Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- Re: Setting up Alfresco 5 with SSL and Apache
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Setting up Alfresco 5 with SSL and Apache
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-12-2014 03:17 PM
I have searched all over the net reading guides on how to install alfresco 5 properly with SSL or utilizing apache as a proxy and also to change it to port 80. I have even searched this forum and I still have not gotten close.
How can I change from port 8080 to 80 and SSL correctly? The SSL certificates are installed and works on Apache well.
https://forums.alfresco.com/forum/installation-upgrades-configuration-integration/configuration/apac...
How can I change from port 8080 to 80 and SSL correctly? The SSL certificates are installed and works on Apache well.
https://forums.alfresco.com/forum/installation-upgrades-configuration-integration/configuration/apac...
Labels:
- Labels:
-
Archive
19 REPLIES 19
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-15-2014 04:58 PM
I am now getting Service Temporarily Unavailable. Thank you all for your feedback and comments. I am still tackling it. Is there anyone out there who has experience with this working on centos?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-15-2014 05:10 PM
This is my error log
tail -f /var/log/httpd/error_log
tail -f /var/log/httpd/error_log
[Tue Jul 15 22:16:56 2014] [warn] No JkLogFile defined in httpd.conf. Using default /etc/httpd/logs/mod_jk.log
[Tue Jul 15 22:16:56 2014] [warn] No JkShmFile defined in httpd.conf. Using default /etc/httpd/logs/jk-runtime-status
[Tue Jul 15 22:16:56 2014] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Jul 15 22:16:56 2014] [warn] No JkLogFile defined in httpd.conf. Using default /etc/httpd/logs/mod_jk.log
[Tue Jul 15 22:16:56 2014] [warn] No JkShmFile defined in httpd.conf. Using default /etc/httpd/logs/jk-runtime-status
[Tue Jul 15 22:16:56 2014] [notice] Digest: generating secret for digest authentication …
[Tue Jul 15 22:16:56 2014] [notice] Digest: done
[Tue Jul 15 22:16:56 2014] [notice] Apache/2.2.15 (Unix) mod_jk/1.2.40 DAV/2 mod_ssl/2.2.15 OpenSSL/1.0.1e-fips configured – resuming normal operations
[Tue Jul 15 23:11:35 2014] [error] [client 54.227.195.79] Directory index forbidden by Options directive: /var/www/html/
[Tue Jul 15 23:57:32 2014] [error] [client 173.21.115.68] Directory index forbidden by Options directive: /var/www/html/
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-16-2014 12:00 PM
I have it running on centos 6.5….I'm not really sure how you did your setup, but I provided a link with the same steps I have it running.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-16-2014 09:51 PM
Did you have it running with port 80? That also what I am trying to do too.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-17-2014 03:54 PM
No we're using strictly SSL traffic. I'm not sure why you would want to include port 80 (nonSSL).
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-17-2014 05:59 PM
Same. I am forcing it to go to SSL if you take a good look at my settings. I want to able to access it via subdomain.domain.com/share no with :8080
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-18-2014 11:52 AM
Take a look at my share-config-custom.xml and see if you have the same settings.
Note: I changed my actual domain name in the parameters to FQDN for example purposes.
Note: I changed my actual domain name in the parameters to FQDN for example purposes.
<alfresco-config>
<!– Example config to turn off the CSRF filter
<config evaluator="string-compare" condition="CSRFPolicy" replace="true">
<filter/>
</config>–>
<!– Configuration for Apache reverse proxy on localhost:8089 –>
<config evaluator="string-compare" condition="CSRFPolicy" replace="true">
<!–
Will be used and exposed to the client side code in Alfresco.contants.CSRF_POLICY.
Use the Alfresco.util.CSRFPolicy.getHeader() or Alfresco.util.CSRFPolicy.getParameter() with Alfresco.util.CSRFPolicy.getToken()
to set the token in custom 3rd party code.
–>
<client>
<cookie>Alfresco-CSRFToken</cookie>
<header>Alfresco-CSRFToken</header>
<parameter>Alfresco-CSRFToken</parameter>
</client>
<!– The first rule with a matching request will get its action invoked, the remaining rules will be ignored. –>
<filter>
<!–
Certain Surf POST requests form the WebScript console must be allowed to pass without a token since
the Surf WebScript console code can't be dependent on a Share specific filter.
