Help

Upgrading to ACS 7.2

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Upgrading to ACS 7.2

angelborroy
Alfresco Employee
3 5 5,757
‎4 Apr 2022 1:40 PM

In this blog post we deal with the most important configuration change introduced with the release of ACS 7.2. Since the plain HTTP communication mode between Alfresco Repository and Search Services is deprecated, you may need to adjust your configuration to use one of the supported communication modes: Mutual TLS or Secret Header.

A regular Alfresco deployment includes a set of services that provide all the required functionality for the ACS stack. This blog post focus on the communication mode between the Alfresco Repository and the Search Services, which is based on Solr 6.

There are three different communication modes available:

  • 'none' uses the plain HTTP protocol without authentication, so you need to protect this communication with an external configuration, such as NGINX Web Proxy configuration, to prevent external access to Repository and Solr 6 endpoints.
  • 'https' uses the Mutual TLS protocol, where you need to create a set of keystore and truststore files, including digital certificates, that ensure authentication between the two services
  • 'secret' uses a common secret word in a special HTTP header, so that communication is not using authentication but is protected by the configuration of this secret word in Alfresco and Search Services

The modes "none" and "https" are available for ACS 6.x as well as for ACS 7.0 and 7.1. As of ACS 7.2, only the modes "secret" and "https" are available.

 

Screenshot 2022-04-04 at 14.34.56.png

Call to Action

Notes on Secret mode configuration

When applying configuration to Search Services, using environment variables (for ZIP Distribution deployment and also for Docker / Helm deployment) is required.

 -Dalfresco.secureComms=secret
 -Dalfresco.secureComms.secret=password

When using SOLR command line tools, it's required to use alternatively HTTP REST API invocations. For instance, the replacement for bin/solr status is:

$ curl --location --request POST 'http://localhost:8983/solr/admin/cores?action=STATUS&wt=json' \
--header 'X-Alfresco-Search-Secret: secret'

Additional details

Additional details on the configuration and a sample upgrading process is described in the following video recording.

 

Labels
About the Author
Angel Borroy is Hyland Developer Evangelist. Over the last 15 years, he has been working as a software architect on Java, BPM, document management and electronic signatures. He has been working with Alfresco during the last years to customize several implementations in large organizations and to provide add-ons to the Community based on Record Management and Electronic Signature. He writes (sometimes) on his personal blog http://angelborroy.wordpress.com. He is (proud) member of the Order of the Bee.
5 Comments
Alfresco Content Services Blog

Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.

Related links:

We use cookies on this site to enhance your user experience

By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods).   If you are not ok with these terms, please do not use this website.