cancel
Showing results for 
Search instead for 
Did you mean: 

Error secret in configuring ssl in alfresco community 7.2

crisdev13
Confirmed Champ
Confirmed Champ

hi guys i need help regarding error in configuring SSL .. i change my configuration from secret to https i remove secret in my configuration of docker-compose.yml and always keep showing me this error

image

5 REPLIES 5

crisdev13
Confirmed Champ
Confirmed Champ

here is my docker-compose.yml file 

# Using version 2 as 3 does not support resource constraint options (cpu_*, mem_* limits) for non swarm mode in Compose
version: "2"

services:
    alfresco:
        build:
          context: ./alfresco
          args:
            ALFRESCO_TAG: ${ALFRESCO_CE_TAG}
            DB: postgres
            SOLR_COMMS: https
            TRUSTSTORE_TYPE: JCEKS
            TRUSTSTORE_PASS: truststore
            KEYSTORE_TYPE: JCEKS
            KEYSTORE_PASS: keystore	  
        mem_limit: 7360m
        depends_on: 
            - postgres  
        environment:
            JAVA_TOOL_OPTIONS: "
                -Dencryption.keystore.type=JCEKS
                -Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding
                -Dencryption.keyAlgorithm=DESede
                -Dencryption.keystore.location=/usr/local/tomcat/shared/classes/alfresco/extension/keystore/keystore
                -Dmetadata-keystore.password=mp6yc0UD9e
                -Dmetadata-keystore.aliases=metadata
                -Dmetadata-keystore.metadata.password=oKIWzVdEdA
                -Dmetadata-keystore.metadata.algorithm=DESede
                -Dssl-keystore.password=keystore
                -Dssl-keystore.aliases=ssl-alfresco-ca,ssl-repo
                -Dssl-keystore.ssl-alfresco-ca.password=keystore
                -Dssl-keystore.ssl-repo.password=keystore
                -Dssl-truststore.password=truststore
                -Dssl-truststore.aliases=alfresco-ca,ssl-repo-client
                -Dssl-truststore.alfresco-ca.password=truststore
                -Dssl-truststore.ssl-repo-client.password=truststore
                "
            JAVA_OPTS : '
                -Ddb.username=alfresco
                -Ddb.password=alfresco
                -Ddb.driver=org.postgresql.Driver
                -Ddb.url=jdbc:postgresql://postgres:5432/alfresco  
                -Dalfresco_user_store.adminpassword=209c6174da490caeb422f3fa5a7ae634
                -Dsystem.preferred.password.encoding=bcrypt10
                -Dsolr.host=solr6
                -Dsolr.port=8983
                -Dsolr.port.ssl=8983
                -Dsolr.secureComms=https
                -Dsolr.baseUrl=/solr
                -Dindex.subsystem.name=solr6 
                -Ddir.keystore=/usr/local/tomcat/keystore
                -Dalfresco.encryption.ssl.keystore.type=JCEKS
                -Dalfresco.encryption.ssl.truststore.type=JCEKS
                -Dalfresco.host=${SERVER_NAME}
                -Dalfresco.port=80
                -Dapi-explorer.url=https://${SERVER_NAME}:80/api-explorer
                -Dalfresco.protocol=https 
                -Dshare.host=${SERVER_NAME}
                -Dshare.port=80
                -Dshare.protocol=https 
                -Daos.baseUrlOverwrite=https://${SERVER_NAME}/alfresco/aos
                -Dmessaging.broker.url="failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true"
                -Ddeployment.method=DOCKER_COMPOSE
                -Dcsrf.filter.enabled=false 
                -Dftp.enabled=true
                -Dftp.port=2121
                -Dftp.dataPortFrom=2433
                -Dftp.dataPortTo=2434 
                -Dopencmis.server.override=true
                -Dopencmis.server.value=https://${SERVER_NAME}:80
                -DlocalTransform.core-aio.url=http://transform-core-aio:8090/ 
                -Dcsrf.filter.enabled=false
                -Dalfresco.restApi.basicAuthScheme=true
                -Dauthentication.protection.enabled=false
                -XX:+UseG1GC -XX:+UseStringDeduplication
                -Dgoogledocs.enabled=true 
                -Xms6848m -Xmx6848m  
                -Dauthentication.chain=alfinst:alfrescoNtlm,ldap1:ldap
                -Dldap.authentication.active=true
                -Dldap.authentication.java.naming.provider.url=ldap://openldap:389
                -Dldap.authentication.userNameFormat=uid=%s,dc=keensoft,dc=es
                -Dldap.synchronization.active=false  
                -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80
            '
        volumes: 
            - ./data/alf-repo-data:/usr/local/tomcat/alf_data
            - ./logs/alfresco:/usr/local/tomcat/logs
            - ./keystores/alfresco:/usr/local/tomcat/keystore    
        
