{"id":25353984,"url":"https://github.com/aborroy/alfresco-solr-docker-mtls","last_synced_at":"2026-02-16T16:05:45.860Z","repository":{"id":140883441,"uuid":"299597509","full_name":"aborroy/alfresco-solr-docker-mtls","owner":"aborroy","description":"Alfresco Search Services with mTLS configuration","archived":false,"fork":false,"pushed_at":"2020-11-05T16:19:03.000Z","size":39,"stargazers_count":0,"open_issues_count":0,"forks_count":3,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-09T01:44:15.530Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aborroy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-09-29T11:36:09.000Z","updated_at":"2020-11-05T16:19:06.000Z","dependencies_parsed_at":null,"dependency_job_id":"797fa3a4-e6fc-4dca-89a2-0160a785cb5c","html_url":"https://github.com/aborroy/alfresco-solr-docker-mtls","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/aborroy/alfresco-solr-docker-mtls","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aborroy%2Falfresco-solr-docker-mtls","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aborroy%2Falfresco-solr-docker-mtls/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aborroy%2Falfresco-solr-docker-mtls/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aborroy%2Falfresco-solr-docker-mtls/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aborroy","download_url":"https://codeload.github.com/aborroy/alfresco-solr-docker-mtls/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aborroy%2Falfresco-solr-docker-mtls/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279000734,"owners_count":26082862,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-08T02:00:06.501Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-02-14T19:56:14.087Z","updated_at":"2025-10-08T23:22:31.178Z","avatar_url":"https://github.com/aborroy.png","language":"Dockerfile","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Alfresco Search Services with mTLS configuration\n\nDeployment template based in official [Docker Composition](https://github.com/Alfresco/acs-community-deployment/tree/master/docker-compose) using mTLS communication between SOLR and Alfresco Repository.\n\nAlfresco Repository is using the `classical` certificates format, while SOLR is using the `current` certificates format. More details available in [https://github.com/Alfresco/alfresco-ssl-generator#parameters](https://github.com/Alfresco/alfresco-ssl-generator#parameters)\n\nYou should review volumes, configuration, modules \u0026 tuning parameters before using this composition in **Production** environments.\n\n## Source Images\n\n* [alfresco-content-repository-community:6.2.1-A8](https://hub.docker.com/r/alfresco/alfresco-content-repository-community)\n* [alfresco-share:6.2.1](https://hub.docker.com/r/alfresco/alfresco-share)\n* [alfresco-search-services:2.0.0.1](https://hub.docker.com/r/alfresco/alfresco-search-services)\n* [postgres:11.7](https://hub.docker.com/_/postgres)\n* [angelborroy/acs-proxy:1.0.0](https://hub.docker.com/repository/docker/angelborroy/acs-proxy)\n\n## Project structure\n\n```\n.\n├── .env\n├── alfresco\n│   └── Dockerfile\n├── config\n│   └── nginx.htpasswd\n├── docker-compose.yml\n├── keystores\n│   ├── alfresco\n│   │   ├── keystore\n│   │   ├── keystore-passwords.properties\n│   │   ├── ssl-keystore-passwords.properties\n│   │   ├── ssl-truststore-passwords.properties\n│   │   ├── ssl.keystore\n│   │   └── ssl.truststore\n│   ├── client\n│   │   └── browser.p12\n│   └── solr\n│       ├── ssl-repo-client.keystore\n│       └── ssl-repo-client.truststore\n└── search\n    └── Dockerfile\n```\n\n* `.env` includes Docker environment variables to set Docker Image release numbers\n* `alfresco` folder includes configuration for ACS Repository Docker Image\n* `config` NGINX configuration to set the SOLR Admin Web Console user and password credentials\n* `docker-compose.yml` is a Docker Compose template to use ACS Community with mTLS Communication\n* `keystores` folder includes keystore and truststores files for Alfresco Repository (classic format, with password files) and SOLR (current format, without password files)\n\n## SOLR Considerations\n\nAlfresco SOLR API has been protected to be accessed from outside Docker network, as using HTTP allows unauthenticated requests.\n\n```\n    # Protect access to SOLR APIs\n    location ~ ^(/.*/service/api/solr/.*)$ {return 403;}\n    location ~ ^(/.*/s/api/solr/.*)$ {return 403;}\n    location ~ ^(/.*/wcservice/api/solr/.*)$ {return 403;}\n    location ~ ^(/.*/wcs/api/solr/.