This article describes steps to install and configure Apache proxy with SSL for an Alfresco instance, on an Ubuntu 18 (or later) server.
1. Install Apache:
sudo apt install apache22. Enable required modules
sudo a2enmod ssl
sudo a2enmod headers
sudo a2enmod rewrite
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod proxy_ajp3. Add below text to /etc/apache2/sites-enabled/alfresco.conf, after replacing “dummy.instance.com” with your instance URL
<VirtualHost *:80>
ServerName dummy.instance.com
Redirect permanent / https://dummy.instance.com/
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [NC,R=301,L]
ErrorLog ${APACHE_LOG_DIR}/dummy-instance-error_log.log
CustomLog ${APACHE_LOG_DIR}/dummy-instance-access_log.log common
</VirtualHost>4. Add below text to /etc/apache2/sites-enabled/alfresco-ssl.conf, after replacing “dummy.instance.com” with your instance name
<VirtualHost *:443>
ServerName dummy.instance.com:443
ErrorLog ${APACHE_LOG_DIR}/ssl_customer_name_error.log
TransferLog ${APACHE_LOG_DIR}/ssl_customer_name_access.log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile /etc/apache2/certs/SSL_CERT.crt
SSLCertificateKeyFile /etc/apache2/certs/SSL_CERT_KEY.key
SSLCertificateChainFile /etc/apache2/certs/SSL_CERT_CABUNDLE.ca-bundle
CustomLog ${APACHE_LOG_DIR}/ssl_dummy_request_log.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
RedirectMatch ^/$ https://dummy.instance.com/share/
SSLProxyEngine On
SSLProxyCheckPeerCN off
ProxyVia On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /alfresco ajp://localhost:8009/alfresco
ProxyPassReverse /alfresco ajp://localhost:8009/alfresco
ProxyPass /share ajp://localhost:8009/share
ProxyPassReverse /share ajp://localhost:8009/share
</VirtualHost>5. Copy SSL Certificate files to /etc/apache2/certs
6. Restart Apache Service
sudo service apache2 restartAll done!