options have a look on the [Documentation of the official Camunda Docker images](https://github.com/camunda/docker-camunda-bpm-platform/tree/master#database-environment-variables).
26 | 
27 | 


--------------------------------------------------------------------------------
/camunda-tomcat-hardened/docker-tomcat-camunda-bpm.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/camunda-consulting/docker-camunda-platform/b7d572f310a3a8f45c53bc26c54579ca594042ec/camunda-tomcat-hardened/docker-tomcat-camunda-bpm.png


--------------------------------------------------------------------------------
/camunda-tomcat-hardened/test/bpm-platform.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <bpm-platform xmlns="http://www.camunda.org/schema/1.0/BpmPlatform" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 3 |   xsi:schemaLocation="http://www.camunda.org/schema/1.0/BpmPlatform http://www.camunda.org/schema/1.0/BpmPlatform ">
 4 | 
 5 |   <job-executor>
 6 |     <job-acquisition name="default" />
 7 |   </job-executor>
 8 | 
 9 |   <process-engine name="default">
10 |     <job-acquisition>default</job-acquisition>
11 |     <configuration>org.camunda.bpm.engine.impl.cfg.StandaloneProcessEngineConfiguration</configuration>
12 |     <datasource>java:jdbc/ProcessEngine</datasource>
13 | 
14 |     <properties>
15 |       <property name="history">full</property>
16 |       <property name="databaseSchemaUpdate">true</property>
17 |       <property name="authorizationEnabled">true</property>
18 |       <property name="jobExecutorDeploymentAware">true</property>
19 |       <property name="historyCleanupBatchWindowStartTime">00:01</property>
20 |     </properties>
21 | 
22 |     <plugins>
23 |       <!-- plugin enabling Process Application event listener support -->
24 |       <plugin>
25 |         <class>org.camunda.bpm.application.impl.event.ProcessApplicationEventListenerPlugin</class>
26 |       </plugin>
27 | 
28 |       <!-- plugin enabling integration of camunda Spin -->
29 |       <plugin>
30 |         <class>org.camunda.spin.plugin.impl.SpinProcessEnginePlugin</class>
31 |       </plugin>
32 | 
33 |       <!-- plugin enabling connect support -->
34 |       <plugin>
35 |         <class>org.camunda.connect.plugin.impl.ConnectProcessEnginePlugin</class>
36 |       </plugin>
37 | 
38 |     <!-- LDAP CONFIGURATION -->
39 |     <!-- Uncomment this section in order to enable LDAP support for this process engine -->
40 |     <!-- Adjust configuration, see ( http://docs.camunda.org/latest/guides/user-guide/#process-engine-identity-service-the-ldap-identity-service ) -->
41 |     <!--
42 |       <plugin>
43 |         <class>org.camunda.bpm.identity.impl.ldap.plugin.LdapIdentityProviderPlugin</class>
44 |         <properties>
45 | 
46 |           <property name="serverUrl">ldaps://localhost:4334/</property>
47 |           <property name="acceptUntrustedCertificates">false</property>
48 |           <property name="managerDn">uid=jonny,ou=office-berlin,o=camunda,c=org</property>
49 |           <property name="managerPassword">s3cr3t</property>
50 | 
51 |           <property name="baseDn">o=camunda,c=org</property>
52 | 
53 |           <property name="userSearchBase"></property>
54 |           <property name="userSearchFilter">(objectclass=person)</property>
55 | 
56 |           <property name="userIdAttribute">uid</property>
57 |           <property name="userFirstnameAttribute">cn</property>
58 |           <property name="userLastnameAttribute">sn</property>
59 |           <property name="userEmailAttribute">mail</property>
60 |           <property name="userPasswordAttribute">userpassword</property>
61 | 
62 |           <property name="groupSearchBase"></property>
63 |           <property name="groupSearchFilter">(objectclass=groupOfNames)</property>
64 |           <property name="groupIdAttribute">cn</property>
65 |           <property name="groupNameAttribute">cn</property>
66 | 
67 |           <property name="groupMemberAttribute">member</property>
68 |           <property name="sortControlSupported">false</property>
69 | 
70 |         </properties>
71 |       </plugin>
72 |       -->
73 | 
74 |       <!-- LDAP CONFIGURATION -->
75 |       <!-- The following plugin allows you to grant administrator authorizations to an existing LDAP user -->
76 |       <!--
77 |       <plugin>
78 |         <class>org.camunda.bpm.engine.impl.plugin.AdministratorAuthorizationPlugin</class>
79 |         <properties>
80 |           <property name="administratorUserName">admin</property>
81 |         </properties>
82 |       </plugin>
83 |       -->
84 | 
85 |     </plugins>
86 | 
87 | 
88 |   </process-engine>
89 | 
90 | </bpm-platform>
91 | 


--------------------------------------------------------------------------------
/camunda-tomcat-hardened/test/engine-rest-web.xml:
--------------------------------------------------------------------------------
 1 | <web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
 2 |   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 3 |   xsi:schemaLocation="http://java.sun.com/xml/ns/javaee    http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
 4 | 
 5 |   <listener>
 6 |     <listener-class>org.camunda.bpm.engine.rest.impl.FetchAndLockContextListener</listener-class>
 7 |   </listener>
 8 | 
 9 |   <filter>
10 |     <filter-name>EmptyBodyFilter</filter-name>
11 |     <filter-class>org.camunda.bpm.engine.rest.filter.EmptyBodyFilter</filter-class>
12 |     <async-supported>true</async-supported>
13 |   </filter>
14 |   <filter-mapping>
15 |     <filter-name>EmptyBodyFilter</filter-name>
16 |     <url-pattern>/*</url-pattern>
17 |   </filter-mapping>
18 | 
19 |   <filter>
20 |     <filter-name>CacheControlFilter</filter-name>
21 |     <filter-class>org.camunda.bpm.engine.rest.filter.CacheControlFilter</filter-class>
22 |     <async-supported>true</async-supported>
23 |   </filter>
24 |   <filter-mapping>
25 |     <filter-name>CacheControlFilter</filter-name>
26 |     <url-pattern>/*</url-pattern>
27 |   </filter-mapping>
28 |   
29 |   <!-- Http Basic Authentication Filter -->
30 |   <!-- <filter>
31 |     <filter-name>camunda-auth</filter-name>
32 |     <filter-class>
33 |       org.camunda.bpm.engine.rest.security.auth.ProcessEngineAuthenticationFilter
34 |     </filter-class>
35 | 	<async-supported>true</async-supported>
36 |     <init-param>
37 |       <param-name>authentication-provider</param-name>
38 |       <param-value>org.camunda.bpm.engine.rest.security.auth.impl.HttpBasicAuthenticationProvider</param-value>
39 |     </init-param>
40 |     <init-param>
41 | 	    <param-name>rest-url-pattern-prefix</param-name>
42 | 	    <param-value></param-value>
43 | 	  </init-param> 
44 |   </filter>
45 | 
46 |   <filter-mapping>
47 |     <filter-name>camunda-auth</filter-name>
48 |     <url-pattern>/*</url-pattern>
49 |   </filter-mapping> -->
50 | 
51 |   <servlet>
52 |     <servlet-name>Resteasy</servlet-name>
53 |     <servlet-class>org.jboss.resteasy.plugins.server.servlet.HttpServlet30Dispatcher</servlet-class>
54 |     <init-param>
55 |       <param-name>javax.ws.rs.Application</param-name>
56 |       <param-value>org.camunda.bpm.engine.rest.impl.application.DefaultApplication</param-value>
57 |     </init-param>
58 |     <async-supported>true</async-supported>
59 |   </servlet>
60 | 
61 |   <servlet-mapping>
62 |     <servlet-name>Resteasy</servlet-name>
63 |     <url-pattern>/*</url-pattern>
64 |   </servlet-mapping>
65 | 
66 | </web-app>


--------------------------------------------------------------------------------
/camunda-tomcat-hardened/test/server.xml:
--------------------------------------------------------------------------------
  1 | <?xml version='1.0' encoding='utf-8'?>
  2 | <!--
  3 |   Licensed to the Apache Software Foundation (ASF) under one or more
  4 |   contributor license agreements.  See the NOTICE file distributed with
  5 |   this work for additional information regarding copyright ownership.
  6 |   The ASF licenses this file to You under the Apache License, Version 2.0
  7 |   (the "License"); you may not use this file except in compliance with
  8 |   the License.  You may obtain a copy of the License at
  9 | 
 10 |       http://www.apache.org/licenses/LICENSE-2.0
 11 | 
 12 |   Unless required by applicable law or agreed to in writing, software
 13 |   distributed under the License is distributed on an "AS IS" BASIS,
 14 |   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 15 |   See the License for the specific language governing permissions and
 16 |   limitations under the License.
 17 | -->
 18 | <!-- Note:  A "Server" is not itself a "Container", so you may not
 19 |      define subcomponents such as "Valves" at this level.
 20 |      Documentation at /docs/config/server.html
 21 |  -->
 22 | <Server port="8005" shutdown="SHUTDOWN">
 23 |   <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
 24 |   <!-- Security listener. Documentation at /docs/config/listeners.html
 25 |   <Listener className="org.apache.catalina.security.SecurityListener" />
 26 |   -->
 27 |   <!--APR library loader. Documentation at /docs/apr.html -->
 28 |   <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
 29 | 
 30 |   <!-- Prevent memory leaks due to use of particular java/javax APIs-->
 31 |   <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
 32 |   
 33 |   <Listener className="org.camunda.bpm.container.impl.tomcat.TomcatBpmPlatformBootstrap" />
 34 |   
 35 |   <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
 36 |   <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
 37 | 
 38 |   <!-- Global JNDI resources
 39 |        Documentation at /docs/jndi-resources-howto.html
 40 |   -->
 41 |   <GlobalNamingResources>
 42 |     <!-- Editable user database that can also be used by
 43 |          UserDatabaseRealm to authenticate users
 44 |     -->
 45 |     <Resource name="UserDatabase" auth="Container"
 46 |               type="org.apache.catalina.UserDatabase"
 47 |               description="User database that can be updated and saved"
 48 |               factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
 49 |               pathname="conf/tomcat-users.xml" />
 50 | 
 51 |     <!-- Additional properties can be set to avoid a common exception
 52 |          regarding connection timeout in the connection pool:
 53 |           testOnBorrow="true"
 54 |           validationQuery="SELECT 1"
 55 |     -->
 56 |     <Resource name="jdbc/ProcessEngine"
 57 |               auth="Container"
 58 |               type="javax.sql.DataSource" 
 59 |               factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"
 60 |               uniqueResourceName="process-engine"
 61 |               driverClassName="org.h2.Driver" 
 62 |               url="jdbc:h2:./camunda-h2-dbs/process-engine;MVCC=TRUE;TRACE_LEVEL_FILE=0;DB_CLOSE_ON_EXIT=FALSE"
 63 |               defaultTransactionIsolation="READ_COMMITTED"
 64 |               username="sa"  
 65 |               password="sa"
 66 |               maxActive="20"
 67 |               minIdle="5"
 68 |               maxIdle="20" />
 69 | 
 70 |     <Resource name="global/camunda-bpm-platform/process-engine/ProcessEngineService!org.camunda.bpm.ProcessEngineService" auth="Container"
 71 |               type="org.camunda.bpm.ProcessEngineService"
 72 |               description="camunda BPM platform Process Engine Service"
 73 |               factory="org.camunda.bpm.container.impl.jndi.ProcessEngineServiceObjectFactory" />
 74 |               
 75 |     <Resource name="global/camunda-bpm-platform/process-engine/ProcessApplicationService!org.camunda.bpm.ProcessApplicationService" auth="Container"
 76 |               type="org.camunda.bpm.ProcessApplicationService"
 77 |               description="camunda BPM platform Process Application Service"
 78 |               factory="org.camunda.bpm.container.impl.jndi.ProcessApplicationServiceObjectFactory" />
 79 |               
 80 |   </GlobalNamingResources>
 81 | 
 82 |   <!-- A "Service" is a collection of one or more "Connectors" that share
 83 |        a single "Container" Note:  A "Service" is not itself a "Container",
 84 |        so you may not define subcomponents such as "Valves" at this level.
 85 |        Documentation at /docs/config/service.html
 86 |    -->
 87 |   <Service name="Catalina">
 88 | 
 89 |     <!--The connectors can use a shared executor, you can define one or more named thread pools-->
 90 |     <!--
 91 |     <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
 92 |         maxThreads="150" minSpareThreads="4"/>
 93 |     -->
 94 | 
 95 | 
 96 |     <!-- A "Connector" represents an endpoint by which requests are received
 97 |          and responses are returned. Documentation at :
 98 |          Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
 99 |          Java AJP  Connector: /docs/config/ajp.html
100 |          APR (HTTP/AJP) Connector: /docs/apr.html
101 |          Define a non-SSL HTTP/1.1 Connector on port 8080
102 |     -->
103 |     <Connector port="8080" protocol="HTTP/1.1"
104 |                connectionTimeout="20000"
105 |                redirectPort="8443" />
106 |     <!-- A "Connector" using the shared thread pool-->
107 |     <!--
108 |     <Connector executor="tomcatThreadPool"
109 |                port="8080" protocol="HTTP/1.1"
110 |                connectionTimeout="20000"
111 |                redirectPort="8443" />
112 |     -->
113 |     <!-- Define a SSL HTTP/1.1 Connector on port 8443
114 |          This connector uses the JSSE configuration, when using APR, the
115 |          connector should be using the OpenSSL style configuration
116 |          described in the APR documentation -->
117 |     <!--
118 |     <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
119 |                maxThreads="150" scheme="https" secure="true"
120 |                clientAuth="false" sslProtocol="TLS" />
121 |     -->
122 | 
123 |     <!-- Define an AJP 1.3 Connector on port 8009 -->
124 |     <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
125 | 
126 | 
127 |     <!-- An Engine represents the entry point (within Catalina) that processes
128 |          every request.  The Engine implementation for Tomcat stand alone
129 |          analyzes the HTTP headers included with the request, and passes them
130 |          on to the appropriate Host (virtual host).
131 |          Documentation at /docs/config/engine.html -->
132 | 
133 |     <!-- You should set jvmRoute to support load-balancing via AJP ie :
134 |     <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
135 |     -->
136 |     <Engine name="Catalina" defaultHost="localhost">
137 | 
138 |       <!--For clustering, please take a look at documentation at:
139 |           /docs/cluster-howto.html  (simple how to)
140 |           /docs/config/cluster.html (reference documentation) -->
141 |       <!--
142 |       <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
143 |       -->
144 | 
145 |       <!-- Use the LockOutRealm to prevent attempts to guess user passwords
146 |            via a brute-force attack -->
147 |       <Realm className="org.apache.catalina.realm.LockOutRealm">
148 |         <!-- This Realm uses the UserDatabase configured in the global JNDI
149 |              resources under the key "UserDatabase".  Any edits
150 |              that are performed against this UserDatabase are immediately
151 |              available for use by the Realm.  -->
152 |         <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
153 |                resourceName="UserDatabase"/>
154 |       </Realm>
155 | 
156 |       <Host name="localhost"  appBase="webapps"
157 |             unpackWARs="true" autoDeploy="true">
158 | 
159 |         <!-- SingleSignOn valve, share authentication between web applications
160 |              Documentation at: /docs/config/valve.html -->
161 |         <!--
162 |         <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
163 |         -->
164 | 
165 |         <!-- Access log processes all example.
166 |              Documentation at: /docs/config/valve.html
167 |              Note: The pattern used is equivalent to using pattern="common" -->
168 |         <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
169 |                prefix="localhost_access_log" suffix=".txt"
170 |                pattern="%h %l %u %t &quot;%r&quot; %s %b" />
171 | 
172 |       </Host>
173 |     </Engine>
174 |   </Service>
175 | </Server>
176 | 


--------------------------------------------------------------------------------
/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | version: '2'
 2 | 
 3 | services:
 4 |   camunda:
 5 |     build:
 6 |       context: ./camunda-tomcat-hardened
 7 |     ports:
 8 |       - "8080:8080"
 9 |     depends_on:
10 |       - db
11 |     environment:
12 |       - DB_DRIVER=org.postgresql.Driver
13 |       - DB_URL=jdbc:postgresql://db:5432/camunda
14 |       - DB_USERNAME=camunda
15 |       - DB_PASSWORD=camunda
16 |       - WAIT_FOR=db:5432
17 | 
18 |   db:
19 |     build: ./postgres-camunda-ee
20 |     ports:
21 |       - "5432:5432"
22 |     environment:
23 |       - POSTGRES_DB=camunda
24 |       - POSTGRES_USER=camunda
25 |       - POSTGRES_PASSWORD=camunda
26 | 
27 | 


