Upgrade Your Drupal Skills
We trained 1,000+ Drupal Developers over the last decade.
See Advanced Courses NAH, I know EnoughMaking Healthcare Organizations More Efficient and Secure
For the past year, I have been working with multiple healthcare organizations and the one area that is always is a concern is security. One example is to secure the connection between the Drupal and Alfresco integration and to do that the first step is to secure the Alfresco instance.
In this example, we are working with only one Drupal development and one Alfresco development instance, in most cases there will be more than one instance to account for disaster recovery and replication.
Assumptions:
We are assuming that we already have Drupal and Alfresco installed.
Other assumptions:
Ubuntu Server 13.10
Alfresco 4.1.4 (compatible version from 4.x)
Apache 2.2.22 (compatible version from 2.x)
Install Alfresco (version 4.1.4)
- Install Alfresco
- Configure CSRF for Alfresco Share
$ sudo vim /opt/alfresco/tomcat/shared/classes/alfresco/web-extension/share-config-custom.xml Alfresco-CSRFToken Alfresco-CSRFToken Alfresco-CSRFToken POST\/page\/caches\/dependency\/clear|\/page\/index|\/page\/surfBugStatus|\/page\/modules\/deploy|\/page\/modules\/module|\/page\/api\/javascript\/debuggerfalsehttps://alfresco.mysite.com:8080/.*falsehttps://alfresco.mysite.com:8080 POST/page/dologin.*|\/page/site\/[^\/]+\/start-workflow|^\/page/start-workflowfalsehttps://alfresco.mysite.com:8080/.*falsehttps://alfresco.mysite.com:8080 GET^/page/dologout.*Alfresco-CSRFTokenAlfresco-CSRFToken .* Alfresco-CSRFTokenAlfresco-CSRFToken GET^/page/.*.*.*Alfresco-CSRFTokenAlfresco-CSRFToken POST^multipart/.*.*Alfresco-CSRFTokenAlfresco-CSRFTokenfalsehttps://alfresco.mysite.com:8080/.*falsehttps://alfresco.mysite.com:8080 POST|PUT|DELETE.*Alfresco-CSRFTokenAlfresco-CSRFTokenfalsehttps://alfresco.mysite.com:8080/.*falsehttps://alfresco.mysite.com:8080
- Restart Alfresco
$ sudo /opt/alfresco_ent414/alfresco.sh stop
$ sudo /opt/alfresco_ent414/alfresco.sh start
Install HTTPS over Apache Webserver (Ubuntu)
- Install Apache webserver
$ sudo apt-get install apache2
- Install Apache modules mod_jk, mod_ssl and enable the modules.
$ sudo apt-get install libapache2-mod-jk
$ sudo a2enmod jk ssl
- Create cert/key file.
$ cd /etc/apache2
$ mkdir cert key
$ openssl req -new -x509 -days 365 -keyout key/mysite.key -out cert/mysite.crt -nodes -subj '/O=mysite Technology/OU=Alfresco Department/CN=alfresco.mysite.com'
- Create a workers properties file to define the load balancing.
$ sudo vim /etc/libapache2-mod-jk/workers.properties
workers.properties:
workers.tomcat_home=<tomcat_home alf_home="">
workers.java_home=<java_home>
worker.list=<worker_id>
worker.<worker_id>.port=8009
worker.<worker_id>.host=localhost
worker.<worker_id>.type=ajp13
worker.<worker_id>.lbfactor=1
For example:
workers.tomcat_home=/opt/alfresco_ent414
workers.java_home=/opt/alfresco_ent414/java
worker.list=ajp13_worker
worker.ajp13_worker.port=8009
worker.ajp13_worker.host=localhost
worker.ajp13_worker.type=ajp13
worker.ajp13_worker.lbfactor=1
- Define a virtual host configuration. (This will depend on your system setup)
ServerName alfresco.appno.com SSLEngine On SSLCertificateFile cert/mysite.crt SSLCertificateKeyFile key/mysite.key SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars +StrictRequire # Send everything for context / to worker named worker1 via ajp13 JkMount /alfresco ajp13_worker JkMount /alfresco/* ajp13_worker JkMount /share ajp13_worker JkMount /share/* ajp13_worker ErrorLog ${APACHE_LOG_DIR}/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined
- Restart Apache webserver
$ sudo service apache restart
If everything went well, you should now be able to visit your site at alfresco.mysite.com/alfresco and alfresco.mysite.com/share.
For a similar installation under centOS/Redhat see a related post here.
About Drupal Sun
Drupal Sun is an Evolving Web project. It allows you to:
- Do full-text search on all the articles in Drupal Planet (thanks to Apache Solr)
- Facet based on tags, author, or feed
- Flip through articles quickly (with j/k or arrow keys) to find what you're interested in
- View the entire article text inline, or in the context of the site where it was created
See the blog post at Evolving Web