–>
<rule>
<request>
<method>POST</method>
<path>^\/page\/caches\/dependency\/clear|^\/page\/index|^\/page\/surfBugStatus|^\/page\/modules\/deploy|^\/page\/modules\/module|^\/page\/api\/javascript\/debugger</path>
</request>
<action name="assertReferer">
<param name="always">false</param>
<param name="referer">https://FQDN/.*</param>
</action>
<action name="assertOrigin">
<param name="always">false</param>
<param name="origin">https://FQDN</param>
</action>
</rule>
<!– Certain Share POST requests does NOT require a token –>
<rule>
<request>
<method>POST</method>
<path>^/page/dologin.*|^\/page/site\/[^\/]+\/start-workflow|^\/page/start-workflow</path>
</request>
<action name="assertReferer">
<param name="always">false</param>
<param name="referer">https://FQDN/.*</param>
</action>
<action name="assertOrigin">
<param name="always">false</param>
<param name="origin">https://FQDN</param>
</action>
</rule>
<!– Clear the token when logging out –>
<rule>
<request>
<method>GET</method>
<path>^/page/dologout.*</path>
</request>
<action name="clearToken">
<param name="session">Alfresco-CSRFToken</param>
<param name="cookie">Alfresco-CSRFToken</param>
</action>
</rule>
<!– Make sure the first token is generated –>
<rule>
<request>
<session>
<attribute name="_alf_USER_ID">.*</attribute>
<attribute name="Alfresco-CSRFToken"/>
<!– empty attribute element indicates null –>
</session>
</request>
<action name="generateToken">
<param name="session">Alfresco-CSRFToken</param>
<param name="cookie">Alfresco-CSRFToken</param>
</action>
</rule>
<!– Refresh token on new "page" visit when a user is logged in –>
<rule>
<request>
<method>GET</method>
<path>^/page/.*</path>
<session>
<attribute name="_alf_USER_ID">.*</attribute>
<attribute name="Alfresco-CSRFToken">.*</attribute>
</session>
</request>
<action name="generateToken">
<param name="session">Alfresco-CSRFToken</param>
<param name="cookie">Alfresco-CSRFToken</param>
</action>
</rule>
<!– Verify multipart requests contains the token as a parameter and also correct referer & origin header if available –>
<rule>
<request>
<method>POST</method>
<header name="Content-Type">^multipart/.*</header>
<session>
<attribute name="_alf_USER_ID">.*</attribute>
</session>
</request>
<action name="assertToken">
<param name="session">Alfresco-CSRFToken</param>
<param name="parameter">Alfresco-CSRFToken</param>
</action>
<action name="assertReferer">
<param name="always">false</param>
<param name="referer">https://FQDN/.*</param>
</action>
<action name="assertOrigin">
<param name="always">false</param>
<param name="origin">https://FQDN</param>
</action>
</rule>
<!–
Verify there is a token in the header for remaining state changing requests and also correct
referer & origin headers if available. We "catch" all content types since just setting it to
"application/json.*" since a webscript that doesn't require a json request body otherwise would be
successfully executed using i.e. "text/plain".
–>
<rule>
<request>
<method>POST|PUT|DELETE</method>
<session>
<attribute name="_alf_USER_ID">.*</attribute>
</session>
</request>
<action name="assertToken">
<param name="session">Alfresco-CSRFToken</param>
<param name="header">Alfresco-CSRFToken</param>
</action>
<action name="assertReferer">
<param name="always">false</param>
<param name="referer">https://FQDN/.*</param>
</action>
<action name="assertOrigin">
<param name="always">false</param>
<param name="origin">https://FQDN</param>
</action>
</rule>
</filter>
</config>
</alfresco-config>
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-20-2014 01:02 PM
This is mine. Should I replace it with yours?
<code>
<alfresco-config>
<!– Global config section –>
<config replace="true">
<flags>
<!–
Developer debugging setting to turn on DEBUG mode for client scripts in the browser
–>
<client-debug>false</client-debug>
<!–
LOGGING can always be toggled at runtime when in DEBUG mode (Ctrl, Ctrl, Shift, Shift).
This flag automatically activates logging on page load.
–>
<client-debug-autologging>false</client-debug-autologging>
</flags>
</config>
<config evaluator="string-compare" condition="WebFramework">
<web-framework>
<!– SpringSurf Autowire Runtime Settings –>
<!–
Developers can set mode to 'development' to disable; SpringSurf caches,
FreeMarker template caching and Rhino JavaScript compilation.
