Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- Re: Alfresco integration with Fortigate reverse pr...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Alfresco integration with Fortigate reverse proxy
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-04-2016 04:15 AM
Hi Experts,
I am new about Alfresco, and I want to using reverse proxy in my system. The reason why I want to do this because there is a need to use HTTPS protocol and release my system to the internet. My question is, which file should I modify to enable this feature? So far, I have read many documentation and forum about this and they say to change file alfresco-global.properties. I will attach my changes below:
1. alfresco-global.properties
ir.root=C:/Alfresco/alf_data
alfresco.context=alfresco
#alfresco.host=127.0.0.1
alfresco.host=103.229.12.52
alfresco.port=8443
alfresco.protocol=https
share.context=share
share.host=103.229.12.52
share.port=8443
share.protocol=https
opencmis.context.override=true
opencmis.context.value=
opencmis.servletpath.override=true
opencmis.servletpath.value=
opencmis.server.override=true
opencmis.server.value=https://103.229.12.52
aos.baseUrlOverwrite=https://103.229.12.52/alfresco/aos
note: 103.229.12.52 is Public IP for my alfresco system.
After restart my tomcat, I still cannot open the page from internet. If there any mis-configuration that I did? According to my Infrastructure team, I don't need to import SSL certificate to Alfresco since they have imported the certificate in their reverse proxy server. Kindly need your advise
Regards,
Jefry
Labels:
- Labels:
-
Archive
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-04-2016 07:56 AM
Have you tried including your external SSL ports? Change "alfresco.port" and "share.port" to 443.
Hyland Developer Evangelist
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-04-2016 10:46 PM
Hi Angel,
I have tried to do that, and I still cannot open the page. If there any file that I should modified to use reverse proxy? I tried to change share-config-custom.xml by adding below lines:
<config evaluator="string-compare" condition="CSRFPolicy" replace="true">
<!--
Will be used and exposed to the client side code in Alfresco.contants.CSRF_POLICY.
Use the Alfresco.util.CSRFPolicy.getHeader() or Alfresco.util.CSRFPolicy.getParameter() with Alfresco.util.CSRFPolicy.getToken()
to set the token in custom 3rd party code.
-->
<client>
<cookie>Alfresco-CSRFToken</cookie>
<header>Alfresco-CSRFToken</header>
<parameter>Alfresco-CSRFToken</parameter>
</client>
<!-- The first rule with a matching request will get its action invoked, the remaining rules will be ignored. -->
<filter>
<!--
Certain Surf POST requests form the WebScript console must be allowed to pass without a token since
the Surf WebScript console code can't be dependent on a Share specific filter.
-->
<rule>
<request>
<method>POST</method>
<path>^\/page\/caches\/dependency\/clear|^\/page\/index|^\/page\/surfBugStatus|^\/page\/modules\/deploy|^\/page\/modules\/module|^\/page\/api\/javascript\/debugger</path>
</request>
<action name="assertReferer">
<param name="always">false</param>
<param name="referer">https://103.229.12.52/.*</param>
</action>
<action name="assertOrigin">
<param name="always">false</param>
<param name="origin">https://103.229.12.52</param>
</action>
</rule>
<!-- Certain Share POST requests does NOT require a token -->
<rule>
<request>
<method>POST</method>
<path>^/page/dologin.*|^\/page/site\/[^\/]+\/start-workflow|^\/page/start-workflow</path>
</request>
<action name="assertReferer">
<param name="always">false</param>
<param name="referer">https://103.229.12.52/.*</param>
</action>
<action name="assertOrigin">
<param name="always">false</param>
<param name="origin">https://103.229.12.52</param>
</action>
</rule>
<!-- Clear the token when logging out -->
<rule>
<request>
<method>GET</method>
<path>^/page/dologout.*</path>
</request>
<action name="clearToken">
<param name="session">Alfresco-CSRFToken</param>
<param name="cookie">Alfresco-CSRFToken</param>
</action>
</rule>
<!-- Make sure the first token is generated -->
<rule>
<request>
<session>
<attribute name="_alf_USER_ID">.*</attribute>
<attribute name="Alfresco-CSRFToken"/>
<!-- empty attribute element indicates null -->
</session>
</request>
<action name="generateToken">
<param name="session">Alfresco-CSRFToken</param>
<param name="cookie">Alfresco-CSRFToken</param>
</action>
</rule>
<!-- Refresh token on new "page" visit when a user is logged in -->
<rule>
<request>
<method>GET</method>
<path>^/page/.*</path>
<session>
<attribute name="_alf_USER_ID">.*</attribute>
<attribute name="Alfresco-CSRFToken">.*</attribute>
</session>
</request>
<action name="generateToken">
<param name="session">Alfresco-CSRFToken</param>
<param name="cookie">Alfresco-CSRFToken</param>
</action>
</rule>
<!-- Verify multipart requests contains the token as a parameter and also correct referer & origin header if available -->
<rule>
<request>
<method>POST</method>
<header name="Content-Type">^multipart/.*</header>
<session>
<attribute name="_alf_USER_ID">.*</attribute>
</session>
</request>
<action name="assertToken">
<param name="session">Alfresco-CSRFToken</param>
<param name="parameter">Alfresco-CSRFToken</param>
</action>
<action name="assertReferer">
<param name="always">false</param>
<param name="referer">https://103.229.12.52/.*</param>
</action>
<action name="assertOrigin">
<param name="always">false</param>
<param name="origin">https://103.229.12.52</param>
</action>
</rule>
<!--
Verify there is a token in the header for remaining state changing requests and also correct
referer & origin headers if available. We "catch" all content types since just setting it to
"application/json.*" since a webscript that doesn't require a json request body otherwise would be
successfully executed using i.e. "text/plain".
-->
<rule>
<request>
<method>POST|PUT|DELETE</method>
<session>
<attribute name="_alf_USER_ID">.*</attribute>
</session>
</request>
<action name="assertToken">
<param name="session">Alfresco-CSRFToken</param>
<param name="header">Alfresco-CSRFToken</param>
</action>
<action name="assertReferer">
<param name="always">false</param>
<param name="referer">https://103.229.12.52/.*</param>
</action>
<action name="assertOrigin">
<param name="always">false</param>
<param name="origin">https://103.229.12.52</param>
</action>
</rule>
</filter>
</config>
Thanks and regards,
Jefry
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-05-2016 03:49 AM
Maybe this can help you BeeCon 2016 >> Talks
No modification is required in "share-config-custom.xml".
Hyland Developer Evangelist
Related Content
- Access denied, on files , that where share to users that not belong to site in Alfresco Forum
- Elasticsearch Frequently Asked Question in Alfresco Blog
- Alfresco Dockerfiles Bakery: Streamlining Container Builds for Alfresco Products in Alfresco Blog
- Something's wrong with this page...When login share in Alfresco Forum
- azure ad integration with alfresco community version in Alfresco Forum
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
