How to configure SOLR to use plain HTTP protocol instead of HTTPS for Alfresco v4.0.x on Ubuntu?
On SOLR server, which is deployed on a separate tomcat, we have to configure plain HTTP protocol in order to communicate with Alfresco server.
1) Stop Solr tomcat.
/var$ sudo /etc/init.d/tomcat6 stop
2) Delete indexes directory of each core to rebuild new indexes.
/var/alfsolr/workspace/SpacesStore is the index directory for workspace-SpacesStore core and /var/alfsolr/archive/SpacesStore is the index directory for archive-SpacesStore core.
/var$ sudo rm -rf /var/alfsolr/workspace/
/var$ sudo rm -rf /var/alfsolr/archive/
3) For each core, edit solrcore.properties file and set alfresco.port to proper HTTP port number & alfresco.secureComms=none.
/var/alfsolr/workspace-SpacesStore/conf/solrcore.properties &
/var/alfsolr/archive-SpacesStore/conf/solrcore.properties files.
# Top level directory path for the indexes managed by Solr.
data.dir.root=/var/alfsolr
# Alfresco hostname
alfresco.host=api.alfresco.com
# Alfresco HTTP port
alfresco.port=8080
# Alfresco HTTPS port
alfresco.port.ssl=8443
# Value can be https or none
alfresco.secureComms=none
Change the ownership of each file to tomcat6 for user & group.
/var$ sudo chown tomcat6:tomcat6 /var/alfsolr/workspace-SpacesStore/conf/solrcore.properties
/var$ sudo chown tomcat6:tomcat6 /var/alfsolr/archive-SpacesStore/conf/solrcore.properties
4) Now, Alfresco will talk over plain HTTP protocol with Solr. So, comment the specification of the connector on port 8443 in /var/lib/tomcat6/conf/server.xml file.
< !-- Comment below code -- >
< !--
< Connector
port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
SSLEnabled="true" maxThreads="150" scheme="https"
keystoreFile="/var/alfsolr/keystore/ssl.keystore"
keystorePass="kT9X6oe68t" keystoreType="JCEKS"
secure="true" connectionTimeout="240000"
truststoreFile="/var/alfsolr/keystore/ssl.truststore"
truststorePass="kT9X6oe68t" truststoreType="JCEKS"
clientAuth="false" sslProtocol="TLS"
allowUnsafeLegacyRenegotiation="true" maxSavePostSize="-1"
/ >
-- >
Change the ownership of file to tomcat6 for user & group.
/var$ sudo chown tomcat6:tomcat6 /var/lib/tomcat6/conf/server.xml
5) Comment/Remove the following user in /var/lib/tomcat6/conf/tomcat-users.xml file.
< !--
< user
username="CN=Alfresco Repository, OU=Unknown, O=Alfresco
Software Ltd., L=Maidenhead, ST=UK, C=GB" roles="repository"
password="null"
/ >
-- >
Change the ownership of file to tomcat6 for user & group.
/var$ sudo chown tomcat6:tomcat6 /var/lib/tomcat6/conf/tomcat-users.xml
6) Comment/Remove the following configuration in /var/lib/tomcat6/webapps/solr/WEBINF/web.xml
< !--
< security-constraint >
< web-resource-collection >
< url-pattern >/*</ url-pattern >
</ web-resource-collection >
< auth-constraint >
< role-name >repository</ role-name >
</ auth-constraint >
< user-data-constraint >
< transport-guarantee >CONFIDENTIAL</ transport-guarantee >
</ user-data-constraint >
</ security-constraint >
< login-config >
< auth-method >CLIENT-CERT</ auth-method >
< realm-name >Solr</ realm-name >
</ login-config >
< security-role >
< role-name >repository</ role-name >
</ security-role >
-- >
Change the ownership of file to tomcat6 for user & group.
/var$ sudo chown tomcat6:tomcat6 /var/lib/tomcat6/webapps/solr/WEBINF/web.xml
Next, we need to configure Alfresco server, which is deployed on a separate tomcat to communicate over plain HTTP protocol with SOLR server.
1) Stop Alfresco tomcat.
/var$ sudo /etc/init.d/tomcat6 stop
2) Edit following properties in /var/lib/tomcat6/shared/classes/alfresco-global.properties file.
### Alfresco properties ###
#Alfresco hostname
alfresco.host=api.alfresco.com
#HTTP port number
alfresco.port=8080
#Value can be http or https
alfresco.protocol=http
### Solr indexing ###
# Absolute Path to your keystore directory for configuring Alfresco to talk to SOLR
# This will not be used for HTTP communication. Comment this property.
#dir.keystore=/var/alfsolr/keystore
# The subsystem type value. Value is either solr or lucene.
index.subsystem.name=solr
# Solr hostname.
solr.host=solr.alfresco.com
# Solr HTTP port.
solr.port=8080
# Solr HTTPS port.
solr.port.ssl=8443
# Value can be https or none.
solr.secureComms=none
Change the ownership of file to tomcat6 for user & group.
/var$ sudo chown tomcat6:tomcat6 /var/lib/tomcat6/shared/classes/alfresco-global.properties
3) Comment the specification of the connector on port 8443 in /var/lib/tomcat6/conf/server.xml file.
< !--
< Connector
port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
SSLEnabled="true" maxThreads="150" scheme="https"
keystoreFile="/var/alfresco/alf_data/keystore/ssl.keystore"
keystorePass="kT9X6oe68t" keystoreType="JCEKS"
secure="true" connectionTimeout="240000"
truststoreFile="/var/alfresco/alf_data/keystore/ssl.truststore"
truststorePass="kT9X6oe68t" truststoreType="JCEKS"
clientAuth="false" sslProtocol="TLS"
allowUnsafeLegacyRenegotiation="true" maxSavePostSize="-1"
/ >
-- >
Change the ownership of file to tomcat6 for user & group.
/var$ sudo chown tomcat6:tomcat6 /var/lib/tomcat6/conf/server.xml
4) Comment/Remove the following user in /var/lib/tomcat6/conf/tomcat-users.xml file.
< !--
< user
username="CN=Alfresco Repository Client, OU=Unknown, O=Alfresco
Software Ltd., L=Maidenhead, ST=UK, C=GB" roles="repoclient"
password="null"
/ >
-- >
Change the ownership of file to tomcat6 for user & group.
/var$ sudo chown tomcat6:tomcat6 /var/lib/tomcat6/conf/tomcat-users.xml
5) Comment/Remove the following configuration in /var/lib/tomcat6/webapps/alfresco/WEBINF/web.xml
< !--
< security-constraint >
< web-resource-collection >
< web-resource-name >SOLR</ web-resource-name >
< url-pattern >/service/api/solr/*</ url-pattern >
</ web-resource-collection >
< auth-constraint >
< role-name >repoclient</ role-name >
</ auth-constraint >
< user-data-constraint >
< transport-guarantee >CONFIDENTIAL</ transport-guarantee >
</ user-data-constraint >
</ security-constraint >
< login-config >
< auth-method >CLIENT-CERT</ auth-method >
< realm-name >Repository</ realm-name >
</ login-config >
< security-role >
< role-name >repoclient</ role-name >
</ security-role >
-- >
Change the ownership of file to tomcat6 for user & group.
/var$ sudo chown tomcat6:tomcat6 /var/lib/tomcat6/webapps/alfresco/WEBINF/web.xml
6) Start Alfresco tomcat server.
/var$ sudo /etc/init.d/tomcat6 start
7) After Alfresco server is up, start tomcat server that has Solr Web Application deployed on a separate Ubuntu box.
/var$ sudo /etc/init.d/tomcat6 start
For more info, refer following links:
1) http://wiki.alfresco.com/wiki/Alfresco_And_SOLR
2) http://wiki.alfresco.com/wiki/Alfresco_Solr_Demo_Script
Hello
ReplyDeleteI follow your tutorial. After initial configuration during an upgrade from 4.0.d to 4.2.c, I start Alfresco and i can check in Catalina.out that everything is ok. SOLR executes a full reindexing during 15 mn and after i got the message : Successfully retrieved license information from Alfresco.
But, when i access to my share interface i have problem with SOLR. Looking my Catalina.out log i found this message :
Caused by: java.net.ConnectException: Connexion refusée
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:391)
at java.net.Socket.connect(Socket.java:579)
at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618)
at sun.security.ssl.SSLSocketImpl.(SSLSocketImpl.java:451)
at sun.security.ssl.SSLSocketFactoryImpl.createSocket(SSLSocketFactoryImpl.java:140)
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:82)
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:127)
at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
at org.alfresco.repo.search.impl.solr.SolrQueryHTTPClient.executeQuery(SolrQueryHTTPClient.java:392)
It seems to be a SSL connection refused but i don't understand because i disabled securecomms toggle it to none..
How to check why SOLR try to use an SSL connection ?
Thank's
Hi,
DeleteThanks a lot for following my post. :)
Can you check the following properties which you have configured in "/tomcat6/shared/classes/alfresco-global.properties" file.
### Solr indexing ###
# Absolute Path to your keystore directory for configuring Alfresco to talk to SOLR
# "UNCOMMENT" this property and try.
dir.keystore=/var/alfsolr/keystore
# The subsystem type value. Value is either solr or lucene.
index.subsystem.name=solr
# Solr hostname (The IP Adress or DNS name, where your SOLR is installed).
solr.host=solr.alfresco.com
# Solr HTTP port.
solr.port=8080
# Solr HTTPS port.
solr.port.ssl=8443
# Value can be https or none.
#For HTTP value is "none"
solr.secureComms=none
Cheers...
...Deepak
Hello,
DeleteThank's for your reply. I tried to uncomment keystore directive and restarted my server, but that doesn't resolve my problem. Error messages stay the same.
I think i will try this evening to switch my configuration with SSL connection for verify origin of the problem...
Cheers and thank you for your excellent blog !