i am a kind of newby to alfresco. i want to configure alfresco within a debian 8.9 subsystem and use alfresco 5.2 community.
Now i want to change Ports from 8080 to 80 or 443 as i want to use it from external with an le cert.
But i didn't understand yet, where i have to trigger configuration to work.
My plans are connection by https -> (443) alfresco (share) -> ?(seems to be another portdefinitions?)
but: how to implement it the right way?
Maybe you can give me a hint. The how tos i tried until now didn't run.
hope to hear from you to go on soon
The right way to do that is really to use a reverse proxy in front of your Alfresco instance.
Apache or Nginx are known to work really well with Alfresco and you will for sure find a lot of documentation on how to do it.
It is also possible to setup tomcat to use non default ports but I wouldn't recommand it though if that's for a "non-test system". But if you want to go down that road you will need to change the tomcat/conf/server.xml file and change ports defined in the "Connector" element (8080=>80 & 8443=>443). One of the Connector will be defined as an https connector. For this one, you'll also need to specify the keystore and truststore to use in order for SSL to work. As a consequence, you'll need to setup the appropriate keystores, either using keytool, or using the default one that are shipped with Alfresco (and of course are not considered secured).
But really setting up a reverse proxy is what I would advice.
In both case, you' then need to edit the alfresco-global.properties files in order to change the properties bellow:
thank you for your very helpful post.
Then i want to give it a try using a reverse proxy. Can I use an external one - such like in a Sophos UTM? I am asking because i tried it already starting with https://ecm.tld.net to work fine with the first site. When trying to acess /share and subpanels especially login it doesn't work with ecm.tld.net, 443 and https in alfresco-global.properties (both alfresco and share). May you would give me an idea, how to configure it in this environment to run smooth?
I don't know SOPHOS UTM but if your proxy supports either http, https or ajp to connect to a tomcat backend server then it should work. Of course http and ajp are usually more targeted at local networks. if you use an external proxy you may want to use https instead, and then you're back to the point where you want a tomcat https connector with a proper certificate.
Regarding the issue you talk about... I'm sorry I don't really understand what you mean.
It supports either http or https and stands in front of the network. Therefore i could access alfresco by http.
But trying to access leads to either a redirect to ecm.internal:8080 or gives me a login fault, which let me ask how alfresco-global.properties has to be defined in a proper way to solve reverse proxy acess properly.
Yeah, that's what I was mentioning in my first post. You should configure alfresco-global.properties file as follow:
The above assumes you're using an SSL enabled virtual host on the proxy (regardless of the protocol you use to connect the proxy to the tomcat backend).
i can access for example https://ecm.tld.net, after whole configuration i also can access https://ecm.tld.net/share/page/ but when trying to login i got an error something is wrong, which i can declare as a problem with login. So it seems as I need to change somethings in background with share-login?
Sorry for coming back to you that late, it's been pretty busy days over here!
Well, that depends on the error you're seeing, we would need logs to know what's going on.
But if you are not using AJP to proxy, it's likely to be the CSRF protection that is bothering you.
You can disable CSRF completely (which is of course not recommended), or you can configure it to let your domain go through.
1 - Disable CSRF: Uncomment the CSRF bit in
tomcat/shared/classes/alfresco/web-extension/share-config-custom.xml (should be there by default)
2 - Configure CSRF: Add the CSRF section bellow to the
<config evaluator="string-compare" condition="CSRFPolicy" replace="true">
If your issue is different please share the logs.
I have a similar problem with an Apache2 as proxy in front of Tomcat. The connection to https://www.mydomain.xy/alfresco works with HTTPS and also the admin console. But after the login screen as a user I get an error message (Something's wrong with this page...) and from there I can go back to the login screen by click on "Back to my Dashboard" . Share can not be reached.
I have customized the alfresco-global properties as described in the documentation (alfresco.host, alfresco.port, alfresco.protocol, share.host, share.port, share.protocol). Configuring SSL for a production environment
But I don't know if I have to do point 1 of the documentation (Set your proxy to forward the following URL extensions to Alfresco) and if I have to change an entry in the share-config-custom.xml.
CSRF Token Filter in share-config-custom.xml disabled.