SSL termination with Share front end

t16 — Sat, 24 Jan 2015 22:01:29 GMT

Hi,Again sorry for all the threads, this should be the last for a while.I have a problem with SSL termination on an HAproxy load balancer..I used the DevOps blog for Alfresco with HAproxy as a guide, and it partially works but with an odd behaviour.Having a port 80 AND a port 443 front end, enables

Re: SSL termination with Share front end

t16 — Sat, 24 Jan 2015 23:48:11 GMT

OK I found the answer for this if there is anyone out there wishing to to NTLM Passthru authentication, AND have SSL offload on a loadbalanced Share front end!!

Since share bounces the request a few times between the browser and itself, you need to add "redirect scheme https if !{ ssl_fc }" to your HAproxy config to catch these "redirects" back to the client during NTLM auth.

No idea why it doesnt happen when going straight to the user dashboard, perhaps there is no auth required when there is a live session cookie, but visiting the /share home page will instigate an authentication regardless for best security..?

Either way, thats the solution, a happy person here!

Loving the flexibility of Alfresco, and how you can easily mess around and create your own architecture by splitting the bits off onto different servers etc.

The fact its so portable and you can move share around, and offload SOLR etc etc is rather amazing.

Now I have SSL working on a load balanced front end share cluster, the only thing left is to bring up 2 x SOLR boxes to serve the Main repository cluster.

GIven the fact I have SSL on the front end, and also a shared content store via NFS, any tips on what I need to do in order to get 2 x SOLR boxes speaking to the alfresco cluster via SSL?

If the Keystore is on the shared content store, how does that affect both Repository servers in the cluster?

Still learning here.

Thanks!

topic SSL termination with Share front end in Alfresco Archive

SSL termination with Share front end

Re: SSL termination with Share front end