AnsweredAssumed Answered

SSL acceleration + NO unencrypted access = broken CMIS

Question asked by paul.price on Jun 23, 2011
Latest reply on Jun 24, 2011 by fmui
A brief description of our setup:

Clustered RHEL environment, consisting of 2 Alfresco boxes.
NO unencrypted (8080) traffic is allowed. Only open port into the Alfresco cluster is 443.

1) Application layer sends CMIS traffic to SSL accelerator on 443
2) Traffic is decrypted by the accelerator and forwarded to the Load Balancer on 8080.
3) Load Balancer distributes the traffic to one of the Alfresco boxes on 8080.
4) Since Alfresco is getting the messages unencrypted, it stores http://ourdomain/alfresco/service/cmis/s/workspace:SpacesStore/i/41ba7c1c-93a4-4bd1-9855-f07ab18b7c11 for the doc.
5) Some operations (get & post) seem to work if we change "http" to https" in our code, but deletes fail.

So the question is, can Alfresco be configured to store "https" instead of "http" as the URI for a doc, even though it is received unencrypted? This way we would not need to try to change it ourselves and perhaps the rest of the CMIS functionality would work.

I'm guessing we are not the first team trying to use SSL in a clustered environment with SSL accelerators, so someone should have figured this one out.

Related symptom:
We can not use "https://ourdomain/alfresco" to get onto the system. This results in a "The connection has timed out" message. Using "https://ourdomain/alfresco/faces/jsp/login.jsp" does allow us to log in.

Not that searching the forums on "SSL acceleration" yielded no results.

Thanks for having a look,
Paul P

Outcomes