Alfresco Community Edition is an open source version of the Alfresco
Content Services. It is written in Java and uses PostgreSQL to store its
database. Alfresco is an enterprise content management system for many types of
digital assets such as documents, records, web, images, videos and more. It is
also used for collaborative content development. The file repository of your
hosted Alfresco can be accessed using SMB, WebDAV, FTP, and CIMS. Searching
through the files is powered by Apache Solr.
Prerequisites
For this tutorial, we will use 192.168.0.1 as the public IP
address and share.example.com as the domain name pointed towards the
Cobra instance. Please make sure to replace all occurrences of the example
domain name and public IP address with the actual one.
Update your base system using the guide How to Update CentOS 7.
Once your system has been updated, proceed to install the dependencies.
Install Dependencies
Alfresco provides a ready to install binary installer package which
contains all the software required to run the application. However, we need to
install a few dependencies to support the LibreOffice plugin.
sudo yum -y install fontconfig libSM libICE libXrender libXext cups-libs
libGLU cairo mesa-libGL-devel
Remove Postfix.
sudo yum -y remove postfix
Install Alfresco
Download the installer package from the Alfresco website. You can always
find the link to the latest installer on the Alfresco download page.
wget
https://download.alfresco.com/release/community/201707-build-00028/alfresco-community-installer-201707-linux-x64.bin
Provide execution permissions to the installer file.
sudo chmod +x alfresco-community-installer-201707-linux-x64.bin
Start the installation.
sudo ./alfresco-community-installer-201707-linux-x64.bin
Select the language of installation. For the installation type, you can
choose the first one which says "Easy install" method. This will
install the application with the default configuration.
Choose the default location /opt/alfresco-community for the
installation of the application.
Specify the administrator password and choose "Y" for the
installation as a service. This will create a startup service to easily start
and manage the application process.
Note: Alfresco recommends at least 2 CPU and 4GB RAM. If your
system does not have the recommended configuration, you might get a warning
saying the environment is not configured optimally for Alfresco Content
Services, however, you can still proceed with the installation.
The installation of the application should start now. Once the application
is installed, you will be asked if you want to launch Alfresco Community
server. If you choose "Y", the application will start the server
immediately and you will see the following output.
Launch Alfresco Community [Y/n]: y
waiting for server to start.... done
server started
/opt/alfresco-community/postgresql/scripts/ctl.sh : postgresql
started at port 5432
Using CATALINA_BASE: /opt/alfresco-community/tomcat
Using CATALINA_HOME: /opt/alfresco-community/tomcat
Using CATALINA_TMPDIR: /opt/alfresco-community/tomcat/temp
Using JRE_HOME:
/opt/alfresco-community/java
Using CLASSPATH:
/opt/alfresco-community/tomcat/bin/bootstrap.jar:/opt/alfresco-community/tomcat/bin/tomcat-juli.jar
Using CATALINA_PID:
/opt/alfresco-community/tomcat/temp/catalina.pid
Tomcat started.
/opt/alfresco-community/tomcat/scripts/ctl.sh : tomcat started
Since the installer also added a startup service, you can also start the
application.
sudo systemctl start alfresco
Enable the Alfresco service to automatically start at boot time and
failures.
sudo systemctl enable alfresco
By default, Alfresco starts the Tomcat web server to serve the
application on the port 8080. To check if the Alfresco server is working,
allow the required port 8080 through the system firewall.
sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent
sudo firewall-cmd --reload
Open your favorite browser and go to http://192.168.0.1:8080/share,
you will see the Alfresco landing page.
Configure Reverse Proxy
By default, Alfresco's Tomcat server listens to the port 8080. In
this tutorial, we will use Nginx as the reverse proxy so that the application
can be accessed via standard HTTP and HTTPS ports. We will
also configure Nginx to use an SSL generated with Let's Encrypt free SSL.
Install the Nginx web server.
sudo yum -y install nginx
Start the web server and enable it to automatically start at boot time.
sudo systemctl start nginx
sudo systemctl enable nginx
Install Certbot, which is a client application for Let's Encrypt CA.
sudo yum -y install certbot
Before you can request the certificates, you will need to allow the
ports 80 and 443 through the firewall. Also, remove the
port 8080 from the list of firewall exceptions as it is no longer
required.
sudo firewall-cmd --zone=public --remove-port=8080/tcp --permanent
sudo firewall-cmd --zone=public --add-service=http --permanent
sudo firewall-cmd --zone=public --add-service=https --permanent
sudo firewall-cmd --reload
Note: To obtain certificates from Let's Encrypt CA, the domain
for which the certificates are to be generated must be pointed towards the
server. If not, make the necessary changes to the DNS records of the domain and
wait for the DNS to propagate before making the certificate request again.
Certbot checks the domain authority before providing the certificates.
Generate the SSL certificates.
sudo certbot certonly --webroot -w /usr/share/nginx/html -d
share.example.com
The generated certificates are likely to be stored
in /etc/letsencrypt/live/share.example.com/. Let's Encrypt certificates
expire in 90 days, hence it is recommended to set up auto-renewal of the
certificates using Cron jobs.
Open the cron job file.
sudo crontab -e
Add the following line at the end of the file.
30 5 * * * /usr/bin/certbot renew --quiet
The above cron job will run every day at 5:30 AM. If the certificate is
due for expiry, it will automatically be renewed.
Edit Alfresco's Tomcat server configuration file.
sudo nano /opt/alfresco-community/tomcat/conf/server.xml
Find the following lines.
<Connector port="8080" URIEncoding="UTF-8"
protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" maxHttpHeaderSize="32768" />
Add the line proxyPort="443"
scheme="https" in the above configuration block so that it looks
like the block shown below.
<Connector port="8080" URIEncoding="UTF-8"
protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" maxHttpHeaderSize="32768"
proxyPort="443" scheme="https" />
Open the Alfresco default configuration file.
sudo nano /opt/alfresco-community/tomcat/shared/classes/alfresco-global.properties
Find the following lines.
alfresco.context=alfresco
alfresco.host=127.0.0.1
alfresco.port=8080
alfresco.protocol=http
share.context=share
share.host=127.0.0.1
share.port=8080
share.protocol=http
...
system.serverMode=UNKNOWN
Change the above lines according to your system. It should look like
what is shown below.
alfresco.context=alfresco
alfresco.host=share.example.com
alfresco.port=443
alfresco.protocol=https
share.context=share
share.host=share.example.com
share.port=443
share.protocol=https
...
system.serverMode=PRODUCTION
Create a new server block file for Alfresco.
sudo nano /etc/nginx/conf.d/share.example.com.conf
Populate the file.
server {
listen 80;
server_name share.example.com;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name share.example.com;
ssl_certificate
/etc/letsencrypt/live/share.example.com/fullchain.pem;
ssl_certificate_key
/etc/letsencrypt/live/share.example.com/privkey.pem;
ssl on;
ssl_session_cache builtin:1000
shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers
HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log
/var/log/nginx/alfresco.access.log;
location / {
root
/opt/alfresco-community/tomcat/webapps/ROOT;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_pass
http://localhost:8080;
proxy_redirect default;
}
location /share/ {
root
/opt/alfresco-community/tomcat/webapps/share/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_pass
http://localhost:8080/share/;
proxy_redirect http:// https://;
}
location /alfresco/ {
root
/opt/alfresco-community/tomcat/webapps/alfresco/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_pass
http://localhost:8080/alfresco/;
proxy_redirect http:// https://;
}
}
Restart the web server and Alfresco service so that the changes in the
configuration can take effect.
sudo systemctl restart nginx alfresco
Alfresco is now installed and configured on your server, access the
Alfresco modules at the following address.
https://share.example.com/alfresco
To access the Alfresco share services, visit the following address.
https://share.example.com/share
Log in using the initial administrator account, admin and the
password you have chosen during installation.
Congratulations, Alfresco community edition is now installed on your
server.