Make your Alfresco more secure

Alfresco 5.2 + Nginx + SSL using Certbot

Sergey Palyukh
17. Dec ‘18

Alfresco_Nginx_SSL.png

It is step by step instruction how to set up Nginx proxy server over the Alfresco and configure SSL encoding of your requests. For this example, we are using Ubuntu 16.04 and Certbot as a provider of authorised certificates for free.
Pre-requirements:
  • You have to add DNS record to map hostname to the IP of the server.
  • Open ports 80 and 443 for the public access in your firewall 
Guide:
  1. Install Alfresco in any comfortable way:
    • using Alfresco installer
    • manually by deploying WAR files to a servlet container like Tomcat
    • using Doker
  2. Install Nginx 
    $ sudo apt-get install nginx
  3. Configure Nginx to proxy requests to Alfresco
    • Create the config file 
      $ sudo vi /etc/nginx/sites-available/alfresco.conf
    • Put the following content into the config file 
      server {

    listen  80;

    server_name     local.flex-solution.com;

    proxy_redirect	off;
    proxy_buffering	off;

    proxy_set_header        X-Real-IP       $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        host    $host;
    proxy_set_header        X-Forwarded-Server      $host;

    client_max_body_size	1G;

    location / {
        rewrite ^/$ /share;
    }

    location /share {
        proxy_pass https://127.0.0.1:8443/share;
    }


    location /alfresco {
        proxy_pass https://127.0.0.1:8443/alfresco;
    }
}

      Override value of the server_name property to yours and check the proxy_pass values, they should be connected to https protocol and appropriate port, by default https port for Alfresco installation is 8443

    • Save changes and close (:x command in vi editor)
    • Enable Nginx config 
      $ sudo ln -s /etc/nginx/sites-available/alfresco.conf /etc/nginx/sites-enabled
    • Restart Nginx 
      $ sudo systemctl restart nginx
  4. Install Certbot 
    $ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository universe
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx
  5. Generate SSL certificate and apply 
    $ sudo certbot --nginx

That’s all. Currently, your Alfresco server is behind the Nginx proxy server and all requests will go through the SSL. You can test your configuration at ssllabs website (see the arrow at the image above).