–>
<autowire>
<!– Pick the mode: "production" or "development" –>
<mode>production</mode>
</autowire>
<!– Allows extension modules with <auto-deploy> set to true to be automatically deployed –>
<module-deployment>
<mode>manual</mode>
<enable-auto-deploy-modules>true</enable-auto-deploy-modules>
</module-deployment>
</web-framework>
</config>
<!– Disable the CSRF Token Filter –>
<!–
<config evaluator="string-compare" condition="CSRFPolicy" replace="true">
<filter/>
</config>
–>
<!–
To run the CSRF Token Filter behind 1 or more proxies that do not rewrite the Origin or Referere headers:
1. Copy the "CSRFPolicy" default config in share-security-config.xml and paste it into this file.
2. Replace the old config by setting the <config> element's "replace" attribute to "true" like below:
<config evaluator="string-compare" condition="CSRFPolicy" replace="true">
3. To every <action name="assertReferer"> element add the following child element
<param name="referer">http://www.proxy1.com/.*|http://www.proxy2.com/.*</param>
4. To every <action name="assertOrigin"> element add the following child element
<param name="origin">http://www.proxy1.com|http://www.proxy2.com</param>
–>
<!–
Remove the default wildcard setting and use instead a strict whitelist of the only domains that shall be allowed
to be used inside iframes (i.e. in the WebView dashlet on the dashboards)
–>
<!–
<config evaluator="string-compare" condition="IFramePolicy" replace="true">
<cross-domain>
<url>http://www.trusted-domain-1.com/</url>
<url>http://www.trusted-domain-2.com/</url>
</cross-domain>
</config>
–>
<!– Turn off header that stops Share from being displayed in iframes on pages from other domains –>
<!–
<config evaluator="string-compare" condition="SecurityHeadersPolicy">
<headers>
<header>
<name>X-Frame-Options</name>
<enabled>false</enabled>
</header>
</headers>
</config>
–>
<!– Prevent browser communication over HTTP (for HTTPS servers) –>
<!–
<config evaluator="string-compare" condition="SecurityHeadersPolicy">
<headers>
<header>
<name>Strict-Transport-Security</name>
<value>max-age=31536000</value>
</header>
</headers>
</config>
–>
<config evaluator="string-compare" condition="Replication">
<share-urls>
<!–
To discover a Repository Id, browse to the remote server's CMIS landing page at:
http://{server}:{port}/alfresco/service/cmis/index.html
The Repository Id field is found under the "CMIS Repository Information" expandable panel.
Example config entry:
<share-url repositoryId="622f9533-2a1e-48fe-af4e-ee9e41667ea4">http://new-york-office:8080/share/</share-url>
–>
</share-urls>
</config>
<!– Document Library config section –>
<config evaluator="string-compare" condition="DocumentLibrary" replace="true">
<tree>
<!–
Whether the folder Tree component should enumerate child folders or not.
This is a relatively expensive operation, so should be set to "false" for Repositories with broad folder structures.
–>
<evaluate-child-folders>false</evaluate-child-folders>
<!–
Optionally limit the number of folders shown in treeview throughout Share.
–>
<maximum-folder-count>1000</maximum-folder-count>
<!–
Default timeout in milliseconds for folder Tree component to recieve response from Repository
–>
<timeout>7000</timeout>
</tree>
<!–
Used by the "Manage Aspects" action
For custom aspects, remember to also add the relevant i18n string(s)
cm_myaspect=My Aspect
–>
<aspects>
<!– Aspects that a user can see –>
<visible>
<aspect name="cm:generalclassifiable" />
<aspect name="cm:complianceable" />
<aspect name="cm:dublincore" />
<aspect name="cm:effectivity" />
<aspect name="cm:summarizable" />
<aspect name="cm:versionable" />
<aspect name="cm:templatable" />
<aspect name="cm:emailed" />
<aspect name="emailserver:aliasable" />
<aspect name="cm:taggable" />
<aspect name="app:inlineeditable" />
<aspect name="gd:googleEditable" />
<aspect name="cm:geographic" />
<aspect name="exif:exif" />
<aspect name="audio:audio" />
<aspect name="cm:indexControl" />
<aspect name="dp:restrictable" />
</visible>
<!– Aspects that a user can add. Same as "visible" if left empty –>
<addable>
</addable>
<!– Aspects that a user can remove. Same as "visible" if left empty –>
<removeable>
</removeable>
</aspects>
<!–
Used by the "Change Type" action
Define valid subtypes using the following example:
<type name="cm:content">
<subtype name="cm:mysubtype" />
</type>
Remember to also add the relevant i18n string(s):
cm_mysubtype=My SubType
–>
<types>
<type name="cm:content">
</type>
<type name="cm:folder">
</type>
<type name="trx:transferTarget">
<subtype name="trx:fileTransferTarget" />
</type>
</types>
<!–
If set, will present a WebDAV link for the current item on the Document and Folder details pages.
Also used to generate the "View in Alfresco Explorer" action for folders.
–>
<repository-url>http://localhost:80/alfresco</repository-url>
<!–
Google Docs™ integration
–>
<google-docs>
<!–
Enable/disable the Google Docs UI integration (Extra types on Create Content menu, Google Docs actions).
–>
<enabled>false</enabled>
<!–
The mimetypes of documents Google Docs allows you to create via the Share interface.
The I18N label is created from the "type" attribute, e.g. google-docs.doc=Google Docs™ Document
–>
<creatable-types>
<creatable type="doc">application/msword</creatable>
<creatable type="xls">application/vnd.ms-excel</creatable>
<creatable type="ppt">application/vnd.ms-powerpoint</creatable>
</creatable-types>
</google-docs>
<!–
File upload configuration
–>
<file-upload>
<!–
Adobe Flash™
In certain environments, an HTTP request originating from Flash cannot be authenticated using an existing session.
See: http://bugs.adobe.com/jira/browse/FP-4830
For these cases, it is useful to disable the Flash-based uploader for Share Document Libraries.
–>
<adobe-flash-enabled>true</adobe-flash-enabled>
</file-upload>
</config>
<!– Custom DocLibActions config section –>
<config evaluator="string-compare" condition="DocLibActions">
<actionGroups>
<actionGroup id="document-browse">
<!– Simple Repo Actions –>
<!–
<action index="340" id="document-extract-metadata" />
<action index="350" id="document-increment-counter" />
–>
<!– Dialog Repo Actions –>
<!–
<action index="360" id="document-transform" />
<action index="370" id="document-transform-image" />
<action index="380" id="document-execute-script" />
–>
</actionGroup>
</actionGroups>
</config>
<!– Global folder picker config section –>
<config evaluator="string-compare" condition="GlobalFolder">
<siteTree>
<container type="cm:folder">
<!– Use a specific label for this container type in the tree –>
<rootLabel>location.path.documents</rootLabel>
<!– Use a specific uri to retreive the child nodes for this container type in the tree –>
<uri>slingshot/doclib/treenode/site/{site}/{container}{path}?children={evaluateChildFoldersSite}&max={maximumFolderCountSite}</uri>
</container>
</siteTree>
</config>
<!– Repository Library config section –>
<config evaluator="string-compare" condition="RepositoryLibrary" replace="true">
<!–
Root nodeRef or xpath expression for top-level folder.
e.g. alfresco://user/home, /app:company_home/st:sites/cm:site1
If using an xpath expression, ensure it is properly ISO9075 encoded here.
–>
<root-node>alfresco://company/home</root-node>
<tree>
<!–
Whether the folder Tree component should enumerate child folders or not.
This is a relatively expensive operation, so should be set to "false" for Repositories with broad folder structures.
–>
<evaluate-child-folders>false</evaluate-child-folders>
<!–
Optionally limit the number of folders shown in treeview throughout Share.
–>
<maximum-folder-count>500</maximum-folder-count>
</tree>
<!–
Whether the link to the Repository Library appears in the header component or not.
–>
<visible>true</visible>
</config>
<!– Kerberos settings –>
<!– To enable kerberos rename this condition to "Kerberos" –>
<config evaluator="string-compare" condition="KerberosDisabled" replace="true">
<kerberos>
<!–
Password for HTTP service account.
The account name *must* be built from the HTTP server name, in the format :
HTTP/<server_name>@<realm>
(NB this is because the web browser requests an ST for the
HTTP/<server_name> principal in the current realm, so if we're to decode
that ST, it has to match.)
