2

I am using alfresco community 5.0.d and its installed on AWS. I am able to use it via http but I am not able to use it via https.

I have added security listener to https in AWS and also modified alfresco-global.properties as below.

alfresco.context=alfresco
alfresco.host=127.0.0.1
alfresco.port=443
alfresco.protocol=https

share.context=share
share.host=127.0.0.1
share.port=443
share.protocol=https

Still no solution.

Could you let me know the steps or blog for the process.

Thanks.

nikhil84
  • 3,235
  • 4
  • 22
  • 43
  • I know I am not answering your question, but I had same issue time ago on my AWS. The easiest thing I have done is to put Apache in front of it. Easier to configure than Tomcat, and I have many advantages for example when updating SSL certificates. – Leonardo Jan 31 '17 at 21:48
  • @Leonardo Could you please elaborate on how to make those changes? – nikhil84 Jan 31 '17 at 22:22
  • @nikhil84 did you read the link I gave in the answer? http://docs.alfresco.com/5.0/tasks/configure-ssl-prod.html That gives you information on configuring apache with ajp for alfresco. You can find out more info on https://tomcat.apache.org/connectors-doc/common_howto/proxy.html around this in general, or google around if things aren't clear. – Jeff R. Feb 01 '17 at 00:16

2 Answers2

1

Personally, I have not set this up on AWS myself, so I don't know how that will effect things and what AWS services you can use to help with some of this, but look at the docs around setting up Alfresco with SSL for test or prod depending on what you want. You need to update your tomcat config or put something in front of it.

http://docs.alfresco.com/5.0/tasks/configure-ssl-test.html http://docs.alfresco.com/5.0/tasks/configure-ssl-prod.html

Also, if you're going to hit this from the internet (which I assume you are), you should change things from localhost to an IP or hostname. If you're doing SSL that really works, you'll want to use a real certificate and not just a self cert. In that case, you're going to need to make sure your hostname is registered and that the certificate is created against it.

Jeff R.
  • 188
  • 7
0

As I said in my comment, this is not what has been asked, but as requested I am explaining my configuration.

I am warning everyone that I am not a network administrator, and even if I am using Alfresco on production use (with back up etc...) the website I am running is not under heavy load, or mission critical, and no-body is interested in hacking my website. So the scenario and configuration below may be unsuitable for you.

Scenario:

  • Host: one EC2 instance (Linux)
  • http blocked by EC2 rule, https only allowed
  • Apache listening to https
  • Alfresco 4.2 default installation, listening http

And the configuration for my domain:

<VirtualHost *:443>
   ServerName mydomain.com
   ServerAlias www.mydomain.com
   DocumentRoot /alldomain/mydomain/https

   ErrorLog path.to.log

   SSLEngine on
   SSLCertificateFile /path.to.crts/mydomain.crt
   SSLCertificateKeyFile /path.to.keys/mydomain.key
   SSLCertificateChainFile /path.to.pems/sub.class1.server.sha2.ca.pem

   ProxyPass /share ajp://127.0.0.1:8009/share
   ProxyPassReverse /share ajp://127.0.0.1:8009/share

   ProxyPass /alfresco ajp://127.0.0.1:8009/alfresco
   ProxyPassReverse /alfresco ajp://127.0.0.1:8009/alfresco

</VirtualHost>

As I also said I have many advantages:

  • Easier to renew and change certificates
  • I can redirect users when doing Alfresco maintenance
  • I can tune http cache to reduce load on Alfresco
Leonardo
  • 9,607
  • 17
  • 49
  • 89