Skip to content

Commit

Permalink
[MNT-24158] Add Tomcat 10 instructions in Search Services 2.0 (#1599)
Browse files Browse the repository at this point in the history
* [MNT-24158] Add Tomcat 10 instructions in Search Services 2.0
* [MNT-24158] Update code to match the context
* Update search-services/latest/config/security.md

---------

Co-authored-by: Adelaide Nxumalo <[email protected]>
  • Loading branch information
monikamichalska and anxumalo authored Nov 14, 2024
1 parent f47f30f commit 47e0eee
Show file tree
Hide file tree
Showing 2 changed files with 56 additions and 0 deletions.
28 changes: 28 additions & 0 deletions search-services/latest/config/keys.md
Original file line number Diff line number Diff line change
Expand Up @@ -162,6 +162,8 @@ Before continuing, make sure that you've already completed the steps in [Generat
2. For the Tomcat SSL Connector in `<TOMCAT_HOME>/conf/server.xml` update the following:
* If using Alfresco Content Services 6.x on Tomcat 8:
```bash
<Connector port="8443" protocol="HTTP/1.1"
SSLEnabled="true" maxThreads="150" scheme="https"
Expand All @@ -173,6 +175,32 @@ Before continuing, make sure that you've already completed the steps in [Generat
clientAuth="want" sslProtocol="TLS" />
```
* If using Alfresco Content Services 7.x on Tomcat 9 or 23.x on Tomcat 10:
```bash
<Connector port="8443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
connectionTimeout="20000"
maxThreads="150"
SSLEnabled="true"
scheme="https"
secure="true"
defaultSSLHostConfigName="localhost">
<SSLHostConfig hostName="localhost"
protocols="TLSv1.2"
certificateVerification="required"
truststoreFile="/usr/local/tomcat/alf_data/keystore/ssl.truststore"
truststorePassword="truststore"
truststoreType="JCEKS">
<Certificate certificateKeystoreFile="/usr/local/tomcat/alf_data/keystore/ssl.keystore"
certificateKeyAlias="ssl.repo"
type="RSA"
certificateKeystorePassword="keystore"
certificateKeystoreType="JCEKS"/>
</SSLHostConfig>
</Connector>
```
> **Note:** If you're using a different keystore or truststore type other than the default, `JCEKS`, you must change the value in the properties file. Also, make sure that the keystore and truststore file locations are correct for your environment.

See [Installing the Tomcat application server]({% link content-services/latest/install/zip/tomcat.md %}) and [Solr configuration files]({% link search-services/latest/config/index.md %}#solr-configuration-files) for more.
Expand Down
28 changes: 28 additions & 0 deletions search-services/latest/config/security.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@ The keys and certificates required for mutual TLS on the repository side are set

1. Modify `<TOMCAT_HOME>/conf/server.xml` and add the following connector:

* If using Alfresco Content Services 6.x on Tomcat 8:

```xml
<Connector port="8999" protocol="HTTP/1.1"
connectionTimeout="20000"
Expand All @@ -29,6 +31,32 @@ The keys and certificates required for mutual TLS on the repository side are set
/>
```

* If using Alfresco Content Services 7.x on Tomcat 9 or 23.x on Tomcat 10:

```bash
<Connector port="8999"
protocol="org.apache.coyote.http11.Http11NioProtocol"
connectionTimeout="20000"
maxThreads="150"
SSLEnabled="true"
scheme="https"
secure="true"
defaultSSLHostConfigName="localhost">
<SSLHostConfig hostName="localhost"
protocols="TLSv1.2"
certificateVerification="required"
truststoreFile="xxxxxxx"
truststorePassword="yyyyy"
truststoreType="JCEKS">
<Certificate certificateKeystoreFile="xxxxxxx"
certificateKeyAlias="ssl.repo"
type="RSA"
certificateKeystorePassword="yyyyy"
certificateKeystoreType="JCEKS"/>
</SSLHostConfig>
</Connector>
```

2. Copy the keystore and truststore files you created in [Generating secure keys for ssl communication]({% link search-services/latest/config/keys.md %}#generating-secure-keys-for-ssl-communication) to the machine that's running the repository.

3. Set the parameters in the connector, replacing the `xxxxxxx` and `yyyyy` values.
Expand Down

0 comments on commit 47e0eee

Please sign in to comment.