AnsweredAssumed Answered

IIS 7.5 Reverse Proxy - SSL [Tutorial]

Question asked by 102020 on Jul 17, 2014
Latest reply on Oct 8, 2014 by 102020
Follow these steps to setup an IIS 7.5 Reverse Proxy. Allot of people are using Apache Reverse Proxy, but since we are running in a Windows environment, it logically made more sense to run this method.

Setup reverse proxy to wrap the connection with SSL. On your Alfresco machine, install IIS with default options.
Once installed download and install the following files:
URL Rewrite:
Application Request Routing:

Open up IIS Manager, click on your server name, and on the main panel, open Application Request Routing. On the right hand column, click Server Proxy Settings…
Simply click Enable proxy, and then apply on the right.
Return to the same screen as before, and open Server Certificates, import your SSL cert (.pfx file is the easiest way to do that)
Now expand Sites, and select Default Web Site, and open URL Rewrite. On the right column, select Add Rule(s)…
You will get a popup, select Reverse Proxy from the list. Enter your non-ssl alfresco url, such as:
Hi ok, now on the right column again, select Bindings, add your https binding and the certificate you want to tie to it. I would remove the http binding if you are not using it.
Save, and we are almost done!

Copy ALL of the content from C:\Alfresco-4.2.f\tomcat\webapps\share\WEB-INF\classes\alfresco\share-security-config.xml
*Note: You may want to open it using 'DAMN NFO Viewer', as the formatting is screwed up in this file if you open in notepad.

We need to edit share-config-custom.xml, located: C:\alfresco\tomcat\shared\classes\alfresco\web-extension

Paste the content you copied to the bottom of the share-config-custom.xml file

***You want to change the following 2 values they are in brackets:


they should look something like the below once you input your info:


Make sure on the referer line you have the /.* at the end. That all for now, save and close.

Now let's go try it out after starting up your Alfresco instance. simply goto
and you should be all wrapped up in SSL!