How to setup Alfresco with Nginx as the frontend web server

Here are the steps to install Alfresco with Nginx as the frontend web server.

The aim here is to block access to port 8080 and 8443 from public internet yet retain the original Alfresco configuration.

So here it is:

1] Install Nginx

sudo apt-get install nginx

2] Download Alfresco

sudo wget http://dl.alfresco.com/release/community/build-4003/alfresco-community-4.0.d-installer-linux-x64.bin

3] Make it executable

sudo chmod x alfresco-community-4.0.d-installer-linux-x64.bin

4] Install Alfresco

sudo ./alfresco-community-4.0.d-installer-linux-x64.bin

5] Setup Domain Name on Nginx

sudo cd /etc/nginx/sites-available

6] Create the Site file

sudo vi alfresco.ezref.info

7] Add the following to the site file

server {

listen 80;

server_name alfresco.ezref.info;

rewrite ^/$ /share;

location / {

root /opt/alfresco-4.0.d/tomcat/webapps/share/;

proxy_pass http://localhost:8080;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header host $host;

proxy_set_header X-Forwarded-Server $host;

}

}

 

8] create symbolic link

sudo ln -s /etc/nginx/sites-available/alfresco.ezref.info /etc/nginx/sites-enabled/alfresco.ezref.info

9] Restart Nginx

sudo service nginx restart

10] Setup SSL certificate

sudo openssl genrsa -des3 -out alfresco.ezref.info.key 1024

sudo openssl req -new -key alfresco.ezref.info.key -out alfresco.ezref.info.csr

sudo openssl x509 -req -days 365 -in alfresco.ezref.info.csr -signkey alfresco.ezref.info.key -out alfresco.ezref.info.crt

11] Copy the certificates to the default certificates folder

sudo cp alfresco.ezref.info.crt /etc/ssl/certs/

sudo cp alfresco.ezref.info.key /etc/ssl/private/

12} Enable SSL on Nginx webserver.

On the /etc/nginx/site-available/<sitename>, Add the following lines within the Server tag which listens on port 443.

server {

listen                  443;

server_name             alfresco.ezref.info;

ssl                     on;

ssl_certificate         /etc/ssl/certs/alfresco.ezref.info.crt;

ssl_certificate_key     /etc/ssl/private/alfresco.ezref.info.key;

rewrite ^/$ /share;

location / {

root /opt/alfresco-4.0.d/tomcat/webapps/share/;

proxy_pass https://localhost:8443;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header host $host;

proxy_set_header X-Forwarded-Server $host;

}

}

Bounce Nginx server.