https://connect.hyland.com/t5/alfresco-archive/ssl-acceleration-no-unencrypted-access-broken-cmis/m-p/248984#M202114 <HTML><HEAD></HEAD><BODY><SPAN>A brief description of our setup:</SPAN><BR /><BR /><SPAN>Clustered RHEL environment, consisting of 2 Alfresco boxes.</SPAN><BR /><SPAN>NO unencrypted (8080) traffic is allowed. Only open port into the Alfresco cluster is 443.</SPAN><BR /><BR /><SPAN>1) Application layer sends CMIS traffic to SSL accelerator on 443</SPAN><BR /><SPAN>2) Traffic is decrypted by the accelerator and forwarded to the Load Balancer on 8080.</SPAN><BR /><SPAN>3) Load Balancer distributes the traffic to one of the Alfresco boxes on 8080.</SPAN><BR /><SPAN>4) Since Alfresco is getting the messages unencrypted, it stores </SPAN><A href="http://ourdomain/alfresco/service/cmis/s/workspace:SpacesStore/i/41ba7c1c-93a4-4bd1-9855-f07ab18b7c11" rel="nofollow noopener noreferrer">http://ourdomain/alfresco/service/cmis/s/workspace<img id="smileyfrustrated" class="emoticon emoticon-smileyfrustrated" src="https://connect.hyland.com/i/smilies/16x16_smiley-frustrated.png" alt="Smiley Frustrated" title="Smiley Frustrated" />pacesStore/i/41ba7c1c-93a4-4bd1-9855-f07ab18b7c11</A><SPAN> for the doc.</SPAN><BR /><SPAN>5) Some operations (get &amp; post) seem to work if we change "http" to https" in our code, but deletes fail.</SPAN><BR /><BR /><SPAN>So the question is, can Alfresco be configured to store "https" instead of "http" as the URI for a doc, even though it is received unencrypted? This way we would not need to try to change it ourselves and perhaps the rest of the CMIS functionality would work.</SPAN><BR /><BR /><SPAN>I'm guessing we are not the first team trying to use SSL in a clustered environment with SSL accelerators, so someone should have figured this one out.</SPAN><BR /><BR /><SPAN>Related symptom:</SPAN><BR /><SPAN>We can not use "</SPAN><A href="https://ourdomain/alfresco" rel="nofollow noopener noreferrer">https://ourdomain/alfresco</A><SPAN>" to get onto the system. This results in a "The connection has timed out" message. Using "</SPAN><A href="https://ourdomain/alfresco/faces/jsp/login.jsp" rel="nofollow noopener noreferrer">https://ourdomain/alfresco/faces/jsp/login.jsp</A><SPAN>" does allow us to log in.</SPAN><BR /><BR /><SPAN>Not that searching the forums on "SSL acceleration" yielded no results.</SPAN><BR /><BR /><SPAN>Thanks for having a look,</SPAN><BR /><SPAN>Paul P</SPAN></BODY></HTML> Thu, 23 Jun 2011 22:44:14 GMT paul_price 2011-06-23T22:44:14Z https://connect.hyland.com/t5/alfresco-archive/ssl-acceleration-no-unencrypted-access-broken-cmis/m-p/248984#M202114 A brief description of our setup:Clustered RHEL environment, consisting of 2 Alfresco boxes.NO unencrypted (8080) traffic is allowed. Only open port into the Alfresco cluster is 443.1) Application layer sends CMIS traffic to SSL accelerator on 4432) Traffic is decrypted by the accelerator and forwar Thu, 23 Jun 2011 22:44:14 GMT https://connect.hyland.com/t5/alfresco-archive/ssl-acceleration-no-unencrypted-access-broken-cmis/m-p/248984#M202114 paul_price 2011-06-23T22:44:14Z https://connect.hyland.com/t5/alfresco-archive/ssl-acceleration-no-unencrypted-access-broken-cmis/m-p/248985#M202115 <HTML><HEAD></HEAD><BODY><SPAN>Hi Paul,</SPAN><BR /><BR /><SPAN>That sounds like a proxy scenario. Have a look at the connector configuration in the Tomcat server.xml. Add the attributes proxyName, proxyPort, scheme and maybe secure with appropriate values (see [1]).</SPAN><BR /><BR /><SPAN>Florian</SPAN><BR /><BR /><SPAN>[1] </SPAN><A href="http://tomcat.apache.org/tomcat-6.0-doc/config/http.html#Proxy%20Support" rel="nofollow noopener noreferrer">http://tomcat.apache.org/tomcat-6.0-doc/config/http.html#Proxy%20Support</A></BODY></HTML> Thu, 23 Jun 2011 23:17:24 GMT https://connect.hyland.com/t5/alfresco-archive/ssl-acceleration-no-unencrypted-access-broken-cmis/m-p/248985#M202115 fmui 2011-06-23T23:17:24Z