Alfresco Community Edition Installation on CentOS 7
The Alfresco Community Edition represents the open-source variant of Alfresco Content Services. Developed in Java and utilizing PostgreSQL as its database backend, Alfresco is a robust enterprise content management platform. It handles a wide range of digital formats including documents, records, web content, images, and videos. Additionally, it facilitates collaborative content workflows. Your hosted Alfresco instance provides repository access via SMB, WebDAV, FTP, and CIMS. For internal search operations, it leverages Apache Solr.
System Requirements and Initial Setup
- CentOS 7 server instance with a minimum of 4GB RAM
- A user with sudo privileges
- A domain name that resolves to the server’s IP address
This example uses 192.168.0.1 as the public IP and share.example.com as the associated domain. Be sure to replace these with your actual IP and domain name during the installation process.
Begin by updating your CentOS 7 system following the appropriate guide. Afterward, continue with the dependency installations.
Installing Necessary Dependencies
Although Alfresco offers an all-in-one binary installer that includes all required components, some additional packages must be manually installed to support the LibreOffice plugin:
sudo yum -y install fontconfig libSM libICE libXrender libXext cups-libs libGLU cairo mesa-libGL-devel
Next, remove Postfix from the system:
sudo yum -y remove postfix
Downloading and Running the Alfresco Installer
Obtain the latest Alfresco installer from their official website. Here’s how to download the July 2017 build:
wget https://download.alfresco.com/release/community/201707-build-00028/alfresco-community-installer-201707-linux-x64.bin
Grant execute permissions to the binary:
sudo chmod +x alfresco-community-installer-201707-linux-x64.bin
Launch the installation process:
sudo ./alfresco-community-installer-201707-linux-x64.bin
Choose your preferred language. For installation type, select the “Easy install” option which applies the default settings. The installer places the application in /opt/alfresco-community.
Set an administrator password and confirm service installation by selecting “Y”. This adds a system service to manage Alfresco operations more conveniently.
Note: Alfresco advises using at least 2 CPUs and 4GB RAM. If your system does not meet these specifications, you may receive an optimization warning, but installation can still proceed.
Completing Installation and Starting Alfresco
Once the setup is complete, you will be prompted to start the Alfresco server immediately. Select “Y” to launch it and observe the output:
Launch Alfresco Community [Y/n]: y
waiting for server to start.... done
server started
/opt/alfresco-community/postgresql/scripts/ctl.sh : postgresql started at port 5432
Using CATALINA_BASE: /opt/alfresco-community/tomcat
Using CATALINA_HOME: /opt/alfresco-community/tomcat
Using CATALINA_TMPDIR: /opt/alfresco-community/tomcat/temp
Using JRE_HOME: /opt/alfresco-community/java
Using CLASSPATH: /opt/alfresco-community/tomcat/bin/bootstrap.jar:/opt/alfresco-community/tomcat/bin/tomcat-juli.jar
Using CATALINA_PID: /opt/alfresco-community/tomcat/temp/catalina.pid
Tomcat started.
/opt/alfresco-community/tomcat/scripts/ctl.sh : tomcat started
You can also initiate the Alfresco service using the following system command:
sudo systemctl start alfresco
Enable automatic startup on boot and service restarts:
sudo systemctl enable alfresco
Firewall Configuration and Access Verification
Alfresco uses Tomcat to serve content on port 8080. Ensure the firewall allows this traffic:
sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent
sudo firewall-cmd --reload
Finally, open your preferred browser and navigate to:
This URL will display the Alfresco welcome interface.
Setting Up a Reverse Proxy with Nginx and SSL
By default, Alfresco operates on port 8080 through the Tomcat server. In this configuration, we will use Nginx as a reverse proxy to serve the application via the standard HTTP and HTTPS ports. Additionally, we will implement SSL encryption using free certificates from Let’s Encrypt.
Installing and Enabling Nginx
Install the Nginx web server:
sudo yum -y install nginx
Start Nginx and enable it to run on system boot:
sudo systemctl start nginx
sudo systemctl enable nginx
Installing Certbot and Adjusting Firewall
Install Certbot, the tool used to obtain certificates from Let’s Encrypt:
sudo yum -y install certbot
Update firewall settings to allow HTTP and HTTPS traffic, and remove access to port 8080:
sudo firewall-cmd --zone=public --remove-port=8080/tcp --permanent
sudo firewall-cmd --zone=public --add-service=http --permanent
sudo firewall-cmd --zone=public --add-service=https --permanent
sudo firewall-cmd --reload
Note: Ensure your domain (e.g., share.example.com) is properly pointed to your server’s IP. Certificate issuance will fail if domain authority cannot be verified.
Generating SSL Certificates
Use Certbot to create certificates for your domain:
sudo certbot certonly --webroot -w /usr/share/nginx/html -d share.example.com
Certificates are saved in /etc/letsencrypt/live/share.example.com/. As they expire every 90 days, setting up automatic renewal is essential.
