Installation Alfresco
Finalisation Installation Ubuntu
Vérification
cat /etc/hosts cat /etc/hostname
Si besoin (a tester) :
hostnamectl set-hostname 'new-hostname-toto'
Update
sudo aptitude safe-upgrade
Install Alfresco
Additionnal lib
sudo add-apt-repository ppa:opencpn/opencpn sudo apt-get update sudo apt-get install -y libfontconfig1 libsm6 libice6 libxrender1 libxt6 libcups2 opencpn libcairo2 ttf-mscorefonts-installer
Install
cd /usr/lib/x86_64-linux-gnu
sudo ln -s mesa/libGL.so.1 ./libGL.so.1
Recuperation de la dernière version d’Alfresco Community :
cd /home/adminssh wget http://eu.dl.alfresco.com.s3.amazonaws.com/release/community/201707-build-00028/alfresco-community-installer-201707-linux-x64.bin chmod u+x /home/adminssh/alfresco-community-installer-201707-linux-x64.bin sudo ./alfresco-community-installer-201707-linux-x64.bin
Option lors de l’installation
Language 2 French Type d'installation 2 Avancé Composants Java [Y/n] :Y PostgreSQL [Y/n] : LibreOffice [Y/n] : Alfresco Community : Y (Cannot be edited) Solr1 [y/N] : Solr4 [Y/n] : Alfresco Office Services [Y/n] : Web Quick Start [y/N] : Intégration de Google Docs [Y/n] : Est-ce que la sélection est correcte ? [Y/n]:
Install Apache
sudo apt-get install apache2 sudo a2enmod rewrite proxy proxy_ajp ssl socache_shmcb
sudo nano /etc/apache2/sites-available/alfresco.conf
<VirtualHost _default_:80> ServerName alfresco-portails.corp.com ErrorLog ${APACHE_LOG_DIR}/alfresco_error.log CustomLog ${APACHE_LOG_DIR}/alfresco_access.log combined RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} </VirtualHost> <VirtualHost _default_:443> ServerName alfresco-portails.corp.com ErrorLog ${APACHE_LOG_DIR}/alfresco_error_ssl.log CustomLog ${APACHE_LOG_DIR}/alfresco_access_ssl.log combined # SSLEngine on # SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem # SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key # SSL Configuration SSLEngine on SSLCertificateFile /etc/ssl/certs/alfresco-portails.corp.com.crt SSLCertificateKeyFile /etc/ssl/private/alfresco-portails.corp.com.key KeepAlive on RewriteEngine on RewriteRule "^/$" "/share" [R=302] LimitRequestFieldSize 65536 ProxyIOBufferSize 65536 ProxyTimeout 300 ProxyPass /solr4 ! ProxyPass / ajp://127.0.0.1:8009/ ProxyPassReverse / ajp://127.0.0.1:8009/ </VirtualHost>
sudo a2ensite alfresco.conf sudo service apache2 restart
Certificats
sudo openssl req -x509 -nodes -days 3600 -newkey rsa:2048 -subj '/C=FR/ST=Auvergne-Rhone-Alpes/L=Lyon/OU=CORP/CN=alfresco-portails.corp.com/emailAddress=admin.alfresco-portails@corp.com/O=Corp-Auvergne-Rhone-Alpes' -keyout /etc/ssl/private/alfresco-portails.corp.com.key -out /etc/ssl/certs/alfresco-portails.corp.com.crt
Customisation Alfresco
JVM
La VM ayant 8G de mémoire nous allons allouer 6144 à la JVM :
sudo nano ctl.sh
start_tomcat() { is_tomcat_running RUNNING=$? if [ $RUNNING -eq 1 ]; then echo "$0 $ARG: tomcat (pid $PID) already running" else rm -f $CATALINA_PID export JAVA_OPTS="-Xms256m -Xmx6144m -XX:+DisableExplicitGC -Djava.awt.headless=true -Dalfresco.home=/opt/alfresco-community -Dcom.sun.management.jmxremote -Dsun.security.ssl.allowUnsafeRenegotiation$ previousdir=`pwd` cd $CATALINA_HOME/.. $TOMCAT_BINDIR/startup.sh if [ $? -eq 0 ]; then echo "$0 $ARG: tomcat started" else echo "$0 $ARG: tomcat could not be started" ERROR=1 fi cd $previousdir fi }
Tomcat
/!\ GeneRatedPass
<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
-->
<Server port="8005" shutdown="SHUTDOWN">
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!--APR library loader. Documentation at /docs/apr.html -->
<!--
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
-->
<!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
<Listener className="org.apache.catalina.core.JasperListener" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">
<!--The connectors can use a shared executor, you can define one or more named thread pools-->
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
-->
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
-->
<Connector port="8080" URIEncoding="UTF-8" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" URIEncoding="UTF-8" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" maxHttpHeaderSize="32768" />