        ports:
            - 2121:2121
            - 2433:2433
            - 2434:2434 

    transform-core-aio:
        image: alfresco/alfresco-transform-core-aio:${TRANSFORM_ENGINE_TAG}
        mem_limit: 2048m
        environment:
            JAVA_OPTS: "
              -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80
              -Dserver.tomcat.threads.max=12
              -Dserver.tomcat.threads.min=4
              -Dlogging.level.org.alfresco.transform.router.TransformerDebug=ERROR
            "

    share:
        build:
          context: ./share
          args:
            SHARE_TAG: ${SHARE_TAG}
            SERVER_NAME: ${SERVER_NAME}
        mem_limit: 1840m
        environment:
            REPO_HOST: "alfresco"
            REPO_PORT: "8080"
            CSRF_FILTER_REFERER: "https://localhost:80/.*"
            CSRF_FILTER_ORIGIN: "https://localhost:80"
            JAVA_OPTS: "
                -Xms1712m -Xmx1712m
                -Dalfresco.context=alfresco
                -Dalfresco.protocol=https
                -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80
                "
        volumes: 
            - ./logs/share:/usr/local/tomcat/logs  

    
    postgres:
        image: postgres:${POSTGRES_TAG}
        mem_limit: 1840m
        environment:
            - POSTGRES_PASSWORD=alfresco
            - POSTGRES_USER=alfresco
            - POSTGRES_DB=alfresco
        command: "
            postgres
              -c max_connections=200
              -c logging_collector=on
              -c log_min_messages=LOG
              -c log_directory=/var/log/postgresql"
        ports:
            - 5432:5432
        volumes: 
            - ./data/postgres-data:/var/lib/postgresql/data
            - ./logs/postgres:/var/log/postgresql  
     