–>
<password>secret</password>
<!–
Kerberos realm and KDC address.
–>
<realm>ALFRESCO.ORG</realm>
<!–
Service Principal Name to use on the repository tier.
This must be like: HTTP/host.name@REALM
–>
<endpoint-spn>HTTP/repository.server.com@ALFRESCO.ORG</endpoint-spn>
<!–
JAAS login configuration entry name.
–>
<config-entry>ShareHTTP</config-entry>
</kerberos>
</config>
<!– Uncomment and modify the URL to Activiti Admin Console if required. –>
<!–
<config evaluator="string-compare" condition="ActivitiAdmin" replace="true">
<activiti-admin-url>http://localhost:8080/alfresco/activiti-admin</activiti-admin-url>
</config>
–>
<config evaluator="string-compare" condition="Remote">
<remote>
<endpoint>
<id>alfresco-noauth</id>
<name>Alfresco - unauthenticated access</name>
<description>Access to Alfresco Repository WebScripts that do not require authentication</description>
<connector-id>alfresco</connector-id>
<endpoint-url>http://localhost:80/alfresco/s</endpoint-url>
<identity>none</identity>
</endpoint>
<endpoint>
<id>alfresco</id>
<name>Alfresco - user access</name>
<description>Access to Alfresco Repository WebScripts that require user authentication</description>
<connector-id>alfresco</connector-id>
<endpoint-url>http://localhost:80/alfresco/s</endpoint-url>
<identity>user</identity>
</endpoint>
<endpoint>
<id>alfresco-feed</id>
<name>Alfresco Feed</name>
<description>Alfresco Feed - supports basic HTTP authentication via the EndPointProxyServlet</description>
<connector-id>http</connector-id>
<endpoint-url>http://localhost:80/alfresco/s</endpoint-url>
<basic-auth>true</basic-auth>
<identity>user</identity>
</endpoint>
<!–
<endpoint>
<id>activiti-admin</id>
<name>Activiti Admin UI - user access</name>
<description>Access to Activiti Admin UI, that requires user authentication</description>
<connector-id>activiti-admin-connector</connector-id>
<endpoint-url>http://localhost:8080/alfresco/activiti-admin</endpoint-url>
<identity>user</identity>
</endpoint>
–>
</remote>
</config>
<!–
Overriding endpoints to reference an Alfresco server with external SSO enabled
NOTE: If utilising a load balancer between web-tier and repository cluster, the "sticky
sessions" feature of your load balancer must be used.
NOTE: If alfresco server location is not localhost:8080 then also combine changes from the
"example port config" section below.
*Optional* keystore contains SSL client certificate + trusted CAs.
Used to authenticate share to an external SSO system such as CAS
Remove the keystore section if not required i.e. for NTLM.
NOTE: For Kerberos SSO rename the "KerberosDisabled" condition above to "Kerberos"
NOTE: For external SSO, switch the endpoint connector to "AlfrescoHeader" and set
the userHeader to the name of the HTTP header that the external SSO
uses to provide the authenticated user name.
–>
<!–
<config evaluator="string-compare" condition="Remote">
<remote>
<keystore>
<path>alfresco/web-extension/alfresco-system.p12</path>
<type>pkcs12</type>
<password>alfresco-system</password>
</keystore>
<connector>
<id>alfrescoCookie</id>
<name>Alfresco Connector</name>
<description>Connects to an Alfresco instance using cookie-based authentication</description>
<class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
</connector>
<connector>
<id>alfrescoHeader</id>
<name>Alfresco Connector</name>
<description>Connects to an Alfresco instance using header and cookie-based authentication</description>
<class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
<userHeader>SsoUserHeader</userHeader>
</connector>
<endpoint>
<id>alfresco</id>
<name>Alfresco - user access</name>
<description>Access to Alfresco Repository WebScripts that require user authentication</description>
<connector-id>alfrescoCookie</connector-id>
<endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>
</remote>
</config>
–>
</alfresco-config>
<code>
<alfresco-config>
<!– Global config section –>
<config replace="true">
<flags>
<!–
Developer debugging setting to turn on DEBUG mode for client scripts in the browser
–>
<client-debug>false</client-debug>
<!–
LOGGING can always be toggled at runtime when in DEBUG mode (Ctrl, Ctrl, Shift, Shift).
This flag automatically activates logging on page load.