-->
<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
This connector uses the NIO implementation that requires the JSSE
style configuration. When using the APR/native implementation, the
OpenSSL style configuration is required as described in the APR/native
documentation -->
<!--
<Connector port="8443" URIEncoding="UTF-8" protocol="HTTP/1.1"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" maxHttpHeaderSize="32768" />
-->
<Connector port="8443" URIEncoding="UTF-8" protocol="org.apache.coyote.http11.Http11Protocol"
SSLEnabled="true" maxThreads="150" scheme="https"
keystoreFile="/opt/alfresco-community/alf_data/keystore/ssl.keystore"
keystorePass="GeneRatedPass" keystoreType="JCEKS" secure="true"
connectionTimeout="240000"
truststoreFile="/opt/alfresco-community/alf_data/keystore/ssl.truststore"
truststorePass="GeneRatedPass" truststoreType="JCEKS"
clientAuth="want" sslProtocol="TLS"
allowUnsafeLegacyRenegotiation="true"
maxHttpHeaderSize="65536" />
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" URIEncoding="UTF-8" packetSize="65536" />
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->
<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
-->
<Engine name="Catalina" defaultHost="localhost">
<!--For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<!--
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
-->
<!-- Use the LockOutRealm to prevent attempts to guess user passwords
via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
Alfresco
Ajout de la configuration pour le mail
(ex :
192.168.10.211 = serveur de messagerie
192.168.10.200 = serveur ldap
ldap_user = user autorisé à parcourir le ldap
)
sudo nano /opt/alfresco-community/tomcat/shared/classes/alfresco-global.properties
# # Outbound Email Configuration #------------- mail.host=192.168.10.211 #mail.port=25 mail.from.default=noreply.alfresco-portails@corp.com #mail.encoding=UTF-8 #mail.smtp.auth=false #mail.smtp.debug=false #mail.smtp.starttls.enable=false
Authentification chain
# # The default authentication chain # To configure external authentication subsystems see: # http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems #------------- authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap-ad synchronization.synchronizeChangesOnly=true synchronization.syncOnStartup=false alfresco.authentication.allowGuestLogin=false ldap.authentication.allowGuestLogin=false ldap.authentication.java.naming.provider.url=ldap://192.168.10.200:389 ldap.synchronization.java.naming.security.principal=CN=ldap_user,OU=Users,DC=corp,DC=com ldap.synchronization.java.naming.security.credentials=MyStrongPassword #ldap.synchronization.groupSearchBase=OU=Groups,DC=corp,DC=com ldap.synchronization.defaultHomeFolderProvider=companyHomeFolderProvider ldap.authentication.userNameFormat=%s@corp.com ldap.synchronization.import.cron=0 0 0 * * ? #ldap.synchronisation.personQuery=(&(objectclass=user)(|(sAMAccountName=*.26d)(sAMAccountName=*.69r))(!(sAMAccountName=Guest))) ldap.synchronisation.personQuery=(&(objectclass=user) ldap.synchronization.userSearchBase=OU=Users,DC=corp,DC=com ldap.synchronisation.userIdAttributeName=sAMAccountName ldap.synchronisation.userFirstNameAttributeName=givenName ldap.synchronisation.userLastNameAttributeName=sn ldap.synchronisation.userEmailAttributeName=mail # # URL Generation Parameters (The ${localname} token is replaced by the local server name) #------------- alfresco.context=alfresco alfresco.host=alfresco-portails.corp.com alfresco.port=443 alfresco.protocol=https share.context=share share.host=alfresco-portails.corp.com share.port=443 share.protocol=https aos.baseUrlOverwrite=https://alfresco-portails.corp.com/alfresco/aos opencmis.server.override=true opencmis.server.value=https://alfresco-portails.corp.com
Activer l’invitation
Activation de la notification pour l’invitation
sudo nano /opt/alfresco-community/tomcat/shared/classes/alfresco-global.properties
### E-mail site invitation setting ### notification.email.siteinvite=true
Activation dans share de l'option pour inviter.