    solr6:
        build:
          context: ./search
          args:
            SEARCH_TAG: ${SEARCH_CE_TAG}
            SOLR_HOSTNAME: solr6
            ALFRESCO_HOSTNAME: alfresco
            ALFRESCO_COMMS: https
            TRUSTSTORE_TYPE: JCEKS
            KEYSTORE_TYPE: JCEKS 
            CROSS_LOCALE: "true"
        mem_limit: 3680m
        environment:
            #Solr needs to know how to register itself with Alfresco
            SOLR_ALFRESCO_HOST: "alfresco"
            SOLR_ALFRESCO_PORT:  "8443" 
            #Alfresco needs to know how to call solr
            SOLR_SOLR_HOST: "solr6"
            SOLR_SOLR_PORT: "8983"
            #Create the default alfresco and archive cores
            SOLR_CREATE_ALFRESCO_DEFAULTS: "alfresco,archive"
            SOLR_JAVA_MEM: "-Xms3424m -Xmx3424m"
            SOLR_SSL_TRUST_STORE: "/opt/alfresco-search-services/keystore/ssl-repo-client.truststore"
            SOLR_SSL_TRUST_STORE_PASSWORD: "truststore"
            SOLR_SSL_TRUST_STORE_TYPE: "JCEKS"
            SOLR_SSL_KEY_STORE: "/opt/alfresco-search-services/keystore/ssl-repo-client.keystore"
            SOLR_SSL_KEY_STORE_PASSWORD: "keystore"
            SOLR_SSL_KEY_STORE_TYPE: "JCEKS"
            SOLR_SSL_NEED_CLIENT_AUTH: "true"
            JAVA_TOOL_OPTIONS: "
                -Dsolr.jetty.truststore.password=truststore
                -Dsolr.jetty.keystore.password=keystore
                -Dssl-keystore.password=keystore
                -Dssl-keystore.aliases=ssl-alfresco-ca,ssl-repo-client
                -Dssl-keystore.ssl-alfresco-ca.password=keystore
                -Dssl-keystore.ssl-repo-client.password=keystore
                -Dssl-truststore.password=truststore
                -Dssl-truststore.aliases=ssl-alfresco-ca,ssl-repo,ssl-repo-client
                -Dssl-truststore.ssl-alfresco-ca.password=truststore
                -Dssl-truststore.ssl-repo.password=truststore
                -Dssl-truststore.ssl-repo-client.password=truststore
            " 
            SOLR_OPTS: "
                -XX:NewSize=1584m
                -XX:MaxNewSize=1584m
                -Dsolr.ssl.checkPeerName=false
                -Dsolr.allow.unsafe.resourceloading=true  
            "
        volumes: 
            - ./data/solr-data:/opt/alfresco-search-services/data
            - ./keystores/solr:/opt/alfresco-search-services/keystore
        ports:
            - 8983:8983   
        

    activemq:
        image: alfresco/alfresco-activemq:${ACTIVEMQ_TAG}
        mem_limit: 1g
        ports:
            - 8161:8161
        volumes: 
            - ./data/activemq-data:/opt/activemq/data  

    content-app:
        image: alfresco/alfresco-content-app:${ACA_TAG}
        mem_limit: 256m
        depends_on:
            - alfresco
            - share

    # HTTP proxy to provide HTTP Default port access to services
    # SOLR API and SOLR Web Console are protected to avoid unauthenticated access
    proxy:
        image: nginx:stable-alpine
        mem_limit: 128m
        depends_on:
            - alfresco
            - solr6
            - share
            - content-app
        volumes:
            - ./config/nginx.conf:/etc/nginx/nginx.conf
            - ./config/nginx.htpasswd:/etc/nginx/conf.d/nginx.htpasswd
            - ./config/cert/localhost.cer:/etc/nginx/localhost.cer
            - ./config/cert/localhost.key:/etc/nginx/localhost.key 
        ports:
            - 80:80

    

    
    openldap:
        image: osixia/openldap:1.4.0
        mem_limit: 128m
        container_name: openldap
        environment:
          LDAP_DOMAIN: "alfresco.org"
          LDAP_BASE_DN: "dc=alfresco,dc=org"
          LDAP_ADMIN_PASSWORD: "admin"
        volumes:
            - ./data/slapd/database:/var/lib/ldap
            - ./data/slapd/config:/etc/ldap/slapd.d

    phpldapadmin:
        image: osixia/phpldapadmin
        mem_limit: 128m
        container_name: phpldapadmin
        environment:
          PHPLDAPADMIN_LDAP_HOSTS: "openldap"
          PHPLDAPADMIN_HTTPS=false:
        links:
            - openldap
        depends_on:
            - openldap
        ports:
            - 8088:80
    

    

    


fedorow
Elite Collaborator
Elite Collaborator

Run installer, create test deployment with solr ssl and compare your configuration with generated by installer.

sir i compare i do what you said the only difference is java memory 

fedorow
Elite Collaborator
Elite Collaborator

This yaml file works for me perfect. Bring it in right yaml format and change port from 80 to 443 as you use https for share and alfresco.

Did you rebuild container with forse recreate or no cache options?

yes sir i re-build the container using --force --recreate. i dont use cache options sir