–>
<client-debug-autologging>false</client-debug-autologging>
</flags>
</config>
<config evaluator="string-compare" condition="WebFramework">
<web-framework>
<!– SpringSurf Autowire Runtime Settings –>
<!–
Developers can set mode to 'development' to disable; SpringSurf caches,
FreeMarker template caching and Rhino JavaScript compilation.
–>
<autowire>
<!– Pick the mode: "production" or "development" –>
<mode>production</mode>
</autowire>
<!– Allows extension modules with <auto-deploy> set to true to be automatically deployed –>
<module-deployment>
<mode>manual</mode>
<enable-auto-deploy-modules>true</enable-auto-deploy-modules>
</module-deployment>
</web-framework>
</config>
<!– Disable the CSRF Token Filter –>
<!–
<config evaluator="string-compare" condition="CSRFPolicy" replace="true">
<filter/>
</config>
–>
<!–
To run the CSRF Token Filter behind 1 or more proxies that do not rewrite the Origin or Referere headers:
1. Copy the "CSRFPolicy" default config in share-security-config.xml and paste it into this file.
2. Replace the old config by setting the <config> element's "replace" attribute to "true" like below:
<config evaluator="string-compare" condition="CSRFPolicy" replace="true">
3. To every <action name="assertReferer"> element add the following child element
<param name="referer">http://www.proxy1.com/.*|http://www.proxy2.com/.*</param>
4. To every <action name="assertOrigin"> element add the following child element
<param name="origin">http://www.proxy1.com|http://www.proxy2.com</param>
–>
<!–
Remove the default wildcard setting and use instead a strict whitelist of the only domains that shall be allowed
to be used inside iframes (i.e. in the WebView dashlet on the dashboards)
–>
<!–
<config evaluator="string-compare" condition="IFramePolicy" replace="true">
<cross-domain>
<url>http://www.trusted-domain-1.com/</url>
<url>http://www.trusted-domain-2.com/</url>
</cross-domain>
</config>
–>
<!– Turn off header that stops Share from being displayed in iframes on pages from other domains –>
<!–
<config evaluator="string-compare" condition="SecurityHeadersPolicy">
<headers>
<header>
<name>X-Frame-Options</name>
<enabled>false</enabled>
</header>
</headers>
</config>
–>
<!– Prevent browser communication over HTTP (for HTTPS servers) –>
<!–
<config evaluator="string-compare" condition="SecurityHeadersPolicy">
<headers>
<header>
<name>Strict-Transport-Security</name>
<value>max-age=31536000</value>
</header>
</headers>
</config>
–>
<config evaluator="string-compare" condition="Replication">
<share-urls>
<!–
To discover a Repository Id, browse to the remote server's CMIS landing page at:
http://{server}:{port}/alfresco/service/cmis/index.html
The Repository Id field is found under the "CMIS Repository Information" expandable panel.
Example config entry:
<share-url repositoryId="622f9533-2a1e-48fe-af4e-ee9e41667ea4">http://new-york-office:8080/share/</share-url>
–>
</share-urls>
</config>
<!– Document Library config section –>
<config evaluator="string-compare" condition="DocumentLibrary" replace="true">
<tree>
<!–
Whether the folder Tree component should enumerate child folders or not.
This is a relatively expensive operation, so should be set to "false" for Repositories with broad folder structures.
–>
<evaluate-child-folders>false</evaluate-child-folders>
<!–
Optionally limit the number of folders shown in treeview throughout Share.