sudo nano /opt/alfresco-community/tomcat/shared/classes/alfresco/web-extension/share-config-custom.xml
<config evaluator="string-compare" condition="Users" replace="true"> <enable-external-users-panel>true</enable-external-users-panel> </config>
Deplacer le Datastore & les index Solr4 & les log Alfresco
Il est possible de deplacer entierement le dossier alf_data d’alfresco pour ensuite le définir dans le fichier de config, seulement il inclut les dossiers pour postgresql & solr…, il faut donc créer des liens symboliques
Original location :
/opt/alfresco-community/ alf_data/ contentstore contentstore.deleted keystore oouser postgresql solr4 tomcat/ logs
New location :
/opt/alfresco-community/ alf_data/ /datastore/alf_data/contentstore /datastore/alf_data/contentstore.deleted keystore oouser postgresql /Index_Solr/solr4 tomcat/ /log/alfresco/logs
sudo nano /opt/alfresco-community/tomcat/shared/classes/alfresco-global.properties
dir.root=/opt/alfresco-community/alf_data
Deplacer les fichiers
Actuellement
ls -l /opt/alfresco-community/ drwxr-xr-x 8 root root 4096 nov. 21 11:34 alf_data
Datastore
Actuellement
ls -l /opt/alfresco-community/alf_data/ drwxr-xr-x 3 root root 4096 nov. 21 11:34 contentstore drwxr-xr-x 2 root root 4096 nov. 21 11:34 contentstore.deleted sudo mkdir /datastore/alf_data sudo mv /opt/alfresco-community/alf_data/contentstore /datastore/alf_data/contentstore sudo mv /opt/alfresco-community/alf_data/contentstore.deleted /datastore/alf_data/contentstore.deleted sudo ln -sf /datastore/alf_data/contentstore /opt/alfresco-community/alf_data/contentstore sudo ln -sf /datastore/alf_data/contentstore.deleted /opt/alfresco-community/alf_data/contentstore.deleted
Au cas ou
unlink /opt/alfresco-community/alf_data/contentstore unlink /opt/alfresco-community/alf_data/contentstore.deleted
Verification
sudo ls -l /opt/alfresco-community/alf_data/ lrwxrwxrwx 1 root root 32 nov. 21 14:14 contentstore -> /datastore/alf_data/contentstore lrwxrwxrwx 1 root root 40 nov. 21 14:15 contentstore.deleted -> /datastore/alf_data/contentstore.deleted sudo ls -l /datastore/alf_data/ drwxr-xr-x 3 root root 4096 nov. 21 11:34 contentstore drwxr-xr-x 2 root root 4096 nov. 21 11:34 contentstore.deleted
Solr4
Actuellement
sudo ls -l /opt/alfresco-community/alf_data/ drwxr-xr-x 5 root root 4096 nov. 21 11:34 solr4
sudo mkdir /Index_Solr/solr4 sudo mv /opt/alfresco-community/alf_data/solr4/ /Index_Solr sudo ln -sf /Index_Solr/solr4 /opt/alfresco-community/alf_data/solr4 #Controle sudo ls -l /opt/alfresco-community/alf_data/
Log
Deplacer les log Alfresco
Nous allons deplacer les log d’Alfresco sur une partition dédié /log pour eviter une coupure du service Alfresco en cas de disque full a cause des log
sudo service alfresco stop sudo mkdir /log/alfresco sudo mv /opt/alfresco-community/tomcat/logs /log/alfresco/ sudo ln -s /log/alfresco/logs /opt/alfresco-community/tomcat/logs sudo service alfresco start
Deplacer les log System (optionnel)
Si la machine n’est pas configuré correctement en amont il faut deplacer manuellement le dossier log
On essaye de couper tout ce qui gratte dans le dossier log
sudo service alfresco stop sudo service apache2 stop sudo service rsyslog stop
On deplace
sudo mkdir /log/system sudo mv /var/log /log/system/ sudo ln -s /log/system/log /var/log
Debug
Erreur 500 sur Share
Checker le fichier server.xml
Ressource documentaire
« Documentation : »http://docs.alfresco.com/community/
Notes
Installation Ubuntu
Installation Alfresco
Min 4gb
http://www.whiteboardcoder.com/2017/01/this-document-is-going-to-go-over.html
apt-get install libreoffice #(a verifier) ## The libgl1-mesa-glx library is originally located into a folder named 'mesa'. ## You need to create a copy or a sym-link to the origin sudo apt-get install libice6 libsm6 libxt6 libxrender1 libfontconfig1 libcups2 libglu1-mesa libcairo2 libgl1-mesa-glx cd /usr/lib/x86_64-linux-gnu ln -s mesa/libGL.so.1 ./libGL.so.1 ## Check installed libraries sudo ldconfig -vp | grep "fontconfig\|libSM\|libICE\|libXrender\|libXext\|libcups\|libGLU\|libcairo\|libgl"
cd /home/adminssh wget http://eu.dl.alfresco.com.s3.amazonaws.com/release/community/201707-build-00028/alfresco-community-installer-201707-linux-x64.bin chmod +x alfresco-community-installer-201707-linux-x64.bin sudo ./alfresco-community-installer-201707-linux-x64.bin
Dossier d’installation
/opt/alfresco
Port du serveur de base de données : [5432]: