Install application server - Alfresco Content Services - 23.4 - 23.4 - Ready - Alfresco - external

Alfresco Content Services

Platform
Alfresco
Product
Alfresco Content Services
Release
23.4
License

Install an instance of Tomcat manually and modify it to use the correct directory structure and files for Content Services.

The installation directory for Tomcat is represented as <TOMCAT_HOME>.

  1. Download and install Tomcat following the instructions from the Tomcat official website available at http://tomcat.apache.org.

    For the supported Tomcat version, see zmy1731931001145.html.

  2. Create an additional classpath to Tomcat, which will be shared among all web applications by performing the following steps:
    1. Create the directories required for a Content Services installation under <TOMCAT_HOME>:
      • Create the shared/classes directory.
      • Create the shared/lib directory.
    2. Open the <TOMCAT_HOME>/conf/catalina.properties file.
    3. Change the value of the shared.loader= property to the following:
     shared.loader=${catalina.base}/shared/classes,${catalina.base}/shared/lib/*.jar
    
  3. Copy the JDBC drivers for the database you are using to the lib directory.
  4. If you plan to use Kerberos authentication (optional).

    By default, Tomcat uses an 8 KB header buffer size, which might not be large enough for the Kerberos authentication protocol. We need to increase this buffer size. To make this change, edit the <TOMCAT_HOME>/conf/server.xml file and change the <Connector> defined for HTTP traffic as follows:

     <Connectorport="8080"protocol="HTTP/1.1"URIEncoding="UTF-8"connectionTimeout="20000"maxHttpHeaderSize="32768"redirectPort="8443" />
    
  5. Configure additional connectors (optional).

    You might want to connect from your front end load balancer with a different protocol, like AJP, or you might want to terminate TLS directly in Tomcat.

    In these cases, you need to add additional connectors to Tomcat. Follow the official Tomcat documentation for these use cases, and make sure to increase the maxHttpHeaderSize on these additional connectors as well (in case you plan to use Kerberos).

  6. Enable Simple JAR modules (optional).

    The repository allows you to provide extensions outside of the web application, known as simple JAR modules. If you want to enable this mechanism, follow these steps:

    1. Create the following directories under <TOMCAT_HOME>:
      1. modules/platform
      2. modules/share
    2. Copy the files alfresco.xml and share.xml from the distribution zip /web-server/conf/Catalina/localhost to <TOMCAT_HOME>/conf/Catalina/localhost (or hostname).
  7. Configure Content Services for Solr communication by performing one of the following:
    • Install with mutual TLS, where the communication with Solr is encrypted and authenticated via mutual TLS.
    • Install without mutual TLS using HTTP with a secret word in the request header.
      Note: For more information on installing with or without mutual TLS, see the Install options section in the Alfresco Search Services documentation.
  8. When installing with mutual TLS, perform the following steps to configure the Tomcat connector:
    Note: This connector isn’t used by end users, and its only purpose is to handle the communication with Solr.
    1. Open the <TOMCAT_HOME>/conf/server.xml file.
    2. Add the following connector:
      <Connector port="8443"
                 protocol="org.apache.coyote.http11.Http11NioProtocol"
                 connectionTimeout="20000"
                 maxThreads="150"
                 SSLEnabled="true"
                 scheme="https"
                 secure="true"
                 defaultSSLHostConfigName="localhost">
      	    <SSLHostConfig hostName="localhost"
      	               protocols="TLSv1.2"
      	               certificateVerification="required"
      	               truststoreFile="/usr/local/tomcat/alf_data/keystore/ssl.truststore"
      	               truststorePassword="truststore"
      	               truststoreType="JCEKS">
      		<Certificate certificateKeystoreFile="/usr/local/tomcat/alf_data/keystore/ssl.keystore"
      		             certificateKeyAlias="ssl.repo"
      		             type="RSA"
      		             certificateKeystorePassword="keystore"
      		             certificateKeystoreType="JCEKS"/>
      	    </SSLHostConfig>
              </Connector>
      When configuring the Tomcat connector, consider the following:
      • The keystore and truststore files have to be generated to ensure the best security level when installing Alfresco Search Services. You can choose the location of your choice. By default, they are stored in the Tomcat installation directory or in the alf_data directory. For more information, see the Secure keys section in the Alfresco Search Services documentation.
      • If you’re using a different keystore or truststore type other than the default, such as JCEKS, you must change the value in the properties file.
      • In Tomcat versions prior to 9 it was possible to use org.apache.coyote.http11.Http11Protocol as the protocol value, but now it has been removed. If you are using configuration from an old instance using a Tomcat version before 9, you need to update the connector protocol value.
  9. Save the server.xml file.
    Note: Remember to review and update the connector details in server.xml, including the keystore and truststore file locations, after installing and configuring Alfresco Search Services.