Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSL via Apache2 Proxy and Tomcat6/Alfresco

oblivian
Champ in-the-making
Champ in-the-making

‎10-05-2009 01:35 PM

Hello,

I am trying to use Apache2 to set up an SSL-connection with Alfresco. I have a reversed proxied Alfresco with Apache2 and SSL, but I get warnings that the connection isn't entirely encrypted.  (Warning: Connection Partially Encrypted) Is there something I have to do on the Alfresco/Tomcat6 side?

Excerpt from http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html
It is important to note that configuring Tomcat to take advantage of secure sockets is usually only necessary when running it as a stand-alone web server. When running Tomcat primarily as a Servlet/JSP container behind another web server, such as Apache or Microsoft IIS, it is usually necessary to configure the primary web server to handle the SSL connections from users. Typically, this server will negotiate all SSL-related functionality, then pass on any requests destined for the Tomcat container only after decrypting those requests. Likewise, Tomcat will return cleartext responses, that will be encrypted before being returned to the user's browser. In this environment, Tomcat knows that communications between the primary web server and the client are taking place over a secure connection (because your application needs to be able to ask about this), but it does not participate in the encryption or decryption itself.

So according to the Apache2 documentation it should be sufficiant to encrypt the traffic from/to the Apache2 proxy and not Tomcat6 itself.
So why is the encrypted connection failing? This is in all browsers I've tried, Firefox, IE8, Safari, etc…

Please advice,

Oblivian
Labels:
0 Kudos
13 REPLIES 13

unknown-user
Champ on-the-rise
Champ on-the-rise

‎10-12-2009 04:08 PM

Right now its not working, so I would be very happy to take a deep look at your config files (apache and tomcat server.xml)  Smiley Happy

I am running on a Debian 5 server.
0 Kudos

oblivian
Champ in-the-making
Champ in-the-making

‎10-12-2009 05:18 PM

OK, here goes.

Make sure mod_jk is installed and enabled in Apache2.

Add the following at the bottom of the main Apache2 config file. (apache2.conf)
JkWorkersFile /etc/apache2/workers.properties

# Where to put jk logs
JkLogFile /var/log/apache2/mod_jk.log

# Set the jk log level [debug/error/info]
JkLogLevel info

# Select the log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "

# JkOptions indicate to send SSL KEY SIZE,
JkOptions +ForwardKeySize -ForwardDirectories

# JkRequestLogFormat set the request format
JkRequestLogFormat "%w %V %T"

# Send servlet for context /alfresco to your repository
JkMount /share worker1
JkMount /alfresco worker1

# Send JSPs for context /alfresco/* to your repository
JkMount /share/* worker1
JkMount /alfresco/* worker1

Create a new file: /etc/apache2/worker.properties and enter the following. (Make neccesary adjustments to the java_home and tomcat_home)
workers.tomcat_home=/usr/share/tomcat6
workers.java_home=/usr/lib/jvm/java-6-sun-1.6.0.16
ps=/
worker.list=worker1

worker.default.port=8009
worker.default.host=localhost
worker.default.type=ajp13
worker.default.lbfactor=1

Add the following to server.xml (On Ubuntu 9.04 /etc/tomcat6/server.xml)
Add the following lines
<!– Define an AJP 1.3 Connector on port 8009 –>
    <Connector port="8009"
               enableLookups="false" redirectPort="8442" protocol="AJP/1.3" URIEncoding="UTF-8" />

NB. Add the above lines just before the following lines: (Around line 70).
<Connector port="8080" protocol="HTTP/1.1" URIEncoding="UTF-8"
               connectionTimeout="20000"
               redirectPort="8443" />

Add the following lines to the Apache2 SSL-enabled virtual server: (Just before the the virtualhost close tag) </virtualhost>
JkMountCopy On
JkMount /alfresco worker1
JkMount /alfresco/* worker1
JkMount /share worker1
JkMount /share/* worker1

And that should be it.

Good luck!  Smiley Happy

PS. You have to restart both Apache2 and Tomcat6 too se the changes of course…
0 Kudos

gopei
Champ in-the-making
Champ in-the-making
In response to oblivian

‎05-16-2014 12:23 AM

excuse me oblivian,… where is path directory & what file i have to change it ??? 

"….Add the following lines to the Apache2 SSL-enabled virtual server: (Just before the the virtualhost close tag)…."

thanks
0 Kudos

unknown-user
Champ on-the-rise
Champ on-the-rise

‎10-12-2009 07:31 PM

Beautiful, so simple and jet so complicated… Its working, thank you very much  Smiley Very Happy
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC