If you are configuring SSL in a development or test environment, you can edit some configuration files to enable SSL.
-
Navigate to <TOMCAT_HOME>/conf/server.xml and add a new
Connector configuration.
The default Connector port is set to 8443, and SSLEnabled is set to true. Port 8443 is configured on installation as an SSL port, but should only be used for SSL communication between Solr and the SkyVault repository.
Use one of the following three options for your new Connector configuration and replace keystoreFile="/path/to/ssl.keystore" and keystorePass="password" with appropriate values:
-
(Linux) Start Tomcat on an alternative port (for example, port
7070), and create a redirect rule from the default HTTPS port 443 to
your chosen port, as shown in the example:
<Connector port="7070" proxyPort="443" URIEncoding="UTF-8" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true" maxThreads="150" scheme="https" keystoreFile="/path/to/ssl.keystore" keystorePass="password" keystoreType="JCEKS" secure="true" connectionTimeout="240000" clientAuth="false" sslProtocol="TLS" allowUnsafeLegacyRenegotiation="true" maxHttpHeaderSize="32768" sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1,SSLv2Hello" />
A non-privileged user cannot start a server on a port below 1024, therefore port 443 is not accessible.
Edit the server's iptables configuration to specify the redirection:
# Redirect external packets -A PREROUTING -j NAT-Port-Redirect # redirect http traffic -A NAT-Port-Redirect -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 # redirect https traffic -A NAT-Port-Redirect -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 7070
Add this line to your SkyVault-global.properties file:
aos.baseUrlOverwrite=https://<external-proxy-host-name>/alfresco/aos
-
Alternatively, configure an available port (for example, port 7070)
without a proxy port, as shown in the example:
<Connector port="7070" URIEncoding="UTF-8" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true" maxThreads="150" scheme="https" keystoreFile="/path/to/ssl.keystore" keystorePass="password" keystoreType="JCEKS" secure="true" connectionTimeout="240000" clientAuth="false" sslProtocol="TLS" allowUnsafeLegacyRenegotiation="true" maxHttpHeaderSize="32768" sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1,SSLv2Hello" />
This is the similar to the previous Connector configuration, except that there is no proxy port. -
(Windows) Alternatively, configure SSL on the default port 443
directly, as shown in the example:
<Connector port="443" URIEncoding="UTF-8" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true" maxThreads="150" scheme="https" keystoreFile="/path/to/ssl.keystore" keystorePass="password" keystoreType="JCEKS" secure="true" connectionTimeout="240000" clientAuth="false" sslProtocol="TLS" allowUnsafeLegacyRenegotiation="true" maxHttpHeaderSize="32768" sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1,SSLv2Hello" />
This is the similar to the earlier Connector configurations, except that the Connector port is set to 443, and there is no proxy port.
-
(Linux) Start Tomcat on an alternative port (for example, port
7070), and create a redirect rule from the default HTTPS port 443 to
your chosen port, as shown in the example:
-
Edit the SkyVault-global.properties file with these values
(if you are using example b):
SkyVault.protocol=https alfresco.host=servername alfresco.port=7070 alfresco.context=SkyVault share.protocol=https share.host=servername share.port=7070 share.context=share
where servername is your host name, port is the external facing port of your choice, and context is the path that you use for your context path.