This project provides a sample Docker Compose template to deploy ACS 7.2 with Local Transformer using SSL protocol to communicate with Repository.
By default, this communication happens in plain HTTP.
This configuration requires a private certificate in Transform Service (transform-core-aio
) and the public part of this certificate in Alfresco Repository (alfresco
) JRE truststore.
Sample certificates have been generated for this purpose in keystores folder:
transform.p12
is the private certificate to be used bytransform-core-aio
transform.cert
is the public certificate to be imported inalfresco
(this certificate is copied to alfresco folder to build the customizedDockerfile
)
Sample shell script keystores/run.sh is provided to create this certificates from scratch. Remember to remove keystores/transform.p12
, keystores/transform.cert
and alfresco/transform.cert
before executing this script.
Exposing transform-core-aio
using TLS protocol is achieved by configuring the internal Spring Boot Tomcat server with the private certificate (that is mounted using a local volume)
transform-core-aio:
image: alfresco/alfresco-transform-core-aio:2.5.7
environment:
JAVA_OPTS: '
-Dserver.ssl.enabled=true
-Dserver.ssl.protocol=TLS
-Dserver.ssl.enabled-protocols=TLSv1.3
-Dserver.ssl.key-store-type=pkcs12
-Dserver.ssl.key-store=file:///transform.p12
-Dserver.ssl.key-store-password=transform
-Dserver.ssl.key-alias=transform
-Dserver.ssl.key-password=transform
'
volumes:
- ./keystores/transform.p12:/transform.p12:ro
Adding the public certificate to alfresco
JRE truststore is achieved by using a customized Dockerfile
# Add trusted certificate (generated by run.sh script)
COPY transform.cert $JRE_HOME/lib/security
RUN cd $JRE_HOME/lib/security \
&& keytool -keystore cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias transform -file transform.cert
Additionally, SSL endpoint is configured in alfresco
environment variable.
alfresco:
build:
context: ./alfresco
environment:
JAVA_OPTS: "
-DlocalTransform.core-aio.url=https://transform-core-aio:8090/
"
This is a regular Docker Compose, just use the regular command to run ACS.
$ docker compose up
Services available
- http://localhost:8080/share - Alfresco Share
- https://localhost:8090 - Alfresco Transform Service using SSL
Verification step
Upload any document, for instance a Word Document, to repository using Share web application and verify you can access to the preview in the details of the document.