Automating Certificate Renewal
Edit your crontab to schedule daily checks for renewal:
sudo crontab -e
Append the following line to run the renew command daily at 5:30 AM:
30 5 * * * /usr/bin/certbot renew --quiet
Modifying Alfresco’s Configuration
Open the Tomcat server configuration file:
sudo nano /opt/alfresco-community/tomcat/conf/server.xml
Locate and update the connector block to include proxyPort="443" scheme="https" as shown:
Edit the Alfresco global configuration file:
sudo nano /opt/alfresco-community/tomcat/shared/classes/alfresco-global.properties
Modify the settings to reflect your domain and secure protocol:
alfresco.context=alfresco
alfresco.host=share.example.com
alfresco.port=443
alfresco.protocol=https
share.context=share
share.host=share.example.com
share.port=443
share.protocol=https
...
system.serverMode=PRODUCTION
Creating Nginx Server Block
Create and edit the new configuration file for Nginx:
sudo nano /etc/nginx/conf.d/share.example.com.conf
Insert the following configuration block:
server {
listen 80;
server_name share.example.com;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name share.example.com;
ssl_certificate /etc/letsencrypt/live/share.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/share.example.com/privkey.pem;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/alfresco.access.log;
location / {
root /opt/alfresco-community/tomcat/webapps/ROOT;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_pass http://localhost:8080;
proxy_redirect default;
}
location /share/ {
root /opt/alfresco-community/tomcat/webapps/share/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_pass http://localhost:8080/share/;
proxy_redirect http:// https://;
}
location /alfresco/ {
root /opt/alfresco-community/tomcat/webapps/alfresco/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_pass http://localhost:8080/alfresco/;
proxy_redirect http:// https://;
}
}
Restarting Services and Final Access
Restart both the web server and Alfresco to apply all changes:
sudo systemctl restart nginx alfresco
Alfresco is now fully deployed and reverse proxied through Nginx. Access the main content platform at:
https://share.example.com/alfresco
To use the Alfresco Share services, go to:
https://share.example.com/share
Login using the admin credentials specified during the installation process.
Setting Up a Reverse Proxy with Nginx and SSL
By default, Alfresco operates on port 8080 through the Tomcat server. In this configuration, we will use Nginx as a reverse proxy to serve the application via the standard HTTP and HTTPS ports. Additionally, we will implement SSL encryption using free certificates from Let’s Encrypt.
Installing and Enabling Nginx
Install the Nginx web server:
sudo yum -y install nginx
Start Nginx and enable it to run on system boot:
sudo systemctl start nginx
sudo systemctl enable nginx
Installing Certbot and Adjusting Firewall
Install Certbot, the tool used to obtain certificates from Let’s Encrypt:
sudo yum -y install certbot
Update firewall settings to allow HTTP and HTTPS traffic, and remove access to port 8080:
sudo firewall-cmd --zone=public --remove-port=8080/tcp --permanent
sudo firewall-cmd --zone=public --add-service=http --permanent
sudo firewall-cmd --zone=public --add-service=https --permanent
sudo firewall-cmd --reload
Note: Ensure your domain (e.g., share.example.com) is properly pointed to your server’s IP. Certificate issuance will fail if domain authority cannot be verified.
Generating SSL Certificates
Use Certbot to create certificates for your domain:
sudo certbot certonly --webroot -w /usr/share/nginx/html -d share.example.com
Certificates are saved in /etc/letsencrypt/live/share.example.com/. As they expire every 90 days, setting up automatic renewal is essential.
Automating Certificate Renewal
Edit your crontab to schedule daily checks for renewal:
sudo crontab -e
Append the following line to run the renew command daily at 5:30 AM:
30 5 * * * /usr/bin/certbot renew --quiet
Modifying Alfresco’s Configuration
Open the Tomcat server configuration file:
sudo nano /opt/alfresco-community/tomcat/conf/server.xml
Locate and update the connector block to include proxyPort="443" scheme="https" as shown:
Edit the Alfresco global configuration file:
sudo nano /opt/alfresco-community/tomcat/shared/classes/alfresco-global.properties
Modify the settings to reflect your domain and secure protocol:
alfresco.context=alfresco
alfresco.host=share.example.com
alfresco.port=443
alfresco.protocol=https
share.context=share
share.host=share.example.com
share.port=443
share.protocol=https
...
system.serverMode=PRODUCTION
Creating Nginx Server Block
Create and edit the new configuration file for Nginx:
sudo nano /etc/nginx/conf.d/share.example.com.conf
Insert the following configuration block:
server {
listen 80;
server_name share.example.com;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name share.example.com;
ssl_certificate /etc/letsencrypt/live/share.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/share.example.com/privkey.pem;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/alfresco.access.log;
location / {
root /opt/alfresco-community/tomcat/webapps/ROOT;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_pass http://localhost:8080;
proxy_redirect default;
}
location /share/ {
root /opt/alfresco-community/tomcat/webapps/share/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_pass http://localhost:8080/share/;
proxy_redirect http:// https://;
}
location /alfresco/ {
root /opt/alfresco-community/tomcat/webapps/alfresco/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_pass http://localhost:8080/alfresco/;
proxy_redirect http:// https://;
}
}
Restarting Services and Final Access
Restart both the web server and Alfresco to apply all changes:
sudo systemctl restart nginx alfresco
Alfresco is now fully deployed and reverse proxied through Nginx. Access the main content platform at:
https://share.example.com/alfresco
To use the Alfresco Share services, go to:
https://share.example.com/share
Login using the admin credentials specified during the installation process.
Conclusion
You have successfully installed and configured Alfresco Community Edition on a CentOS 7 server with secure HTTPS access via Nginx and Let’s Encrypt. This setup not only ensures secure content management but also provides a robust and scalable platform for collaborative digital asset development. By implementing a reverse proxy and SSL, you’ve enhanced both accessibility and security. You can now manage and share documents confidently through the Alfresco Share interface at your configured domain.
