This project provides a sample Docker Compose template to deploy ACS 7.2 with Local Transformer using SSL protocol to communicate with Repository.

By default, this communication happens in plain HTTP.

This configuration requires a private certificate in Transform Service (transform-core-aio) and the public part of this certificate in Alfresco Repository (alfresco) JRE truststore.

Sample certificates have been generated for this purpose in keystores folder:

• transform.p12 is the private certificate to be used by transform-core-aio
• transform.cert is the public certificate to be imported in alfresco (this certificate is copied to alfresco folder to build the customized Dockerfile)

Sample shell script keystores/run.sh is provided to create this certificates from scratch. Remember to remove keystores/transform.p12, keystores/transform.cert and alfresco/transform.cert before executing this script.

Exposing transform-core-aio using TLS protocol is achieved by configuring the internal Spring Boot Tomcat server with the private certificate (that is mounted using a local volume)

transform-core-aio:
    image: alfresco/alfresco-transform-core-aio:2.5.7
    environment:
        JAVA_OPTS: '
          -Dserver.ssl.enabled=true
          -Dserver.ssl.protocol=TLS
          -Dserver.ssl.enabled-protocols=TLSv1.3
          -Dserver.ssl.key-store-type=pkcs12
          -Dserver.ssl.key-store=file:///transform.p12
          -Dserver.ssl.key-store-password=transform
          -Dserver.ssl.key-alias=transform
          -Dserver.ssl.key-password=transform
        '
    volumes:
        - ./keystores/transform.p12:/transform.p12:ro

Adding the public certificate to alfresco JRE truststore is achieved by using a customized Dockerfile

# Add trusted certificate (generated by run.sh script)
COPY transform.cert $JRE_HOME/lib/security
RUN cd $JRE_HOME/lib/security \
    && keytool -keystore cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias transform -file transform.cert

Additionally, SSL endpoint is configured in alfresco environment variable.

alfresco:
  build:
    context: ./alfresco
  environment:
    JAVA_OPTS: "
      -DlocalTransform.core-aio.url=https://transform-core-aio:8090/
      "

This is a regular Docker Compose, just use the regular command to run ACS.

$ docker compose up

Services available

• http://localhost:8080/share - Alfresco Share
• https://localhost:8090 - Alfresco Transform Service using SSL

Verification step

Upload any document, for instance a Word Document, to repository using Share web application and verify you can access to the preview in the details of the document.