–>
<maximum-folder-count>1000</maximum-folder-count>
<!–
Default timeout in milliseconds for folder Tree component to recieve response from Repository
–>
<timeout>7000</timeout>
</tree>
<!–
Used by the "Manage Aspects" action
For custom aspects, remember to also add the relevant i18n string(s)
cm_myaspect=My Aspect
–>
<aspects>
<!– Aspects that a user can see –>
<visible>
<aspect name="cm:generalclassifiable" />
<aspect name="cm:complianceable" />
<aspect name="cm:dublincore" />
<aspect name="cm:effectivity" />
<aspect name="cm:summarizable" />
<aspect name="cm:versionable" />
<aspect name="cm:templatable" />
<aspect name="cm:emailed" />
<aspect name="emailserver:aliasable" />
<aspect name="cm:taggable" />
<aspect name="app:inlineeditable" />
<aspect name="gd:googleEditable" />
<aspect name="cm:geographic" />
<aspect name="exif:exif" />
<aspect name="audio:audio" />
<aspect name="cm:indexControl" />
<aspect name="dp:restrictable" />
</visible>
<!– Aspects that a user can add. Same as "visible" if left empty –>
<addable>
</addable>
<!– Aspects that a user can remove. Same as "visible" if left empty –>
<removeable>
</removeable>
</aspects>
<!–
Used by the "Change Type" action
Define valid subtypes using the following example:
<type name="cm:content">
<subtype name="cm:mysubtype" />
</type>
Remember to also add the relevant i18n string(s):
cm_mysubtype=My SubType
–>
<types>
<type name="cm:content">
</type>
<type name="cm:folder">
</type>
<type name="trx:transferTarget">
<subtype name="trx:fileTransferTarget" />
</type>
</types>
<!–
If set, will present a WebDAV link for the current item on the Document and Folder details pages.
Also used to generate the "View in Alfresco Explorer" action for folders.
–>
<repository-url>http://localhost:80/alfresco</repository-url>
<!–
Google Docs™ integration
–>
<google-docs>
<!–
Enable/disable the Google Docs UI integration (Extra types on Create Content menu, Google Docs actions).
–>
<enabled>false</enabled>
<!–
The mimetypes of documents Google Docs allows you to create via the Share interface.
The I18N label is created from the "type" attribute, e.g. google-docs.doc=Google Docs™ Document
–>
<creatable-types>
<creatable type="doc">application/msword</creatable>
<creatable type="xls">application/vnd.ms-excel</creatable>
<creatable type="ppt">application/vnd.ms-powerpoint</creatable>
</creatable-types>
</google-docs>
<!–
File upload configuration
–>
<file-upload>
<!–
Adobe Flash™
In certain environments, an HTTP request originating from Flash cannot be authenticated using an existing session.
See: http://bugs.adobe.com/jira/browse/FP-4830
For these cases, it is useful to disable the Flash-based uploader for Share Document Libraries.
–>
<adobe-flash-enabled>true</adobe-flash-enabled>
</file-upload>
</config>
<!– Custom DocLibActions config section –>
<config evaluator="string-compare" condition="DocLibActions">
<actionGroups>
<actionGroup id="document-browse">
<!– Simple Repo Actions –>
<!–
<action index="340" id="document-extract-metadata" />
<action index="350" id="document-increment-counter" />
–>
<!– Dialog Repo Actions –>
<!–
<action index="360" id="document-transform" />
<action index="370" id="document-transform-image" />
<action index="380" id="document-execute-script" />
–>
</actionGroup>
</actionGroups>
</config>
<!– Global folder picker config section –>
<config evaluator="string-compare" condition="GlobalFolder">
<siteTree>
<container type="cm:folder">
<!– Use a specific label for this container type in the tree –>
<rootLabel>location.path.documents</rootLabel>
<!– Use a specific uri to retreive the child nodes for this container type in the tree –>
<uri>slingshot/doclib/treenode/site/{site}/{container}{path}?children={evaluateChildFoldersSite}&max={maximumFolderCountSite}</uri>
</container>
</siteTree>
</config>
<!– Repository Library config section –>
<config evaluator="string-compare" condition="RepositoryLibrary" replace="true">
<!–
Root nodeRef or xpath expression for top-level folder.
e.g. alfresco://user/home, /app:company_home/st:sites/cm:site1
If using an xpath expression, ensure it is properly ISO9075 encoded here.
–>
<root-node>alfresco://company/home</root-node>
<tree>
<!–
Whether the folder Tree component should enumerate child folders or not.
This is a relatively expensive operation, so should be set to "false" for Repositories with broad folder structures.
–>
<evaluate-child-folders>false</evaluate-child-folders>
<!–
Optionally limit the number of folders shown in treeview throughout Share.
–>
<maximum-folder-count>500</maximum-folder-count>
</tree>
<!–
Whether the link to the Repository Library appears in the header component or not.
–>
<visible>true</visible>
</config>
<!– Kerberos settings –>
<!– To enable kerberos rename this condition to "Kerberos" –>
<config evaluator="string-compare" condition="KerberosDisabled" replace="true">
<kerberos>
<!–
Password for HTTP service account.
