06-27-2019 01:59 AM
I've been trying to check is it possible to set both HTTP and HTTPS running at the same time, something like with URLs below.
My co-worker is developing a client for Alfresco and he would need to test that the client is working with both HTTP and HTTPS.
I've got alfresco 5.2 running on URL http://alfresco.domain.com:8080
Server is Ubuntu 16.04 with Apache2 installed.
My understanding is that I need to configure alfresco-global.properties as in document https://docs.alfresco.com/5.2/tasks/configure-ssl-prod.html but in this document there's only information about sharing https port.
Is it possible to share port 80 and 443 at the same time?
Other option what I'm thinking is to use URL http://alfresco.domain.com:8080 for HTTP testing as this way the user/client is connecting straight to tomcat. For HTTPS I'd configure as instructed in the document above and use URL https://alfresco.domain.com
07-03-2019 05:14 AM
I'm still not sure if it's possible to share both protocols at the same time, but I can access with both HTTP and HTTPS Alfresco 5.2 running on Ubuntu 16.04 with these steps.
sudo a2enmod rewrite
sudo apt-get install libapache2-mod-jk
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo /opt/alfresco-community/alfresco.sh stop
# Uncomment line below from server.xml
sudo vim /opt/alfresco-community/tomcat/conf/server.xml
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" URIEncoding="UTF-8" />
# Check worker properties. These settings were automatically generated, nothing needed to be changed.
sudo vim /etc/libapache2-mod-jk/workers.properties
worker.list=ajp13_worker
worker.ajp13_worker.port=8009
worker.ajp13_worker.host=localhost
worker.ajp13_worker.type=ajp13
worker.ajp13_worker.lbfactor=1
# Apache configuration
# If you don't have SSL certs you need to comment the SSL part out. You can generate SSL certs with certbot.
# https://certbot.eff.org/lets-encrypt/ubuntuxenial-apache
/etc/apache2$ cat sites-enabled/alfresco-https.example-domain.com.conf
<VirtualHost *:80>
ServerAdmin it@example-domain.com
ServerName alfresco-https.example-domain.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyPreserveHost On
# Making sure that pgadmin4 is excluded from proxy
ProxyPass /pgadmin4 !
ProxyPassReverse /pgadmin4 !
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
# Disable footer line (more security, by not giving apache version)
# Source: https://www.tecmint.com/hide-apache-web-server-version-information/
ServerSignature Off
</VirtualHost>
<VirtualHost *:443>
ServerName alfresco-https.example-domain.com
ErrorLog ${APACHE_LOG_DIR}/https-error.log
CustomLog ${APACHE_LOG_DIR}/https-access.log combined
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
# JkOptions indicate to send SSL KEY SIZE,
JkOptions +ForwardKeySize -ForwardDirectories
# Using ajp13_worker as that's default setting in /etc/libapache2-mod-jk/workers.properties
# Setting is created automatically when installnig libapache2-mod-jk
# sudo apt-get install libapache2-mod-jk
JkMount /share ajp13_worker
JkMount /share/* ajp13_worker
JkMount /alfresco/webdav ajp13_worker
JkMount /alfresco/webdav/* ajp13_worker
JkMount / ajp13_worker
JkMount /_vti_inf.html ajp13_worker
JkMount /_vti_bin/* ajp13_worker
JkMount /alfresco ajp13_worker
JkMount /alfresco/ ajp13_worker
JkMount /alfresco/aos ajp13_worker
JkMount /alfresco/aos/* ajp13_worker
JkMount /alfresco/images/* ajp13_worker
JkMount /alfresco/css/* ajp13_worker
# Un-comment these lines for public API access
JkMount /alfresco/api/*/cmis/versions/* ajp13_worker
JkMount /alfresco/api/*/public/cmis/versions/* ajp13_worker
JkMount /alfresco/api/*/public/alfresco/versions/* ajp13_worker
JkMount /alfresco/service/api/server ajp13_worker
JkMount /alfresco/cmisatom/* ajp13_worker
JkMount /alfresco/service/cmis/* ajp13_worker
JkMount /alfresco/api/cmis/versions/* ajp13_worker
# Un-comment these lines for Desktop Sync
# JkMount /alfresco/api/*/private/alfresco/versions/* ajp13_worker
SSLCertificateFile /etc/letsencrypt/live/alfresco-https.example-domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/alfresco-https.example-domain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
# Disable footer line (more security, by not giving apache version)
# Source: https://www.tecmint.com/hide-apache-web-server-version-information/
ServerSignature Off
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
# Check Apache configuration and restart it
sudo apachectl configtest
sudo apachectl restart
# Start Alfresco
sudo /opt/alfresco-community/alfresco.sh start
# Check Alfresco starting logs to know when the server has really started.
less +F /opt/alfresco-community/tomcat/logs/catalina.out
# URLs below should work after Alfresco has been started.
http://alfresco-https.example-domain.com
http://alfresco-https.example-domain.com:8080
https://alfresco-https.example-domain.com
I didn't change anything in alfresco-global.properties, but I haven't installed the server originally, so I'm not sure if something has been configured in there. Here's the whole file.