--------------------------------------------------------------------------------
/other-examples/camunda-bpm-tomcat-ee/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM tomcat:8.0-jre8
 2 | # Currently, Camunda BPM is supported on Tomcat 8.0.x
 3 | # See also: https://docs.camunda.org/manual/latest/introduction/supported-environments/
 4 | 
 5 | # no suffix '-ee' in VERSION!
 6 | ENV VERSION 7.7.0-alpha2
 7 | ENV DISTRO tomcat
 8 | ENV SERVER apache-tomcat-8.0.24
 9 | ENV LIB_DIR ${CATALINA_HOME}/lib/
10 | ENV SERVER_CONFIG ${CATALINA_HOME}/conf/server.xml
11 | ENV NEXUS https://app.camunda.com/nexus/service/local/artifact/maven/redirect
12 | 
13 | # Put your EE credentials into the following file
14 | COPY camunda-enterprise-login.env .
15 | 
16 | # add Camunda EE components
17 | RUN export $(cat camunda-enterprise-login.env | xargs) && \
18 |     wget -O - "https://camunda.org/enterprise-release/camunda-bpm/${DISTRO}/$(echo $VERSION | cut -c 1-3)/${VERSION}/camunda-bpm-ee-${DISTRO}-${VERSION}-ee.tar.gz" --user=${EE_USERNAME} --password=${EE_PASSWORD} | \
19 |     # REDO this line with stuff below: tar xzf - --directory /camunda/ server/${SERVER} --strip 2
20 | 
21 | # TODO Add BPM Bootstrap Server Listener (https://docs.camunda.org/manual/latest/installation/full/tomcat/manual/#add-bpm-bootstrap-server-listener)
22 | # xmlstarlet, sed or the likes
23 | {CATALINA_HOME}/conf/server.xml
24 | 
25 |   <Listener className="org.camunda.bpm.container.impl.tomcat.TomcatBpmPlatformBootstrap" />
26 | 
27 | 
28 | # TODO Add services to server.xml
29 |     <Resource name="global/camunda-bpm-platform/process-engine/ProcessEngineService!org.camunda.bpm.ProcessEngineService" auth="Container"
30 |               type="org.camunda.bpm.ProcessEngineService"
31 |               description="camunda BPM platform Process Engine Service"
32 |               factory="org.camunda.bpm.container.impl.jndi.ProcessEngineServiceObjectFactory" />
33 |               
34 |     <Resource name="global/camunda-bpm-platform/process-engine/ProcessApplicationService!org.camunda.bpm.ProcessApplicationService" auth="Container"
35 |               type="org.camunda.bpm.ProcessApplicationService"
36 |               description="camunda BPM platform Process Application Service"
37 |               factory="org.camunda.bpm.container.impl.jndi.ProcessApplicationServiceObjectFactory" />
38 | 
39 | # TODO Add Required Libraries (https://docs.camunda.org/manual/latest/installation/full/tomcat/manual/#add-required-libraries)
40 | # untar from camunda distro
41 | ${LIB_DIR}
42 | 
43 | # TODO Add bpm-platform.xml (https://docs.camunda.org/manual/latest/installation/full/tomcat/manual/#add-bpm-platform-xml)
44 | # untar from camunda distro
45 | server/${SERVER}/conf/bpm-platform.xml ${CATALINA_HOME}/conf/bpm-platform.xml
46 | 
47 | # TODO Camunda Webapp: Cockpit, Tasklist and Admin (https://docs.camunda.org/manual/latest/installation/full/tomcat/manual/#cockpit-tasklist-and-admin)
48 | # wget https://app.camunda.com/nexus/content/groups/public/org/camunda/bpm/webapp/camunda-webapp-tomcat/...
49 | # or use unpacked folder from distro for a static image
50 | 
51 | # TODO REST API (https://docs.camunda.org/manual/latest/installation/full/tomcat/manual/#rest-api)
52 | # wget https://app.camunda.com/nexus/content/groups/public/org/camunda/bpm/camunda-engine-rest/...
53 | # or use unpacked folder from distro for a static image
54 | 
55 | # TODO Add H2 Console, when H2 is used
56 | #RUN if [ "$DB_DRIVER" == "h2" ]; then camunda-h2-webapp-${VERSION}-ee.war; fi
57 | 
58 | # TODO Add example process application
59 | # camunda-example-invoice-${VERSION}-ee.war
60 | 
61 | # add database drivers
62 | RUN export $(cat camunda-enterprise-login.env | xargs) && \
63 |     export GITHUB="https://raw.githubusercontent.com/camunda/camunda-bpm-platform/7.6.0" && \
64 |     /usr/local/bin/download-database-drivers.sh "${NEXUS}?r=camunda-bpm-ee&g=org.camunda.bpm&a=camunda-database-settings&v=${VERSION}-ee&p=pom --user=${EE_USERNAME} --password=${EE_PASSWORD}"
65 | 
66 | # clean up
67 | RUN rm camunda-enterprise-login.env
68 | 
69 | # disable automatic DB schema creation/updates
70 | RUN sed -i 's#<property name="isAutoSchemaUpdate">true</property>#<property name="isAutoSchemaUpdate">false</property>#' /camunda/standalone/configuration/standalone.xml
71 | 
72 | # add script to wait for database startup
73 | COPY wait-for-connection.sh /usr/local/bin/
74 | 
75 | # TODO Configure a JDBC Resource (https://docs.camunda.org/manual/latest/installation/full/tomcat/manual/#configure-a-jdbc-resource)
76 | CMD /usr/local/bin/wait-for-connection.sh && /usr/local/bin/configure-and-run.sh
77 | 


--------------------------------------------------------------------------------
/other-examples/camunda-bpm-tomcat-ee/wait-for-connection.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -e
 4 | 
 5 | WAIT_FOR=${WAIT_FOR}
 6 | WAIT_RETRIES=${WAIT_RETRIES:-30}
 7 | WAIT_DELAY=${WAIT_DELAY:-2}
 8 | 
 9 | if [ -n "$WAIT_FOR" ]; then
10 |     WAIT_DEV=${WAIT_FOR//://}
11 |     for retry in $(seq ${WAIT_RETRIES}); do
12 |         echo "(${retry}/${WAIT_RETRIES}) Try to connect to ${WAIT_FOR}"
13 |         echo > /dev/tcp/${WAIT_DEV} 2> /dev/null && break
14 |         sleep $WAIT_DELAY
15 |     done
16 |     echo > /dev/tcp/${WAIT_DEV}
17 |     echo "Connected to ${WAIT_FOR}"
18 | fi
19 | 


--------------------------------------------------------------------------------
/other-examples/camunda-standalone-webapp-ee/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM tomcat:8.0-jre8-alpine
 2 | # Currently, Camunda BPM is supported on Tomcat 8.0.x
 3 | # See also: https://docs.camunda.org/manual/latest/introduction/supported-environments/
 4 | 
 5 | ENV CAMUNDA_VERSION 7.6.2
 6 | ENV DISTRO tomcat
 7 | 
 8 | # Put your EE credentials into the following file
 9 | COPY camunda-enterprise-login.env .
10 | 
11 | # add Camunda EE distro
12 | RUN export $(cat camunda-enterprise-login.env | xargs) && \
13 |     wget -O - "https://camunda.org/enterprise-release/camunda-bpm/${DISTRO}/$(echo $CAMUNDA_VERSION | cut -c 1-3)/${CAMUNDA_VERSION}/camunda-bpm-ee-${DISTRO}-standalone-${CAMUNDA_VERSION}-ee.war" --user=${EE_USERNAME} --password=${EE_PASSWORD} | \
14 |     tar xzf - --directory /usr/local/tomcat/webapps/camunda
15 | 
16 | # clean up
17 | RUN rm camunda-enterprise-login.env
18 | 
19 | # TODO: edit datasource in /usr/local/tomcat/webapps/camunda/WEB-INF/applicationContext.xml
20 | 
21 | # remove     <property name="deploymentResources" value="classpath*:bpmn/*.bpmn" />
22 | 
23 | # TODO: configure & enable: <!--<ref bean="ldapIdentityProviderPlugin" />-->
24 | 


--------------------------------------------------------------------------------
/other-examples/camunda-standalone-webapp-ee/camunda-enterprise-login.env:
--------------------------------------------------------------------------------
1 | EE_USERNAME=your_user_name
2 | EE_PASSWORD=your-password
3 | 
4 | 


