Hyland Connect

krich · ‎08-06-2009

I have 3.2 Community up and running and have applied the vti.module amp to get SharePoint Protocol working. Everything is working fine accessing the URL http://mydomain.com:7070/alfresco with Office 2007 documents but I need to utilize the SharePoint protocol over the Internet and need to use the protocol over SSL. I have tried creating a reverse proxy with Apache2 and can map /alfresco as web folders but it will not work with Office 2007.

My question is whether or not there is a way to enable SSL in the Jetty 6.1.14 server included in the module or if anyone has had success implementing a reverse proxy or some other form of gateway. Passing credentials or accessing confidential files without encryption is not an option.

perom · ‎08-07-2009

I am also interested if anyone have succeeded in getting sharepoint protocol implementation on alfresco to work over apache SSL.
anyone?

perom · ‎08-09-2009

Ok, I managed on my own
I ended up with two virtual hosts on Apache. One to handle AJP and Alfresco, the other to handle SPP implementation:

<VirtualHost #name or IP#:443>
ServerName yourservername:443
ErrorLog logs/log location
TransferLog logs/log location
LogLevel warn
<Proxy *>
Order Deny,Allow
Allow from all
</Proxy>
RewriteEngine On
ProxyRequests Off
CacheDisable *
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

SSLCertificateFile /etc/pki/tls/certs/your_ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/your_ca.key

SSLProxyEngine On
ProxyPass /alfresco/ http://yourservername:7070/alfresco/
ProxyPassReverse /alfresco/ http://yourservername:7070/alfresco/
ProxyPass /_vti_bin/ http://yourservername:7070/_vti_bin/
ProxyPassReverse /_vti_bin/ http://yourservername:7070/_vti_bin/
ProxyPass /_vti_inf.html http://yourservername:7070/_vti_inf.html
ProxyPassReverse /_vti_inf.html http://yourservername:7070/_vti_inf.html
ProxyPass /_vti_history/ http://yourservername:7070/_vti_history/
ProxyPassReverse /_vti_history/ http://yourservername:7070/_vti_history/

RewriteCond %{SERVER_PORT} !443
RewriteRule ^(.*)$ https://yourservername/$1 [R,L]
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

</VirtualHost>

Also, to pass it correctly to Apache on port 443, exclude in documentlist.js and documentlist-min.js:

oRecord.setData("onlineEditUrl", window.location.protocol + "//" + window.location.hostname + ":" + me.options.vtiServer.port + "/" + $combine("alfresco", loc.site, loc.container, loc.path, loc.file));

cheers

pbkoob · ‎08-13-2009

Where are the settings for the Virtual server you created for WSS located on your server>

gulikoza · ‎02-24-2010

Hi,

I spent a week figuring this out. Perom's solution never worked for me (the returned webpage still has http://x.x.x.x:7070 links). I finally made it work with mod_sed:

        <Location /sharepoint>
            SetOutputFilter Sed
            OutputSed "s/http:\/\/alfresco.mycompany.com:7070/https:\/\/alfresco.mycompany.com/g"

            SetInputFilter Sed
            InputSed "s/https:\/\/alfresco.mycompany.com/http:\/\/alfresco.mycompany.com:7070/g"
        </Location>

        <LocationMatch /_vti(.*)>
            SetOutputFilter Sed
            OutputSed "s/http:\/\/alfresco.mycompany.com:7070/https:\/\/alfresco.mycompany.com/g"

            SetInputFilter Sed
            InputSed "s/https:\/\/alfresco.mycompany.com/http:\/\/alfresco.mycompany.com:7070/g"
        </LocationMatch>

        # Sharepoint access
        ProxyPass /sharepoint http://alfresco.mycompany.com:7070/sharepoint
        ProxyPassReverse /sharepoint http://alfresco.mycompany.com:7070/sharepoint

        ProxyPass /_vti_bin/ http://alfresco.mycompany.com:7070/_vti_bin/
        ProxyPassReverse /_vti_bin/ http://alfresco.mycompany.com:7070/_vti_bin/
        ProxyPass /_vti_inf.html http://alfresco.mycompany.com:7070/_vti_inf.html
        ProxyPassReverse /_vti_inf.html http://alfresco.mycompany.com:7070/_vti_inf.html
        ProxyPass /_vti_history/ http://alfresco.mycompany.com:7070/_vti_history/
        ProxyPassReverse /_vti_history/ http://alfresco.mycompany.com:7070/_vti_history/
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

(I also changed vti.alfresco.deployment.context=/sharepoint in alfresco-global.properties to make /sharepoint. I guess it would be possible to do it with proxy as well, now that I made it work).
I haven't tested it all yet, I'm happy that the folder opens and works

. Please post any suggestions or comments you might have!

goldmar · ‎07-27-2010

I've tried the suggested configuration (even with mod_sed) but it does not work for me. Using vti over port 7070 works, however when I try the same with https://mydomain.tld/sharepoint I first get an authentification window (so the Proxy Forwarding works!) but afterwards there is a "Could not open URL" error. Any ideas? Is there any way to debug this?

Also, is there a way to limit the interfaces Alfresco VTI is listening on? (Similar to "cifs.bindto")

ebogaard · ‎07-28-2010

This is a funny thing, we've encountered as well.
We had 2 choices:
1. use mod_sed to rewrite the URLs. Result of this is that you can sign in and go directly to the sites and document library, but you can't checkin or checkout documents from office.
2. don't use mod_sed. Result of this is that you need to change the view from webview to any other view in office when switching in a site to the document library.

Rewriting the URLs some more only resulted in other things breaking. Ultimately we've chosen to use option 2, because of the added/needed functionality.

We've filed a bug report in april, but Alfresco keeps delaying the solution: https://issues.alfresco.com/jira/browse/ALF-2503?page=com.atlassian.jira.plugin.system.issuetabpanel...

goldmar · ‎08-18-2010

I've tested it some more now. When I wrote my last post I had an error in my Apache proxy configuration, that's why it did not work. Now it's the same as ebogaard describes.

1) Using mod_sed as written above it's not possible to update documents from office anymore. I can browse the document library and open documents, but I get read-only access.

2) Not using mod_sed everything works but then Office seems to use the original URL (without https) to open documents, so the connection is not encrypted anymore. That makes using https pointless…

ebogaard, in your bug report you've suggested a solution to the problem. Does it fix this problem completely? If it does, why did they not make this change - afterall these are only two lines of code?! Can you please upload an updated vti module which includes your fix?

ebogaard · ‎08-18-2010

I'm afraid the suggested solution doesn't work as expected.
You can test this yourself, as the .ftl is editable in je .amp (and je installed .jar), no compilation needed.

So I'm afraid we have to wait for Alfresco to fix this. Hope this happens soon!

goldmar · ‎08-18-2010

I've tried extracting the jar file with vti installed and there was noFileOpenDialog.ftl file. I think they have compiled it into classes in the new version, so you have to get the source, edit and the file and recompile everything… well, I guess I'd do that but since you say that it "does not work as expected" I'll just sit and wait untill the Alfresco team provides a solution. I hope they'll fix it in the next release. WebDAV works great for copying files for us but when opening .doc files in Word via WebDAV we often get errors when trying to save / update the file (instead one has to save the updated file locally and overwrite the old file by moving the new document with Explorer - very uncomfortable).

So there is no alternative to the vti extension right now. Also, WebDAV does not work with Windows 7…

Hyland Connect

Sharepoint Protocol over SSL