Alfresco - behind a reverse proxy

Alfresco - behind a reverse proxy

Posted By: pmietlicki

Published to Work on Apr 29, 2017

The Internet access can be filtered through a proxy with environment variable :

http_proxy="http://<username>:<pwd>@<ip>:<port>"
HTTP_PROXY="http://<username>:<pwd>@<ip>:<port>"

Edit the "alfresco.sh" bundle and add an option to JAVA_OPTS :

-Dhttp.proxyHost=proxy.mydomain.com -Dhttp.proxyPort=8080 -Dhttp.nonProxyHosts=192.168.0.*|10.1.*

In this example, the proxy is 'proxy.mydomain.com' and listens to the '8080' port, the access to other subnetworks 192.168.0.0/24 and 10.1.0.0/16 won't use the proxy.
If the proxy is authenticated (user "username" and password "supersecret"), add this :

-Dhttp.proxyUser=username
-Dhttp.proxyPassword=supersecret

Very specific case of the MS ISA Server 2004 « secured » proxy

It uses a NTLM authentication with the domain, hostname, login and password ! Install NTLM Authorization Proxy Server :

apt-get install ntlmaps

Edit /etc/ntlmaps/server.cfg file and use these parameters :

Inside [GENERAL]
LISTEN_PORT: 5865 #local proxy port
PARENT_PROXY: proxy.mydomain.com #ISA proxy DNS
PARENT_PROXY_PORT: port #ISA proxy port
ALLOW_EXTERNAL_CLIENTS: 0 #1 to permit connections through it

Inside [NTLM_AUTH]
NT_HOSTNAME: My_Host #name of known host inside the Windows domain
NT_DOMAIN: NT_Domain #NT domain name
USER: username #connection name inside the NT domain
PASSWORD: mypassword #user password inside the NT domain
LM_PART:1
NT_PART:1
NTLM_FLAGS: 07820000

Then :

/etc/init.d/ntlmaps restart
export http_proxy=http://localhost:5865

Edit alfresco.sh and change the proxy to localhost:5865.

Tags: alfresco, proxy, tomcat

Archive