alfresco-https:/opt/alfresco-community/tomcat/shared/classes$ sudo less alfresco-global.properties
###############################
## Common Alfresco Properties #
###############################
dir.root=/opt/alfresco-community/alf_data
alfresco.context=alfresco
alfresco.host=127.0.0.1
alfresco.port=8080
alfresco.protocol=http
share.context=share
share.host=127.0.0.1
share.port=8080
share.protocol=http
### database connection properties ###
db.driver=org.postgresql.Driver
db.username=alfresco
db.password=admin
db.name=alfresco
db.url=jdbc:postgresql://localhost:5432/${db.name}
# Note: your database must also be able to accept at least this many connections. Please see your database documentation for instructions on how to configure this.
db.pool.max=275
db.pool.validate.query=SELECT 1
# The server mode. Set value here
# UNKNOWN | TEST | BACKUP | PRODUCTION
system.serverMode=UNKNOWN
### FTP Server Configuration ###
ftp.port=21
### RMI registry port for JMX ###
alfresco.rmi.services.port=50500
### External executable locations ###
ooo.exe=/opt/alfresco-community/libreoffice/program/soffice.bin
ooo.enabled=true
ooo.port=8100
img.root=/opt/alfresco-community/common
img.dyn=${img.root}/lib
img.exe=${img.root}/bin/convert
alfresco-pdf-renderer.root=/opt/alfresco-community/common/alfresco-pdf-renderer
alfresco-pdf-renderer.exe=${alfresco-pdf-renderer.root}/alfresco-pdf-renderer
jodconverter.enabled=false
jodconverter.officeHome=/opt/alfresco-community/libreoffice
jodconverter.portNumbers=8100
### Initial admin password ###
alfresco_user_store.adminpassword=209c6174da490caeb422f3fa5a7ae634
### E-mail site invitation setting ###
notification.email.siteinvite=false
### License location ###
dir.license.external=/opt/alfresco-community
### Solr indexing ###
index.subsystem.name=solr4
dir.keystore=${dir.root}/keystore
solr.host=localhost
solr.port.ssl=8443
alfresco-global.properties
07-03-2019 05:14 AM
I'm still not sure if it's possible to share both protocols at the same time, but I can access with both HTTP and HTTPS Alfresco 5.2 running on Ubuntu 16.04 with these steps.
sudo a2enmod rewrite
sudo apt-get install libapache2-mod-jk
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo /opt/alfresco-community/alfresco.sh stop
# Uncomment line below from server.xml
sudo vim /opt/alfresco-community/tomcat/conf/server.xml
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" URIEncoding="UTF-8" />
# Check worker properties. These settings were automatically generated, nothing needed to be changed.
sudo vim /etc/libapache2-mod-jk/workers.properties
worker.list=ajp13_worker
worker.ajp13_worker.port=8009
worker.ajp13_worker.host=localhost
worker.ajp13_worker.type=ajp13
worker.ajp13_worker.lbfactor=1
# Apache configuration
# If you don't have SSL certs you need to comment the SSL part out. You can generate SSL certs with certbot.
# https://certbot.eff.org/lets-encrypt/ubuntuxenial-apache
/etc/apache2$ cat sites-enabled/alfresco-https.example-domain.com.conf
<VirtualHost *:80>
ServerAdmin it@example-domain.com
ServerName alfresco-https.example-domain.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyPreserveHost On
# Making sure that pgadmin4 is excluded from proxy
ProxyPass /pgadmin4 !
ProxyPassReverse /pgadmin4 !
