After installing Alfresco, you will typically be accessing it using a URL like http://mydomain.com:8080/share. The problem with that, particularly if your server is internet-facing, is that each time you log in, your username and password are sent as plain text across the network. This is a security risk. If you login via a SSL proxy server, though, your credentials and data are encrypted. This article outlines a simple method that has worked for me on both Alfresco 4.2 and Alfresco 5.0.d – both running on Ubuntu 14.04. Many thanks to Bob Johnson for his reply to an Alfresco forums article in 2013 – this post reflects my adaptation of Bob’s instructions.
Install Apache with SSL
- Install Apache on the server that is running Alfresco.
sudo apt-get install apache2
- Enable the SSL module
sudo a2enmod ssl
- Copy server.cert and intermediate.cert to /etc/apache2. You can create self-signed certificates for Apache if you have not purchased certificates.
- Enable the site default-ssl
sudo a2ensite default-ssl
- This creates sites-enabled/default-ssl.conf which is a link to sites-available/default-ssl.conf
- Rename sites-enabled/000-default.conf – this is now superseded
cd /etc/apache2/sites-enabled sudo mv 000-default.conf 000-default.old
- Edit /etc/apache2/sites-available/default-ssl.conf
<IfModule mod_ssl.c> <VirtualHost *:80> ServerName www.yourdomain.com # change http to https Redirect permanent / https://www.yourdomain.com </VirtualHost> <VirtualHost *:443> SSLEngine On SSLCertificateFile /etc/apache2/server.cert SSLCACertificateFile /etc/apache2/intermediate.cert ServerName www.yourdomain.com DocumentRoot /var/www/html </VirtualHost> </IfModule>
- Test Apache and SSL by browsing to http://www.yourdomain.com. You should be redirected to https://www.yourdomain.com.
Set up Apache as a proxy
- We will be using the mod_jk module in Apache to talk to Alfresco (ie. tomcat) using the AJP protocol. First ensure that tomcat is set up to use the AJP protocol by checking server.xml – eg. /opt/alfresco-5.0.d/tomcat/conf/server.xml
- Ensure that the ‘AJP/1.3’ protocol line below is not commented out.
<!-- Define an AJP 1.3 Connector on port 8009 --> <Connector port="8009" URIEncoding="UTF-8" protocol="AJP/1.3" redirectPort="8443" />
- If you needed to modify server.xml above, restart apache
sudo service apache2 restart
- Install mod_jk for apache2
sudo apt-get install libapache2-mod-jk
- Modify /etc/apache2/sites-available/default-ssl.conf further.
Notice the new ‘location’ section and the ‘JkMount’ line.
<IfModule mod_ssl.c> <VirtualHost *:80> ServerName www.yourdomain.com Redirect permanent / https://www.yourdomain.com/ </VirtualHost> <VirtualHost *:443> SSLEngine On SSLCertificateFile /etc/apache2/server.cert SSLCACertificateFile /etc/apache2/intermediate.cert ServerName www.yourdomain.com DocumentRoot /var/www/html <Location /> SSLRequireSSL On SSLVerifyClient optional SSLRenegBufferSize 104860000 SSLVerifyDepth 1 SSLOptions +StdEnvVars +StrictRequire </Location> # Send everything for the context / to worker named worker1 via ajp13 JkMount /* ajp13_worker </VirtualHost> </IfModule>
Your credentials, and subsequent data transfers between your browser and Alfresco share, will now be encrypted.
Configuring SSL for a production environment in the official Alfresco documentation.
Apache JServe Protocol http://www.ehow.com/facts_7181755_ajp-protocol_.html
Order of the Bee – an independent organisation of the Alfresco community. Web-site includes good technical and non-technical posts and other information, focussed on Alfresco Community Edition (CE).