--------------------------------------------------------------------------------
/other-examples/camunda-standalone-webapp-tomcat-ee/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM tomcat:8.0-jre8
 2 | 
 3 | # no suffix '-ee' in VERSION!
 4 | ENV VERSION 7.7.0-alpha2
 5 | ENV DISTRO tomcat
 6 | ENV SERVER apache-tomcat-8.0.24
 7 | ENV LIB_DIR ${CATALINA_HOME}/lib/
 8 | ENV SERVER_CONFIG ${CATALINA_HOME}/conf/server.xml
 9 | ENV NEXUS https://app.camunda.com/nexus/service/local/artifact/maven/redirect
10 | 
11 | # Put your EE credentials into the following file
12 | COPY camunda-enterprise-login.env .
13 | 
14 | # add Camunda EE components
15 | RUN export $(cat camunda-enterprise-login.env | xargs) && \
16 |     wget -O - "https://camunda.org/enterprise-release/camunda-bpm/${DISTRO}/$(echo $VERSION | cut -c 1-3)/${VERSION}/camunda-webapp-ee-${DISTRO}-standalone-${VERSION}-ee.war" --user=${EE_USERNAME} --password=${EE_PASSWORD} | \
17 |     # REDO this line with stuff below: tar xzf - --directory /camunda/ server/${SERVER} --strip 2
18 | 
19 | # add database drivers
20 | RUN export $(cat camunda-enterprise-login.env | xargs) && \
21 |     export GITHUB="https://raw.githubusercontent.com/camunda/camunda-bpm-platform/7.6.0" && \
22 |     /usr/local/bin/download-database-drivers.sh "${NEXUS}?r=camunda-bpm-ee&g=org.camunda.bpm&a=camunda-database-settings&v=${VERSION}-ee&p=pom --user=${EE_USERNAME} --password=${EE_PASSWORD}"
23 | 
24 | # clean up
25 | RUN rm camunda-enterprise-login.env
26 | 
27 | # disable automatic DB schema creation/updates
28 | RUN sed -i 's#<property name="databaseSchemaUpdate" value="true"/>#<property name="databaseSchemaUpdate" value="false"/>#' WEB-INF/applicationContext.xml
29 | 
30 | # enable Job Executor
31 | RUN sed -i 's#<property name="jobExecutorActivate" value="false"/>#<property name="jobExecutorActivate" value="true"/>#' WEB-INF/applicationContext.xml
32 | 
33 | # add script to wait for database startup
34 | COPY wait-for-connection.sh /usr/local/bin/
35 | 
36 | # TODO Configure database
37 | <bean class="org.apache.commons.dbcp.BasicDataSource"><property name="driverClassName" value="org.h2.Driver"/><property name="url" value="jdbc:h2:mem:process-engine;MVCC=TRUE;TRACE_LEVEL_FILE=0;DB_CLOSE_ON_EXIT=FALSE"/><property name="username" value="sa"/><property name="password" value=""/></bean>
38 | 
39 | CMD /usr/local/bin/wait-for-connection.sh && /usr/local/bin/configure-and-run.sh
40 | 


--------------------------------------------------------------------------------
/other-examples/camunda-standalone-webapp-tomcat-ee/camunda-enterprise-login.env:
--------------------------------------------------------------------------------
1 | EE_USERNAME=your_user_name
2 | EE_PASSWORD=your-password
3 | 
4 | 


--------------------------------------------------------------------------------
/other-examples/camunda-standalone-webapp-tomcat-ee/wait-for-connection.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -e
 4 | 
 5 | WAIT_FOR=${WAIT_FOR}
 6 | WAIT_RETRIES=${WAIT_RETRIES:-30}
 7 | WAIT_DELAY=${WAIT_DELAY:-2}
 8 | 
 9 | if [ -n "$WAIT_FOR" ]; then
10 |     WAIT_DEV=${WAIT_FOR//://}
11 |     for retry in $(seq ${WAIT_RETRIES}); do
12 |         echo "(${retry}/${WAIT_RETRIES}) Try to connect to ${WAIT_FOR}"
13 |         echo > /dev/tcp/${WAIT_DEV} 2> /dev/null && break
14 |         sleep $WAIT_DELAY
15 |     done
16 |     echo > /dev/tcp/${WAIT_DEV}
17 |     echo "Connected to ${WAIT_FOR}"
18 | fi
19 | 


--------------------------------------------------------------------------------
/other-examples/tomcat-camunda-bpm-ee/Dockerfile:
--------------------------------------------------------------------------------
 1 | # Docker Image for Camunda BPM Enterprise Edition as a shared engine
 2 | # inside the latest version of Apache Tomcat 9
 3 | 
 4 | # It basically follows Camunda's guide on how to
 5 | # "Install the Full Distribution on a Tomcat Application Server manually":
 6 | # https://docs.camunda.org/manual/latest/installation/full/tomcat/manual/
 7 | 
 8 | FROM tomcat:9-jre8-alpine
 9 | # src: https://github.com/docker-library/tomcat/blob/master/9.0/jre8-alpine/Dockerfile
10 | 
11 | # When updating to a new Tomcat version, check the diff of the server.xml
12 | # that shipps with the Camunda distro and the one shipped with Tomcat, e.g.
13 | # $ docker run tomcat:9-jre8-alpine cat /usr/local/tomcat/conf/server.xml > server.orig-tomcat-9.xml
14 | # $ tar xzOf camunda-bpm-ee-tomcat-7.9.2-ee.tar.gz server/apache-tomcat-9.0.5/conf/server.xml > server.orig-camunda-7.9.2-ee-tomcat-9.xml
15 | # $ diff server.orig-camunda-7.9.2-ee-tomcat-9.xml server.orig-tomcat-9.xml
16 | 
17 | ARG EE_USERNAME
18 | ARG EE_PASSWORD
19 | 
20 | # Set the desired Camunda BPM version here.
21 | # no suffix '-ee' in VERSION, but in EE variable!
22 | ENV VERSION 7.9.2
23 | # leave EE empty for Community Edition
24 | ENV EE -ee
25 | 
26 | ENV DISTRO tomcat
27 | ENV SERVER apache-tomcat-9.0.5
28 | ENV LIB_DIR ${CATALINA_HOME}/lib
29 | ENV SERVER_CONFIG ${CATALINA_HOME}/conf/server.xml
30 | ENV NEXUS https://app.camunda.com/nexus/service/local/artifact/maven/redirect
31 | 
32 | # Git repo of the Camunda BPM Community Edition Docker images
33 | ENV GITHUB "https://raw.githubusercontent.com/camunda/docker-camunda-bpm-platform"
34 | 
35 | 
36 | # Remove Tomcat default webapps as recommended in https://tomcat.apache.org/tomcat-8.0-doc/security-howto.html
37 | RUN rm -r ${CATALINA_HOME}/webapps/ROOT \
38 |           ${CATALINA_HOME}/webapps/docs \
39 |           ${CATALINA_HOME}/webapps/examples \
40 |           ${CATALINA_HOME}/webapps/manager \
41 |           ${CATALINA_HOME}/webapps/host-manager
42 | 
43 | # install a wget version that supports redirect, SSL and login
44 | # and XMLStarlet Toolkit (required by configure-and-run.sh)
45 | RUN apk --no-cache add \
46 |     ca-certificates \
47 |     wget \
48 |     xmlstarlet \
49 |     && update-ca-certificates
50 | 
51 | # add Camunda distro from Camunda Nexus
52 | RUN mkdir "/camunda-bpm-distro/" && \
53 |     wget -O - --no-verbose --user="${EE_USERNAME}" --password="${EE_PASSWORD}" \
54 |         "${NEXUS}?r=camunda-bpm${EE}&g=org.camunda.bpm.${DISTRO}&a=camunda-bpm${EE}-${DISTRO}&v=${VERSION}${EE}&p=tar.gz" \
55 |     | \
56 |     tar xzf - -C "/camunda-bpm-distro/" \
57 |     && \
58 |     mv /camunda-bpm-distro/lib/* ${LIB_DIR} && \
59 |     mv /camunda-bpm-distro/server/${SERVER}/conf/server.xml ${SERVER_CONFIG} && \
60 |     mv /camunda-bpm-distro/server/${SERVER}/conf/bpm-platform.xml ${CATALINA_HOME}/conf/ && \
61 |     mv /camunda-bpm-distro/server/${SERVER}/webapps/camunda-welcome ${CATALINA_HOME}/webapps/ && \
62 |     mv /camunda-bpm-distro/server/${SERVER}/webapps/camunda ${CATALINA_HOME}/webapps/ && \
63 |     mv /camunda-bpm-distro/server/${SERVER}/webapps/engine-rest ${CATALINA_HOME}/webapps/ && \
64 |     mv /camunda-bpm-distro/server/${SERVER}/webapps/h2 ${CATALINA_HOME}/webapps/ && \
65 |     rm -r /camunda-bpm-distro
66 | 
67 | # add database drivers with script from CE Docker image
68 | RUN wget -O - --no-verbose \
69 |       "${GITHUB}/master/bin/download-database-drivers.sh" \
70 |     | bash -s \
71 |       "${NEXUS}?r=camunda-bpm${EE}&g=org.camunda.bpm&a=camunda-database-settings&v=${VERSION}${EE}&p=pom --user=${EE_USERNAME} --password=${EE_PASSWORD}"
72 | 
73 | # add datasource configuration script from CE Docker image,
74 | # customize it to run with the Tomcat base image,
75 | # and remove H2 stuff when not needed
76 | RUN wget -O - --no-verbose \
77 |       "${GITHUB}/master/bin/configure-and-run.sh" \
78 |     | head -n -1 \
79 |     > /usr/local/bin/configure-and-run.sh \
80 |     && \
81 |     echo -e "\n\
82 | # remove H2 webapp when not needed\n\
83 | if [ \$DB_DRIVER != \"org.h2.Driver\" ]; then\n\
84 |   rm -r \${CATALINA_HOME}/webapps/h2 ${LIB_DIR}/h2-*.jar;\n\
85 | fi\n\
86 | \n\
87 | exec catalina.sh run" \
88 |     >> /usr/local/bin/configure-and-run.sh \
89 | 	&& chmod +x /usr/local/bin/configure-and-run.sh
90 | 
91 | # Configures a JDBC DataSource (https://docs.camunda.org/manual/latest/installation/full/tomcat/manual/#configure-a-jdbc-resource)
92 | # based on environment variables DB_DRIVER, DB_URL, DB_USERNAME, DB_PASSWORD
93 | # and then starts Tomcat
94 | CMD ["configure-and-run.sh"]


