Hyland Connect

toadbrother · ‎11-22-2012

This has been a minor nightmare for me. I'mr using proxypass on a separate Apache webserver to wrap Alfresco (v 4.0.d) in SSL. I have been getting errors about non-SSL content and finally tracked it down to an embedded URL to http://www.alfresco.com/assets/images/logos/community-4.0-share.png .

I have literally hunted the entire install for the class file, or heck any file for that matter, that contains this URL. I have even tried to use ProxyHTMLURLMap to redirect, but because its not in the main page, I can't get it to work. I'm almost at the point of pointing http://www.alfresco.com to an internal address via the Apache server's host file just to get rid of this.

I understand the Alfresco developers want to track use of the community edition, but this seems not only highly intrusive, but the fact that there seems absolutely no way to turn it off is even worse. Is there any way to remove or redirect this link?

mikeh · ‎11-22-2012

The code will create an https link if the associated request is also https. In other words you need to make sure the link between your Apache webserver and Tomcat is using https, so the link generation code "knows" that the browser wants an https version of the image.

The code is actually in the Surf libraries, so you can modify those if you don't wish your installation to have the tracking logo.

Thanks,
Mike

toadbrother · ‎11-22-2012

The code will create an https link if the associated request is also https. In other words you need to make sure the link between your Apache webserver and Tomcat is using https, so the link generation code "knows" that the browser wants an https version of the image.

The code is actually in the Surf libraries, so you can modify those if you don't wish your installation to have the tracking logo.

Thanks,
Mike

I have done that, and it's still feeding http://www.alfresco.com/assets/images/logos/community-4.0-share.png. From inside the intranet that the Alfresco install is on, if I go https://alfrescoserver.local:8443/share/ I'm still seeing the above non-SSL link to the tracker image being fed, so clearly it is not picking up on the fact that it is an https connection.

I don't have the Java expertise to pull open the source, and frankly (rantmode) I think it's just bad practice to put hardcoded links into compiled code (/rantmode).

So I'm faced with a really ugly hack like trying to get Apache to rewrite the above link using a filter, or trying to get my SSL keys imported into Tomcat. The latter, in fact, would be most preferable of all, because then I wouldn't need an Apache proxy in the first place. Does anybody have a decent set of instructions for importing a SSL key into Tomcat's keystore?

mikeh · ‎11-23-2012

It looks like you've done everything correct, so I think you might be seeing the issue I've just raised: https://issues.alfresco.com/jira/browse/ALF-16900

Summary: the webscript response is cached irregardless of the method used to access it, so you'll always get the first response back even with a different schema. Try accessing https://alfrescoserver.local:8443/share/service/messages.js?locale=en_US after a Tomcat restart and see if that solves your problem.

Thanks,
Mike

P.S. I do understand your frustration with not being able to simply deactivate the tracking image. I suggest you raise a new issue in JIRA which is the best way to get the attention of the Product Managers within Alfresco.

toadbrother · ‎11-26-2012

It looks like you've done everything correct, so I think you might be seeing the issue I've just raised: https://issues.alfresco.com/jira/browse/ALF-16900

Summary: the webscript response is cached irregardless of the method used to access it, so you'll always get the first response back even with a different schema. Try accessing https://alfrescoserver.local:8443/share/service/messages.js?locale=en_US after a Tomcat restart and see if that solves your problem.

That was exactly it! Restarting Tomcat was the trick. Now my Alfresco site is showing no unencrypted items. Thank you very very very much!

For the benefit of anyone in the future looking to use Apache as an SSL gateway to an Alfresco install, here's my config:

<VirtualHost *:8443>

        DocumentRoot "/srv/alfresco/www"
        ServerName portalberni.avemployment.ca

        <Directory "/srv/alfresco/www">
                allow from all
                Options +Indexes
        </Directory>

        SSLEngine On
        SSLProxyEngine On
        SSLCertificateFile /srv/alfresco/ssl/portalberni-cert.pem
        SSLCertificateKeyFile /srv/alfresco/ssl/portalberni.key
        SSLCertificateChainFile /srv/alfresco/ssl/gd_bundle.crt

        <Proxy *>
                AddDefaultCharset Off
                Order deny,allow
                Allow from all
        </Proxy>

        Redirect / /share
        ProxyPass /share https://paalfieserver:8443/share
        ProxyPassReverse /share/ https://paalfieserver:8443/share
        ProxyPass /alfresco https://paalfieserver:8443/alfresco
        ProxyPassReverse /alfresco https://paalfieserver:8443/alfresco

</VirtualHost>

alfrescostarter · ‎03-18-2013

do you have an idea to remove the file:
http://www.alfresco.com/assets/images/logos/community-4.0-share.png
???
using https in your apache backend you still beeing tracked by alfresco, right?

thank you

alfrescostarter

r_aurelian · ‎03-11-2019

Hi,

I have installed Alfresco Community Edition 201901 GA (via Docker) and have the same issue - I have insecure content on my page (which is delivered through HAproxy reverse proxy). The culprit is "http://www.alfresco.com/assets/images/logos/community-5.2-share.png" which is being loaded, but I do not know by what.

How can I disable this? I would not mind the tracking, but the problem is that it`s preventing me from having the page shown as secure.

Hyland Connect

Community Edition Tracking Logo