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
# Disable footer line (more security, by not giving apache version)
# Source: https://www.tecmint.com/hide-apache-web-server-version-information/
ServerSignature Off
</VirtualHost>
<VirtualHost *:443>
ServerName alfresco-https.example-domain.com
ErrorLog ${APACHE_LOG_DIR}/https-error.log
CustomLog ${APACHE_LOG_DIR}/https-access.log combined
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
# JkOptions indicate to send SSL KEY SIZE,
JkOptions +ForwardKeySize -ForwardDirectories
# Using ajp13_worker as that's default setting in /etc/libapache2-mod-jk/workers.properties
# Setting is created automatically when installnig libapache2-mod-jk
# sudo apt-get install libapache2-mod-jk
JkMount /share ajp13_worker
JkMount /share/* ajp13_worker
JkMount /alfresco/webdav ajp13_worker
JkMount /alfresco/webdav/* ajp13_worker
JkMount / ajp13_worker
JkMount /_vti_inf.html ajp13_worker
JkMount /_vti_bin/* ajp13_worker
JkMount /alfresco ajp13_worker
JkMount /alfresco/ ajp13_worker
JkMount /alfresco/aos ajp13_worker
JkMount /alfresco/aos/* ajp13_worker
JkMount /alfresco/images/* ajp13_worker
JkMount /alfresco/css/* ajp13_worker
# Un-comment these lines for public API access
JkMount /alfresco/api/*/cmis/versions/* ajp13_worker
JkMount /alfresco/api/*/public/cmis/versions/* ajp13_worker
JkMount /alfresco/api/*/public/alfresco/versions/* ajp13_worker
JkMount /alfresco/service/api/server ajp13_worker
JkMount /alfresco/cmisatom/* ajp13_worker
JkMount /alfresco/service/cmis/* ajp13_worker
JkMount /alfresco/api/cmis/versions/* ajp13_worker
# Un-comment these lines for Desktop Sync
# JkMount /alfresco/api/*/private/alfresco/versions/* ajp13_worker
SSLCertificateFile /etc/letsencrypt/live/alfresco-https.example-domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/alfresco-https.example-domain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
# Disable footer line (more security, by not giving apache version)
# Source: https://www.tecmint.com/hide-apache-web-server-version-information/
ServerSignature Off
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
# Check Apache configuration and restart it
sudo apachectl configtest
sudo apachectl restart
# Start Alfresco
sudo /opt/alfresco-community/alfresco.sh start
# Check Alfresco starting logs to know when the server has really started.
less +F /opt/alfresco-community/tomcat/logs/catalina.out
# URLs below should work after Alfresco has been started.
http://alfresco-https.example-domain.com
http://alfresco-https.example-domain.com:8080
https://alfresco-https.example-domain.com
I didn't change anything in alfresco-global.properties, but I haven't installed the server originally, so I'm not sure if something has been configured in there. Here's the whole file.
alfresco-https:/opt/alfresco-community/tomcat/shared/classes$ sudo less alfresco-global.properties
###############################
## Common Alfresco Properties #
###############################
dir.root=/opt/alfresco-community/alf_data
alfresco.context=alfresco
alfresco.host=127.0.0.1
alfresco.port=8080
alfresco.protocol=http
share.context=share
share.host=127.0.0.1
share.port=8080
share.protocol=http
### database connection properties ###
db.driver=org.postgresql.Driver
db.username=alfresco
db.password=admin
db.name=alfresco
db.url=jdbc:postgresql://localhost:5432/${db.name}
# Note: your database must also be able to accept at least this many connections. Please see your database documentation for instructions on how to configure this.
db.pool.max=275
db.pool.validate.query=SELECT 1
# The server mode. Set value here
# UNKNOWN | TEST | BACKUP | PRODUCTION
system.serverMode=UNKNOWN
### FTP Server Configuration ###
ftp.port=21
### RMI registry port for JMX ###
alfresco.rmi.services.port=50500
### External executable locations ###
ooo.exe=/opt/alfresco-community/libreoffice/program/soffice.bin
ooo.enabled=true
ooo.port=8100
img.root=/opt/alfresco-community/common
img.dyn=${img.root}/lib
img.exe=${img.root}/bin/convert
alfresco-pdf-renderer.root=/opt/alfresco-community/common/alfresco-pdf-renderer
alfresco-pdf-renderer.exe=${alfresco-pdf-renderer.root}/alfresco-pdf-renderer
jodconverter.enabled=false
jodconverter.officeHome=/opt/alfresco-community/libreoffice
jodconverter.portNumbers=8100
### Initial admin password ###
alfresco_user_store.adminpassword=209c6174da490caeb422f3fa5a7ae634
### E-mail site invitation setting ###
notification.email.siteinvite=false
### License location ###
dir.license.external=/opt/alfresco-community
### Solr indexing ###
index.subsystem.name=solr4
dir.keystore=${dir.root}/keystore
solr.host=localhost
solr.port.ssl=8443
alfresco-global.properties
Explore our Alfresco products with the links below. Use labels to filter content by product module.