--------------------------------------------------------------------------------
/other-examples/tomcat-camunda-bpm-ee/Dockerfile-install-local-distro:
--------------------------------------------------------------------------------
 1 | # Docker Image for Camunda BPM Enterprise Edition as a shared engine
 2 | # inside the latest version of Apache Tomcat 8.0.x
 3 | 
 4 | # It basically follows Camunda's guide on how to
 5 | # "Install the Full Distribution on a Tomcat Application Server manually":
 6 | # https://docs.camunda.org/manual/latest/installation/full/tomcat/manual/
 7 | 
 8 | # Currently, Camunda BPM is supported on Tomcat 8.0.x
 9 | # See also: https://docs.camunda.org/manual/latest/introduction/supported-environments/
10 | FROM tomcat:8.0-jre8-alpine
11 | # src: https://github.com/docker-library/tomcat/blob/master/8.0/jre8-alpine/Dockerfile
12 | 
13 | # When updating to a new Tomcat version, check the diff of the server.xml
14 | # that shipps with the Camunda distro and the one shipped with Tomcat, e.g.
15 | # $ docker run tomcat:8.0-jre8-alpine cat /usr/local/tomcat/conf/server.xml > server.orig-tomcat-8.0.45.xml
16 | # $ tar xzOf camunda-bpm-ee-tomcat-7.7.2-ee.tar.gz server/apache-tomcat-8.0.24/conf/server.xml > server.orig-camunda-7.7.2-ee-tomcat-8.0.24.xml
17 | # $ diff server.orig-camunda-7.7.2-ee-tomcat-8.0.24.xml server.orig-tomcat-8.0.45.xml
18 | 
19 | ARG EE_USERNAME
20 | ARG EE_PASSWORD
21 | 
22 | # Set the desired Camunda BPM version here.
23 | # no suffix '-ee' in VERSION, but in EE variable!
24 | ENV VERSION 7.7.2
25 | # leave EE empty for Community Edition
26 | ENV EE -ee
27 | 
28 | ENV DISTRO tomcat
29 | ENV SERVER apache-tomcat-8.0.24
30 | ENV LIB_DIR ${CATALINA_HOME}/lib
31 | ENV SERVER_CONFIG ${CATALINA_HOME}/conf/server.xml
32 | ENV NEXUS https://app.camunda.com/nexus/service/local/artifact/maven/redirect
33 | 
34 | # Git repo of the Camunda BPM Community Edition Docker images
35 | ENV GITHUB "https://raw.githubusercontent.com/camunda/docker-camunda-bpm-platform"
36 | 
37 | 
38 | # Remove Tomcat default webapps as recommended in https://tomcat.apache.org/tomcat-8.0-doc/security-howto.html
39 | RUN rm -r ${CATALINA_HOME}/webapps/ROOT \
40 |           ${CATALINA_HOME}/webapps/docs \
41 |           ${CATALINA_HOME}/webapps/examples \
42 |           ${CATALINA_HOME}/webapps/manager \
43 |           ${CATALINA_HOME}/webapps/host-manager
44 | 
45 | # install a wget version that supports redirect, SSL and login
46 | # and XMLStarlet Toolkit (required by configure-and-run.sh)
47 | RUN apk --no-cache add \
48 |     ca-certificates \
49 |     wget \
50 |     xmlstarlet \
51 |     && update-ca-certificates
52 | 
53 | # add distro from local filesystem
54 | ADD camunda-bpm${EE}-${DISTRO}-${VERSION}${EE}tar.gz /camunda-bpm-distro
55 | 
56 | RUN \
57 |     mv /camunda-bpm-distro/lib/* ${LIB_DIR} && \
58 |     mv /camunda-bpm-distro/server/${SERVER}/conf/server.xml ${SERVER_CONFIG} && \
59 |     mv /camunda-bpm-distro/server/${SERVER}/conf/bpm-platform.xml ${CATALINA_HOME}/conf/ && \
60 |     mv /camunda-bpm-distro/server/${SERVER}/webapps/camunda-welcome ${CATALINA_HOME}/webapps/ && \
61 |     mv /camunda-bpm-distro/server/${SERVER}/webapps/camunda ${CATALINA_HOME}/webapps/ && \
62 |     mv /camunda-bpm-distro/server/${SERVER}/webapps/engine-rest ${CATALINA_HOME}/webapps/ && \
63 |     mv /camunda-bpm-distro/server/${SERVER}/webapps/h2 ${CATALINA_HOME}/webapps/ && \
64 |     rm -r /camunda-bpm-distro
65 | 
66 | # add database drivers with script from CE Docker image
67 | RUN wget -O - --no-verbose \
68 |       "${GITHUB}/${DISTRO}-$(echo $VERSION | cut -c 1-3).0/bin/download-database-drivers.sh" \
69 |     | /bin/sh \
70 |       "${NEXUS}?r=camunda-bpm${EE}&g=org.camunda.bpm&a=camunda-database-settings&v=${VERSION}${EE}&p=pom --user=${EE_USERNAME} --password=${EE_PASSWORD}"
71 | 
72 | # add datasource configuration script from CE Docker image
73 | RUN wget -O - --no-verbose \
74 |       "${GITHUB}/${DISTRO}-$(echo $VERSION | cut -c 1-3).0/bin/configure-and-run.sh" \
75 |     | head -n -1 \
76 |     && \
77 |     echo -e "\n\
78 | # remove H2 webapp when not needed\n\
79 | if [ \$DB_DRIVER != \"org.h2.Driver\" ]; then\n\
80 |   rm -r \${CATALINA_HOME}/webapps/h2;\n\
81 | fi\n\
82 | \n\
83 | exec catalina.sh run" \
84 |     > /usr/local/bin/configure-and-run.sh
85 | 
86 | 
87 | # Configures a JDBC DataSource (https://docs.camunda.org/manual/latest/installation/full/tomcat/manual/#configure-a-jdbc-resource)
88 | # based on environment variables DB_DRIVER, DB_URL, DB_USERNAME, DB_PASSWORD
89 | # and then starts Tomcat
90 | CMD ["configure-and-run.sh"]


--------------------------------------------------------------------------------
/other-examples/tomcat-camunda-bpm-ee/README.md:
--------------------------------------------------------------------------------
1 | # Dockerfile for Camunda BPM on Tomcat
2 | 
3 | This docker image is based on the official Docker image for Apache Tomcat and will therefore receive patches by the Tomcat maintainers.
4 | 
5 | ![Docker Tomcat Camunda BPM](docker-tomcat-camunda-bpm.png)


--------------------------------------------------------------------------------
/other-examples/tomcat-camunda-bpm-ee/camunda-enterprise-login.env:
--------------------------------------------------------------------------------
1 | EE_USERNAME=your_user_name
2 | EE_PASSWORD=your-password
3 | 
4 | 


--------------------------------------------------------------------------------
/other-examples/tomcat-camunda-bpm-ee/docker-build-from-local-distro.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | export $(cat camunda-enterprise-login.env | xargs)
3 | docker build --build-arg EE_USERNAME="${EE_USERNAME}" --build-arg EE_PASSWORD="${EE_PASSWORD}" -f Dockerfile-install-local-distro .
4 | 


