Configuration for Transform Service - Alfresco Content Services - 23.4 - 23.4 - Ready - Alfresco - external

Alfresco Content Services

Platform
Alfresco
Product
Alfresco Content Services
Release
23.4
License

To enable mTLS, additional configuration must be set for Transform Router, Transform Engines, Transform Aspose, AI Renditions, and Shared File Store.

The following example is for simple transform-core-aio, where only one keystore and truststore is used. If there is a need for separation between server/client behavior, generate an additional set of keystore + truststore pair while determining a specific role for that pair (look up sample usages placed in scripts named “client_server”).

Below is an example of providing values through properties:

#Enable SSL
server.ssl.enabled=true

#Server behavior keystore
server.ssl.key-password=password
server.ssl.key-store=file:/keystores/tengineAIO/tengineAIO.keystore 
server.ssl.key-store-password=password
server.ssl.key-store-type=JCEKS
#Server behavior truststore
server.ssl.trust-store=file:/keystores/tengineAIO/tengineAIO.truststore
server.ssl.trust-store-password=password
server.ssl.trust-store-type=JCEKS
#Require inbound communication to provide a certificate
server.ssl.client-auth=need

#Client behavior keystore
client.ssl.key-store=file:/keystores/tengineAIO/tengineAIO.keystore
client.ssl.key-store-password=password
client.ssl.key-store-type=JCEKS
#Client behavior truststore
client.ssl.trust-store=file:/keystores/tengineAIO/tengineAIO.truststore
client.ssl.trust-store-password=password
client.ssl.trust-store-type=JCEKS

Below is an example providing values through Docker image variables:

  1. Add the keystore and truststore files as volumes:

     volumes:
         - ${WORKSPACE}/keystores/tengineAIO/tengineAIO.truststore:/tengineAIO.truststore
         - ${WORKSPACE}/keystores/tengineAIO/tengineAIO.keystore:/tengineAIO.keystore
    
  2. Set environment variables for the Docker image:

     #Enable SSL
     SERVER_SSL_ENABLED: "true"
    
     #Server behavior keystore
     SERVER_SSL_KEY_PASSWORD: "password"
     SERVER_SSL_KEY_STORE: "file:/tengineAIO.keystore"
     SERVER_SSL_KEY_STORE_PASSWORD: "password"
     SERVER_SSL_KEY_STORE_TYPE: "JCEKS"
     #Server behavior truststore
     SERVER_SSL_TRUST_STORE: "file:/tengineAIO.truststore"
     SERVER_SSL_TRUST_STORE_PASSWORD: "password"
     SERVER_SSL_TRUST_STORE_TYPE: "JCEKS"
     #Require inbound communication to provide a certificate
     SERVER_SSL_CLIENT_AUTH: "need"
    
     #Client behavior keystore
     CLIENT_SSL_KEY_STORE: "file:/tengineAIO.keystore"
     CLIENT_SSL_KEY_STORE_PASSWORD: "password"
     CLIENT_SSL_KEY_STORE_TYPE: "JCEKS"
     #Client behavior truststore
     CLIENT_SSL_TRUST_STORE: "file:/tengineAIO.truststore"
     CLIENT_SSL_TRUST_STORE_PASSWORD: "password"
     CLIENT_SSL_TRUST_STORE_TYPE: "JCEKS"