The account name *must* be built from the HTTP server name, in the format :
HTTP/<server_name>@<realm>
(NB this is because the web browser requests an ST for the
HTTP/<server_name> principal in the current realm, so if we're to decode
that ST, it has to match.)
–>
<password>secret</password>
<!–
Kerberos realm and KDC address.
–>
<realm>ALFRESCO.ORG</realm>
<!–
Service Principal Name to use on the repository tier.
This must be like: HTTP/host.name@REALM
–>
<endpoint-spn>HTTP/repository.server.com@ALFRESCO.ORG</endpoint-spn>
<!–
JAAS login configuration entry name.
–>
<config-entry>ShareHTTP</config-entry>
</kerberos>
</config>
<!– Uncomment and modify the URL to Activiti Admin Console if required. –>
<!–
<config evaluator="string-compare" condition="ActivitiAdmin" replace="true">
<activiti-admin-url>http://localhost:8080/alfresco/activiti-admin</activiti-admin-url>
</config>
–>
<config evaluator="string-compare" condition="Remote">
<remote>
<endpoint>
<id>alfresco-noauth</id>
<name>Alfresco - unauthenticated access</name>
<description>Access to Alfresco Repository WebScripts that do not require authentication</description>
<connector-id>alfresco</connector-id>
<endpoint-url>http://localhost:80/alfresco/s</endpoint-url>
<identity>none</identity>
</endpoint>
<endpoint>
<id>alfresco</id>
<name>Alfresco - user access</name>
<description>Access to Alfresco Repository WebScripts that require user authentication</description>
<connector-id>alfresco</connector-id>
<endpoint-url>http://localhost:80/alfresco/s</endpoint-url>
<identity>user</identity>
</endpoint>
<endpoint>
<id>alfresco-feed</id>
<name>Alfresco Feed</name>
<description>Alfresco Feed - supports basic HTTP authentication via the EndPointProxyServlet</description>
<connector-id>http</connector-id>
<endpoint-url>http://localhost:80/alfresco/s</endpoint-url>
<basic-auth>true</basic-auth>
<identity>user</identity>
</endpoint>
<!–
<endpoint>
<id>activiti-admin</id>
<name>Activiti Admin UI - user access</name>
<description>Access to Activiti Admin UI, that requires user authentication</description>
<connector-id>activiti-admin-connector</connector-id>
<endpoint-url>http://localhost:8080/alfresco/activiti-admin</endpoint-url>
<identity>user</identity>
</endpoint>
–>
</remote>
</config>
<!–
Overriding endpoints to reference an Alfresco server with external SSO enabled
NOTE: If utilising a load balancer between web-tier and repository cluster, the "sticky
sessions" feature of your load balancer must be used.
NOTE: If alfresco server location is not localhost:8080 then also combine changes from the
"example port config" section below.
*Optional* keystore contains SSL client certificate + trusted CAs.
Used to authenticate share to an external SSO system such as CAS
Remove the keystore section if not required i.e. for NTLM.
NOTE: For Kerberos SSO rename the "KerberosDisabled" condition above to "Kerberos"
NOTE: For external SSO, switch the endpoint connector to "AlfrescoHeader" and set
the userHeader to the name of the HTTP header that the external SSO
uses to provide the authenticated user name.
–>
<!–
<config evaluator="string-compare" condition="Remote">
<remote>
<keystore>
<path>alfresco/web-extension/alfresco-system.p12</path>
<type>pkcs12</type>
<password>alfresco-system</password>
</keystore>
<connector>
<id>alfrescoCookie</id>
<name>Alfresco Connector</name>
<description>Connects to an Alfresco instance using cookie-based authentication</description>
<class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
</connector>
<connector>
<id>alfrescoHeader</id>
<name>Alfresco Connector</name>
<description>Connects to an Alfresco instance using header and cookie-based authentication</description>
<class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
<userHeader>SsoUserHeader</userHeader>
</connector>
<endpoint>
<id>alfresco</id>
<name>Alfresco - user access</name>
<description>Access to Alfresco Repository WebScripts that require user authentication</description>
<connector-id>alfrescoCookie</connector-id>
<endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>
</remote>
</config>
–>
</alfresco-config>
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-20-2014 01:03 PM
What do I need to keep and what do I need to remove what is not necessary?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-05-2014 12:54 PM
Sorry I have been gone for the last two weeks on vacation. You can try mine just make sure you edit the entries for your fqdn…
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