--------------------------------------------------------------------------------
/other-examples/tomcat-camunda-bpm-ee/docker-build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | export $(cat camunda-enterprise-login.env | xargs)
3 | docker build --build-arg EE_USERNAME="${EE_USERNAME}" --build-arg EE_PASSWORD="${EE_PASSWORD}" .
4 | 


--------------------------------------------------------------------------------
/other-examples/tomcat-camunda-bpm-ee/docker-tomcat-camunda-bpm.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/camunda-consulting/docker-camunda-platform/b7d572f310a3a8f45c53bc26c54579ca594042ec/other-examples/tomcat-camunda-bpm-ee/docker-tomcat-camunda-bpm.png


--------------------------------------------------------------------------------
/other-examples/tomcat-camunda-bpm-ee/docker-tomcat-camunda-bpm.xcf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/camunda-consulting/docker-camunda-platform/b7d572f310a3a8f45c53bc26c54579ca594042ec/other-examples/tomcat-camunda-bpm-ee/docker-tomcat-camunda-bpm.xcf


--------------------------------------------------------------------------------
/other-examples/tomcat-camunda-standalone-war/.docker-env:
--------------------------------------------------------------------------------
 1 | TOMCAT_USER=admin
 2 | TOMCAT_PASS=admin
 3 | 
 4 | DB_USERNAME=user
 5 | DB_PASSWORD=password
 6 | DB_DRIVER=com.mysql.jdbc.Driver
 7 | DB_URL=jdbc:mysql://db:3306/camunda
 8 | 
 9 | 
10 | JNDI_NAME=jdbc/ProcessEngine
11 | MYSQL_HOST=db
12 | MYSQL_PORT=3306
13 | MYSQL_DATABASE=camunda
14 | MYSQL_USER=user
15 | MYSQL_PASSWORD=password


--------------------------------------------------------------------------------
/other-examples/tomcat-camunda-standalone-war/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM tomcat
 2 | 
 3 | ENV NEXUS https://app.camunda.com/nexus/service/local/artifact/maven/redirect
 4 | ENV VERSION 7.7.0
 5 | 
 6 | RUN apt-get update && apt-get install -y xmlstarlet
 7 | 
 8 | ADD bin/*.sh /camunda/
 9 | 
10 | # Delete default root webapp and replace with camunda
11 | RUN rm -rf ${CATALINA_HOME}/webapps/ROOT
12 | RUN wget --output-document=/camunda.war "https://camunda.org/release/camunda-bpm/tomcat/7.7/amunda-webapp-tomcat-standalone-7.7.0.war" && unzip -qq /camunda.war -d ${CATALINA_HOME}/webapps/ROOT
13 | 
14 | # local alternative during playing around
15 | #ADD camunda.war /
16 | #RUN unzip -qq /camunda.war -d ${CATALINA_HOME}/webapps/ROOT
17 | 
18 | # add database drivers
19 | RUN /camunda/download_database_drivers.sh "${NEXUS}?r=public&g=org.camunda.bpm&a=camunda-database-settings&v=${VERSION}&p=pom"
20 | 
21 | 
22 | #EXPOSE 8080
23 | CMD ["/camunda/configure_and_run.sh"]


--------------------------------------------------------------------------------
/other-examples/tomcat-camunda-standalone-war/README.md:
--------------------------------------------------------------------------------
 1 | ## Docker image using official Tomcat and adding Camunda
 2 | 
 3 | First create a db container with the db of your choice (here MySQL - which does not mean in any way that we recommend MySQL over other databases)
 4 | ```shell
 5 | docker run --name mysql -e MYSQL_ROOT_PASSWORD=password -e MYSQL_USER=user -e MYSQL_PASSWORD=password -e MYSQL_DATABASE=camunda -d mysql:latest
 6 | ```
 7 | 
 8 | Then build the image from Dockerfile
 9 | ```shell
10 | docker build -t my-camunda .
11 | ```
12 | 
13 | Last run the tomcat container
14 | ```shell
15 | docker run -d -p 8080:8080 --env-file ./.docker-env --name app --link mysql:db my-camunda
16 | ```
17 | 
18 | 
19 | .docker-env-file content
20 | ```
21 | TOMCAT_USER=admin
22 | TOMCAT_PASS=admin
23 | DB_USERNAME=user
24 | DB_PASSWORD=password
25 | DB_DRIVER=com.mysql.jdbc.Driver
26 | DB_URL=jdbc:mysql://db:3306/camunda
27 | ``` 
28 | 
29 | Driver class name and URL can be easily looked up for your project. 
30 | 
31 | login
32 | ```shell
33 | docker exec -it my-camunda bash
34 | cd ${CATALINA_HOME}
35 | ```
36 | 
37 | Open in browser: 
38 | 
39 | * [Camunda Webapp](http://localhost:8080/camunda/)
40 | * [Tomcat Manager](http://localhost:8080/manager/html)
41 | 


--------------------------------------------------------------------------------
/other-examples/tomcat-camunda-standalone-war/bin/configure_and_run.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | if [ ! -f /.tomcat_admin_created ]; then
 4 |     /camunda/create_tomcat_admin_user.sh
 5 | fi
 6 | 
 7 | if [ ! -f /.datasource_configured ]; then
 8 |     /camunda/configure_datasource.sh
 9 | fi
10 | 
11 | 
12 | exec ${CATALINA_HOME}/bin/catalina.sh run
13 | 


--------------------------------------------------------------------------------
/other-examples/tomcat-camunda-standalone-war/bin/configure_datasource.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | if [ -f /.datasource_configured ]; then
 4 |     echo "Datasource already configured"
 5 |     exit 0
 6 | fi
 7 | 
 8 | #!/bin/bash
 9 | 
10 | DB_DRIVER=${DB_DRIVER:-org.h2.Driver}
11 | DB_URL=${DB_URL:-jdbc:h2:./camunda-db/process-engine;MVCC=TRUE;TRACE_LEVEL_FILE=0;DB_CLOSE_ON_EXIT=FALSE}
12 | DB_USERNAME=${DB_USERNAME:-sa}
13 | DB_PASSWORD=${DB_PASSWORD:-sa}
14 | 
15 | XML_JDBC="//Resource[@name='jdbc/ProcessEngine']"
16 | XML_DRIVER="${XML_JDBC}/@driverClassName"
17 | XML_URL="${XML_JDBC}/@url"
18 | XML_USERNAME="${XML_JDBC}/@username"
19 | XML_PASSWORD="${XML_JDBC}/@password"
20 | 
21 | if [ -z "$SKIP_DB_CONFIG" ]; then
22 |   echo "Configure Camunda database"
23 |   xmlstarlet ed -L \
24 |     -u "//*[local-name()='bean' and @id='dataSource']//*[local-name()='property' and @name='driverClassName']/@value" -v "${DB_DRIVER}" \
25 |     -u "//*[local-name()='bean' and @id='dataSource']//*[local-name()='property' and @name='url']/@value" -v "${DB_URL}" \
26 |     -u "//*[local-name()='bean' and @id='dataSource']//*[local-name()='property' and @name='username']/@value" -v "${DB_USERNAME}" \
27 |     -u "//*[local-name()='bean' and @id='dataSource']//*[local-name()='property' and @name='password']/@value" -v "${DB_PASSWORD}" \
28 |     ${CATALINA_HOME}/webapps/ROOT/WEB-INF/applicationContext.xml
29 | fi
30 | 
31 | #HOST=${MYSQL_HOST:-db}
32 | #PORT=${MYSQL_PORT:-3306}
33 | #DATABASE=${MYSQL_DATABASE:-osdb}
34 | #USER=${MYSQL_USER:-root}
35 | #PASSWORD=${MYSQL_PASSWORD:-password}
36 | 
37 | touch /.datasource_configured
38 | 


