cancel
Showing results for 
Search instead for 
Did you mean: 

First steps using Alfresco - Port mappings/changes

chri_s
Champ in-the-making
Champ in-the-making

Hi,

i am a kind of newby to alfresco. i want to configure alfresco within a debian 8.9 subsystem and use alfresco 5.2 community.

Now i want to change Ports from 8080 to 80 or 443 as i want to use it from external with an le cert.

But i didn't understand yet, where i have to trigger configuration to work.

My plans are connection by https ->  (443) alfresco (share) -> ?(seems to be another portdefinitions?)

but: how to implement it the right way?

Maybe you can give me a hint. The how tos i tried until now didn't run.

hope to hear from you to go on soon

Chris

10 REPLIES 10

alxgomz
Employee
Employee

Hi Chris,

The right way to do that is really to use a reverse proxy in front of your Alfresco instance.

Apache or Nginx are known to work really well with Alfresco and you will for sure find a lot of documentation on how to do it.

It is also possible to setup tomcat to use non default ports but I wouldn't recommand it though if that's for a "non-test system". But if you want to go down that road you will need to change the tomcat/conf/server.xml file and change ports defined in the "Connector" element (8080=>80 & 8443=>443). One of the Connector will be defined as an https connector. For this one, you'll also need to specify the keystore and truststore to use in order for SSL to work. As a consequence, you'll need to setup the appropriate keystores, either using keytool, or using the default one that are shipped with Alfresco (and of course are not considered secured).

But really setting up a reverse proxy is what I would advice.

In both case, you' then need to edit the alfresco-global.properties files in order to change the properties bellow:

alfresco.host

alfresco.port

alfresco.context

alfresco.protocol

share.host

share.port

share.context

share.protocol

chri_s
Champ in-the-making
Champ in-the-making

Hi Alexandre,

thank you for your very helpful post.

Then i want to give it a try using a reverse proxy. Can I use an external one - such like in a Sophos UTM? I am asking because i tried it already starting with https://ecm.tld.net to work fine with the first site. When trying to acess /share and subpanels especially login it doesn't work with ecm.tld.net, 443 and https in alfresco-global.properties (both alfresco and share). May you would give me an idea, how to configure it in this environment to run smooth?

Thank you,

Chris

I don't know SOPHOS UTM but if your proxy supports either http, https or ajp to connect to a tomcat backend server then it should work. Of course http and ajp are usually more targeted at local networks. if you use an external proxy you may want to use https instead, and then you're back to the point where you want a tomcat https connector with a proper certificate.

Regarding the issue you talk about... I'm sorry I don't really understand what you mean.

chri_s
Champ in-the-making
Champ in-the-making

It supports either http or https and stands in front of the network. Therefore i could access alfresco by http. 

But trying to access leads to either a redirect to ecm.internal:8080 or gives me a login fault, which let me ask how alfresco-global.properties has to be defined in a proper way to solve reverse proxy acess properly.

Yeah, that's what I was mentioning in my first post. You should configure alfresco-global.properties file as follow:

alfresco.host=virtualhost_used_on_the_proxy

alfresco.port=443

alfresco.context=alfresco

alfresco.protocol=https

share.host=virutalhost_used_on_the_proxy

share.port=443

share.context=share

share.protocol=https

The above assumes you're using an SSL enabled virtual host on the proxy (regardless of the protocol you use to connect the proxy to the tomcat backend).

chri_s
Champ in-the-making
Champ in-the-making

Thats correct

i can access for example https://ecm.tld.net, after whole configuration i also can access https://ecm.tld.net/share/page/ but when trying to login i got an error something is wrong, which i can declare as a problem with login. So it seems as I need to change somethings in background with share-login?

Sorry for coming back to you that late, it's been pretty busy days over here!

Well, that depends on the error you're seeing, we would need logs to know what's going on.

But if you are not using AJP to proxy, it's likely to be the CSRF protection that is bothering you.

You can disable CSRF completely (which is of course not recommended), or you can configure it to let your domain go through.

1 - Disable CSRF: Uncomment the CSRF bit in tomcat/shared/classes/alfresco/web-extension/share-config-custom.xml (should be there by default)

2 - Configure CSRF: Add the CSRF section bellow to the tomcat/shared/classes/alfresco/web-extension/share-config-custom.xml:

<config evaluator="string-compare" condition="CSRFPolicy" replace="true">

    <properties>

        <token>Alfresco-CSRFToken</token>

        <referer>https://ecm.tld.net/.*</referer>

        <origin>https://ecm.tld.net</origin>
    </properties>

</config>

If your issue is different please share the logs.

MikeW2
Champ on-the-rise
Champ on-the-rise

I have a similar problem with  an Apache2 as proxy in front of Tomcat. The connection to https://www.mydomain.xy/alfresco works with HTTPS and also the admin console. But after the login screen as a user I get an error message (Something's wrong with this page...) and from there I can go back to the login screen by click on "Back to my Dashboard" . Share can not be reached.

I have customized the alfresco-global properties as described in the documentation (alfresco.host, alfresco.port, alfresco.protocol, share.host, share.port, share.protocol). Configuring SSL for a production environment 

But I don't know if I have to do point 1 of the documentation (Set your proxy to forward the following URL extensions to Alfrescoand if I have to change an entry in the share-config-custom.xml.

CSRF Token Filter in share-config-custom.xml disabled.

Hi alxgomz,
The Alfresco Content Services mobile app does not communicate with sites that have the ssl protocol.
I installed Let's Encrypt on a website.
Sites with http connects normally
When trying to connect through the application, the following error message occurs:

Save Account
Couldn't save account. Check your account settings with your IT Team
Retry with diagnostic
Done

Clicking on Retry with diagnosis.
Go through the steps with the exception of Checking repository connection

Any configuration to be done?
Thank you.
José Roberto.