--------------------------------------------------------------------------------
/other-examples/tomcat-camunda-standalone-war/bin/create_tomcat_admin_user.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | if [ -f /.tomcat_admin_created ]; then
 4 |     echo "Tomcat 'admin' user already created"
 5 |     exit 0
 6 | fi
 7 | USER=${TOMCAT_USER:-admin}
 8 | #generate password
 9 | PASS=${TOMCAT_PASS:-$(pwgen -s 12 1)}
10 | _word=$( [ ${TOMCAT_PASS} ] && echo "preset" || echo "random" )
11 | 
12 | echo "=> Creating an admin user with a ${_word} password in Tomcat"
13 | sed -i -r 's/<\/tomcat-users>//' ${CATALINA_HOME}/conf/tomcat-users.xml
14 | echo '<role rolename="manager-gui"/>' >> ${CATALINA_HOME}/conf/tomcat-users.xml
15 | echo '<role rolename="manager-script"/>' >> ${CATALINA_HOME}/conf/tomcat-users.xml
16 | echo '<role rolename="manager-jmx"/>' >> ${CATALINA_HOME}/conf/tomcat-users.xml
17 | echo '<role rolename="admin-gui"/>' >> ${CATALINA_HOME}/conf/tomcat-users.xml
18 | echo '<role rolename="admin-script"/>' >> ${CATALINA_HOME}/conf/tomcat-users.xml
19 | echo "<user username=\"${USER}\" password=\"${PASS}\" roles=\"manager-gui,manager-script,manager-jmx,admin-gui, admin-script\"/>" >> ${CATALINA_HOME}/conf/tomcat-users.xml
20 | echo '</tomcat-users>' >> ${CATALINA_HOME}/conf/tomcat-users.xml
21 | echo "=> Done!"
22 | touch /.tomcat_admin_created
23 | 
24 | echo "========================================================================"
25 | echo "You can now configure to this Tomcat server using:"
26 | echo ""
27 | echo "    ${USER}:${PASS}"
28 | echo ""
29 | echo "========================================================================"
30 | 


--------------------------------------------------------------------------------
/other-examples/tomcat-camunda-standalone-war/bin/download_database_drivers.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | set -e
 4 | 
 5 | POM="$(wget -O- $1)"
 6 | MYSQL_VERSION=$(echo $POM | xmlstarlet sel -t -v //_:version.mysql)
 7 | POSTGRESQL_VERSION=$(echo $POM | xmlstarlet sel -t -v //_:version.postgresql)
 8 | LIB_DIR=${CATALINA_HOME}/webapps/ROOT/WEB-INF/lib
 9 | 
10 | wget -O ${LIB_DIR}/mysql-connector-java-${MYSQL_VERSION}.jar "${NEXUS}?r=public&g=mysql&a=mysql-connector-java&v=${MYSQL_VERSION}&p=jar"
11 | wget -O ${LIB_DIR}/postgresql-${POSTGRESQL_VERSION}.jar "${NEXUS}?r=public&g=org.postgresql&a=postgresql&v=${POSTGRESQL_VERSION}&p=jar"
12 | 


--------------------------------------------------------------------------------
/other-examples/wildfly+postgres/README.md:
--------------------------------------------------------------------------------
 1 | # Example Docker Image: Camunda BPM on Wildfly and PostreSQL
 2 | 
 3 | ## Folder Structure
 4 | Folder/File | Description
 5 | ---|---
 6 | ./camunda-bpm-wildfly-ee | Docker image for Camunda BPM EE Wildfly distro primarily for accessing Tasklist and Cockpit
 7 | ./postgres-camunda-bpm-ee | Docker image for PostreSQL incl. Camunda tables
 8 | docker-compose.yml | Docker composition that wires all services together
 9 | 
10 | ## Running
11 | 
12 | - Build and run all Docker images using `docker-compose up -d --build`
13 | - View the logs using `docker-compose logs -f`
14 | - Show down all containers and delete all volumes using `docker-compose down -v`
15 | 
16 | ## URLs
17 | - [Camunda Cockpit](http://localhost:8080/camunda/app/cockpit/default/) (username: demo, password: demo)
18 | - [Docker Compose UI](http://localhost:5000/)
19 | - jdbc:postgresql://localhost:5432/camunda (username: camunda, password: camunda)
20 | 


--------------------------------------------------------------------------------
/other-examples/wildfly+postgres/camunda-bpm-wildfly-ee/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM camunda/camunda-bpm-platform:wildfly-7.8.0
 2 | # inherit shell scripts from Community Edition image
 3 | 
 4 | # no suffix '-ee' in CAMUNDA_VERSION!
 5 | ENV CAMUNDA_VERSION 7.8.6
 6 | 
 7 | ARG MANAGEMENT_USERNAME
 8 | ARG MANAGEMENT_PASSWORD
 9 | 
10 | # remove Community Edition
11 | RUN rm -rf /camunda
12 | 
13 | # Put your EE credentials into the following file
14 | COPY camunda-enterprise-login.env .
15 | 
16 | # add Camunda EE distro
17 | RUN export $(cat camunda-enterprise-login.env | xargs) && \
18 |     wget -O - "https://camunda.org/enterprise-release/camunda-bpm/${DISTRO}/$(echo $CAMUNDA_VERSION | cut -c 1-3)/${CAMUNDA_VERSION}/camunda-bpm-ee-${DISTRO}-${CAMUNDA_VERSION}-ee.tar.gz" --user=${EE_USERNAME} --password=${EE_PASSWORD} | \
19 |     tar xzf - --directory /camunda/ server/${SERVER} --strip 2
20 | 
21 | # remove H2 Console, when H2 is not used
22 | 
23 | RUN if [ "$DB_DRIVER" != "h2" ]; then rm /camunda/standalone/deployments/camunda-h2-webapp-${CAMUNDA_VERSION}-ee.war; fi
24 | 
25 | # remove example process application
26 | #RUN rm /camunda/standalone/deployments/camunda-example-invoice-${CAMUNDA_VERSION}-ee.war
27 | 
28 | # re-add database drivers
29 | RUN export $(cat camunda-enterprise-login.env | xargs) && \
30 |     export GITHUB="https://raw.githubusercontent.com/camunda/camunda-bpm-platform/7.6.0" && \
31 |     /usr/local/bin/download-database-drivers.sh "${NEXUS}?r=camunda-bpm-ee&g=org.camunda.bpm&a=camunda-database-settings&v=${CAMUNDA_VERSION}-ee&p=pom --user=${EE_USERNAME} --password=${EE_PASSWORD}"
32 | 
33 | # clean up
34 | RUN rm camunda-enterprise-login.env
35 | 
36 | # disable automatic DB schema creation/updates
37 | RUN sed -i 's#<property name="isAutoSchemaUpdate">true</property>#<property name="isAutoSchemaUpdate">false</property>#' /camunda/standalone/configuration/standalone.xml
38 | 
39 | # Add management user to access Management Web Console and to allow deployment with wilfly-maven-plugin
40 | 
41 | RUN if [ "$MANAGEMENT_USERNAME" != "" ]; then ./bin/add-user.sh $MANAGEMENT_USERNAME $MANAGEMENT_PASSWORD; fi
42 | 
43 | # add script to wait for database startup
44 | COPY wait-for-connection.sh /usr/local/bin/
45 | 
46 | CMD /usr/local/bin/wait-for-connection.sh && /usr/local/bin/configure-and-run.sh
47 | 


--------------------------------------------------------------------------------
/other-examples/wildfly+postgres/camunda-bpm-wildfly-ee/camunda-enterprise-login.env:
--------------------------------------------------------------------------------
1 | EE_USERNAME=your_user_name
2 | EE_PASSWORD=your-password
3 | 
4 | 


--------------------------------------------------------------------------------
/other-examples/wildfly+postgres/camunda-bpm-wildfly-ee/wait-for-connection.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -e
 4 | 
 5 | WAIT_FOR=${WAIT_FOR}
 6 | WAIT_RETRIES=${WAIT_RETRIES:-30}
 7 | WAIT_DELAY=${WAIT_DELAY:-2}
 8 | 
 9 | if [ -n "$WAIT_FOR" ]; then
10 |     WAIT_DEV=${WAIT_FOR//://}
11 |     for retry in $(seq ${WAIT_RETRIES}); do
12 |         echo "(${retry}/${WAIT_RETRIES}) Try to connect to ${WAIT_FOR}"
13 |         echo > /dev/tcp/${WAIT_DEV} 2> /dev/null && break
14 |         sleep $WAIT_DELAY
15 |     done
16 |     echo > /dev/tcp/${WAIT_DEV}
17 |     echo "Connected to ${WAIT_FOR}"
18 | fi
19 | 


--------------------------------------------------------------------------------
/other-examples/wildfly+postgres/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | version: '2'
 2 | 
 3 | services:
 4 |   bpmwildfly:
 5 |     build:
 6 |       context: ./camunda-bpm-wildfly-ee
 7 |       args:
 8 |         - MANAGEMENT_USERNAME=demo
 9 |         - MANAGEMENT_PASSWORD=demo
10 | 
11 |     ports:
12 |       - "8080:8080"
13 |       - "9990:9990"
14 |     depends_on:
15 |       - bpmdb
16 |     networks:
17 |       - bpm
18 |     environment:
19 |       - DB_DRIVER=postgresql
20 |       - WAIT_FOR=bpmdb:5432
21 |       - DB_URL=jdbc:postgresql://bpmdb:5432/camunda
22 |       - DB_USERNAME=camunda
23 |       - DB_PASSWORD=camunda
24 | 
25 |   bpmdb:
26 |     build: ./postgres-camunda-bpm-ee
27 |     ports:
28 |       - "5432:5432"
29 |     environment:
30 |       - POSTGRES_DB=camunda
31 |       - POSTGRES_USER=camunda
32 |       - POSTGRES_PASSWORD=camunda
33 |     networks:
34 |       - bpm
35 | 
36 |   docker_compose_ui:
37 |     image: francescou/docker-compose-ui:1.3.0
38 |     container_name: docker_compose_ui
39 |     hostname: docker_compose_ui
40 |     ports:
41 |         - 5000:5000
42 |     working_dir: /opt/docker-compose-projects/
43 |     volumes:
44 |         - /var/run/docker.sock:/var/run/docker.sock
45 |         - .:/opt/docker-compose-projects/camunda-bpm-platform-ee
46 |     networks:
47 |       - tools
48 | 
49 | networks:
50 |   bpm:
51 |   tools:
52 | 


--------------------------------------------------------------------------------
/other-examples/wildfly+postgres/postgres-camunda-bpm-ee/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM postgres:9.6-alpine
 2 | # Camunda BPM 7.7.x is supported on PostgreSQL 9.6.
 3 | # See also: https://docs.camunda.org/manual/latest/introduction/supported-environments/
 4 | 
 5 | # install a wget version that supports SSL and login
 6 | RUN apk --no-cache add \
 7 |     ca-certificates \
 8 |     wget \
 9 |     && update-ca-certificates
10 | 
11 | # no suffix '-ee' in CAMUNDA_VERSION!
12 | ENV CAMUNDA_VERSION 7.7.4
13 | 
14 | # Put your EE credentials into the following file
15 | COPY camunda-enterprise-login.env .
16 | 
17 | # download SQL scripts for Camunda BPM
18 | # (All releases contain the same SQL scripts. Oracle WLS is just used to keep the download small.)
19 | RUN export $(cat camunda-enterprise-login.env | xargs) &&
20 |     wget -O - "https://camunda.org/enterprise-release/camunda-bpm/oracle-wls/$(echo $CAMUNDA_VERSION | cut -c 1-3)/${CAMUNDA_VERSION}/camunda-ee-oracle-wls-${CAMUNDA_VERSION}-ee.tar.gz" \
21 |     --user=${EE_USERNAME} --password=${EE_PASSWORD} | \
22 |     tar xzf - --directory /docker-entrypoint-initdb.d/ "sql/create/postgres_engine_${CAMUNDA_VERSION}-ee.sql" "sql/create/postgres_identity_${CAMUNDA_VERSION}-ee.sql" --strip 2
23 | 
24 | # clean up
25 | RUN rm camunda-enterprise-login.env
26 | 
27 | # Put your EE license into the following file
28 | COPY camunda-enterprise-license.sql /docker-entrypoint-initdb.d/postgres_license.sql
29 | 


--------------------------------------------------------------------------------
/other-examples/wildfly+postgres/postgres-camunda-bpm-ee/README.md:
--------------------------------------------------------------------------------
 1 | Camunda BPM EE Docker PostgreSQL
 2 | ================================
 3 | 
 4 | PostgreSQL Docker image for Camunda BPM Enterprise Edition based on the [official PostgreSQL image][postgres].
 5 | 
 6 | # Configuration
 7 | 
 8 |   1. Put your EE credentials into [camunda-enterprise-login.env](camunda-enterprise-login.env).
 9 |   2. Put your EE license into [camunda-enterprise-license.sql](camunda-enterprise-license.sql).
10 | 
11 | # Additional Packages
12 | 
13 |   - wget
14 |   - ca-certificates
15 | 
16 | # PostgresSQL User
17 | 
18 |   - `postgres` without password
19 |   - `camunda` with password `camunda`
20 | 
21 | # Database
22 | 
23 |   - `camunda`
24 | 
25 | # Usage (local)
26 | 
27 | ```
28 | # Start docker container
29 | docker run -d -p 5432:5432 camunda-ee-postgresql
30 | ```
31 | 
32 | [postgres]: https://hub.docker.com/_/postgres/
33 | 


--------------------------------------------------------------------------------
/other-examples/wildfly+postgres/postgres-camunda-bpm-ee/camunda-enterprise-license.sql:
--------------------------------------------------------------------------------
1 | insert into ACT_GE_PROPERTY
2 | (NAME_, VALUE_, REV_)
3 | values
4 | ('camunda-license-key',
5 | 'your;license;key',
6 | 1)


--------------------------------------------------------------------------------
/other-examples/wildfly+postgres/postgres-camunda-bpm-ee/camunda-enterprise-login.env:
--------------------------------------------------------------------------------
1 | EE_USERNAME=your_user_name
2 | EE_PASSWORD=your-password
3 | 
4 | 


--------------------------------------------------------------------------------
/postgres-camunda-ee/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM registry.camunda.cloud/camunda-bpm-platform-ee:tomcat-7.10.5 as source
 2 | # see: https://docs.camunda.org/manual/latest/installation/docker/
 3 | 
 4 | USER root
 5 | 
 6 | RUN apk --no-cache add unzip
 7 | 
 8 | RUN unzip /camunda/lib/camunda-engine-7.*-ee.jar -d /camunda-engine-jar
 9 | 
10 | FROM postgres:10.4-alpine
11 | # Camunda BPM 7.10.x is supported on PostgreSQL 10.4
12 | # See also: https://docs.camunda.org/manual/latest/introduction/supported-environments/
13 | 
14 | COPY --from=source /camunda-engine-jar/org/camunda/bpm/engine/db/create/*.postgres.create.engine.sql           /docker-entrypoint-initdb.d/01.engine.sql
15 | COPY --from=source /camunda-engine-jar/org/camunda/bpm/engine/db/create/*.postgres.create.history.sql          /docker-entrypoint-initdb.d/02.history.sql
16 | COPY --from=source /camunda-engine-jar/org/camunda/bpm/engine/db/create/*.postgres.create.identity.sql         /docker-entrypoint-initdb.d/03.identity.sql
17 | COPY --from=source /camunda-engine-jar/org/camunda/bpm/engine/db/create/*.postgres.create.case.engine.sql      /docker-entrypoint-initdb.d/04.case.engine.sql
18 | COPY --from=source /camunda-engine-jar/org/camunda/bpm/engine/db/create/*.postgres.create.case.history.sql     /docker-entrypoint-initdb.d/05.case.history.sql
19 | COPY --from=source /camunda-engine-jar/org/camunda/bpm/engine/db/create/*.postgres.create.decision.engine.sql  /docker-entrypoint-initdb.d/06.decision.engine.sql
20 | COPY --from=source /camunda-engine-jar/org/camunda/bpm/engine/db/create/*.postgres.create.decision.history.sql /docker-entrypoint-initdb.d/07.decision.history.sql
21 | 
22 | # Put your EE license into the following file
23 | COPY camunda-enterprise-license.sql /docker-entrypoint-initdb.d/08.license.sql
24 | 


--------------------------------------------------------------------------------
/postgres-camunda-ee/README.md:
--------------------------------------------------------------------------------
 1 | # Camunda BPM EE Docker PostgreSQL
 2 | 
 3 | PostgreSQL Docker image for Camunda BPM Enterprise Edition based on the [official PostgreSQL image][postgres].
 4 | 
 5 | ## Configuration
 6 | 
 7 | Put your EE license into [camunda-enterprise-license.sql](camunda-enterprise-license.sql).
 8 | 
 9 | ## PostgresSQL User
10 | 
11 | - `postgres` without password
12 | - `camunda` with password `camunda`
13 | 
14 | ## Database
15 | 
16 | - `camunda`
17 | 
18 | ## Usage (local)
19 | 
20 | ```bash
21 | # Start docker container
22 | docker run -d -p 5432:5432 camunda-ee-postgresql
23 | ```
24 | 
25 | [postgres]: https://hub.docker.com/_/postgres/


--------------------------------------------------------------------------------
/postgres-camunda-ee/camunda-enterprise-license.sql:
--------------------------------------------------------------------------------
1 | insert into ACT_GE_PROPERTY
2 | (NAME_, VALUE_, REV_)
3 | values
4 | ('camunda-license-key',
5 | 'your;license;key',
6 | 1)


--------------------------------------------------------------------------------