*)$ {return 403;}\n\n    location ~ ^(/.*/proxy/alfresco/api/solr/.*)$ {return 403 ;}\n    location ~ ^(/.*/-default-/proxy/alfresco/api/.*)$ {return 403;}\n```\n\nSOLR Web Console access has been protected with username/password (admin/admin).\n\n\n# How to use this composition\n\n## Start Docker\n\nStart docker and check the ports are correctly bound.\n\n```bash\n$ docker-compose up -d\n$ docker ps --format '{{.Names}}\\t{{.Image}}\\t{{.Ports}}'\nproxy_1               angelborroy/acs-proxy:1.0.0               80/tcp, 0.0.0.0:8080-\u003e8080/tcp\nsolr6_1               alfresco-solr-docker-mtls_solr6\t          10001/tcp, 0.0.0.0:8083-\u003e8983/tcp\nshare_1               alfresco/alfresco-share:6.2.1             8000/tcp, 8080/tcp\nactivemq_1            alfresco/alfresco-activemq:5.15.8         0.0.0.0:5672-\u003e5672/tcp, ...\npostgres_1            postgres:11.7                             0.0.0.0:5432-\u003e5432/tcp\nalfresco_1            alfresco-solr-docker-mtls_alfresco        8080/tcp, 0.0.0.0:8443-\u003e8443/tcp\ntransform-core-aio_1 alfresco/alfresco-transform-core-aio:2.3.5 0.0.0.0:8090-\u003e8090/tcp\n```\n\n### Viewing System Logs\n\nYou can view the system logs by issuing the following.\n\n```bash\n$ docker-compose logs -f\n```\n\nLogs for every service are also available at `logs` folder.\n\n## Access\n\nUse the following username/password combination to login.\n\n - User: admin\n - Password: admin\n\nAlfresco and related web applications can be accessed from the below URIs when the servers have started.\n\n```\nhttp://localhost:8080/alfresco      - Alfresco Repository\nhttp://localhost:8080/share         - Alfresco Share\nhttps://localhost:8083/solr         - Alfresco Search Services (use keystores/client/browser.p12 certificate)\n```\n\n# Instructions to setup mTLS Communication when using local deployment\n\nIn order to apply this configuration when deploying Alfresco and Search Services in a local environment, following steps should be followed.\n\n## Alfresco configuration\n\nFor these steps, Alfresco Repository is expected to be installed in `/usr/local/tomcat` folder.\n\nNote that this configuration is only applied from Search Services 2.0.0, as it's using the `classical` configuration from [Alfresco SSL Generator](https://github.com/Alfresco/alfresco-ssl-generator)\n\nCopy the contents of the [keystores/alfresco](keystores/alfresco) folder to `/usr/local/tomcat/alf_data/keystore` folder.\n\n```\n$ ls -l /usr/local/tomcat/alf_data/keystore/\nkeystore\nkeystore-passwords.properties\nssl.keystore\nssl-keystore-passwords.properties\nssl.truststore\nssl-truststore-passwords.properties\n```\n\nAdd the following values to your `alfresco-global.properties` file.\n\n```\n$ cat /usr/local/tomcat/shared/classes/alfresco-global.properties\nsolr.host=localhost\nsolr.port.ssl=8983\nsolr.secureComms=https\ndir.keystore=/usr/local/tomcat/alf_data/keystore\nencryption.ssl.keystore.type=JCEKS\nencryption.ssl.truststore.type=JCEKS\n```\n\nAdd the following 8443 Connector to your Tomcat configuration file.\n\n```\n$ cat /usr/local/tomcat/conf/server.xml\n...\n    \u003cConnector port=\"8443\" protocol=\"org.apache.coyote.http11.Http11Protocol\"\n        connectionTimeout=\"20000\"\n        SSLEnabled=\"true\" maxThreads=\"150\" scheme=\"https\"\n        keystoreFile=\"/usr/local/tomcat/alf_data/keystore/ssl.keystore\"\n        keystorePass=\"kT9X6oe68t\" keystoreType=\"JCEKS\" secure=\"true\"\n        truststoreFile=\"/usr/local/tomcat/alf_data/keystore/ssl.truststore\"\n        truststorePass=\"kT9X6oe68t\" truststoreType=\"JCEKS\" clientAuth=\"want\" sslProtocol=\"TLS\"\u003e\n    \u003c/Connector\u003e\n  \u003c/Service\u003e\n\u003c/Server\u003e\n```\n\n## Search Services configuration\n\nFor these steps, Search Services is expected to be installed in `/opt/alfresco-search-services` folder.\n\nNote that this configuration is only applied from Search Services 2.0.0, as it's using the `current` configuration from [Alfresco SSL Generator](https://github.com/Alfresco/alfresco-ssl-generator)\n\nCopy the contents of the [keystores/solr](keystores/solr) folder to `/opt/alfresco-search-services/keystore` folder.\n\n```\n$ ls -l /opt/alfresco-search-services/keystore\nssl-repo-client.keystore\nssl-repo-client.truststore\n```\n\nAdd the following values to your `/opt/alfresco-search-services/solrhome/alfresco/conf/solrcore.properties` file (or to your `/opt/alfresco-search-services/solrhome/templates/rerank/conf/solrcore.properties` file if you are creating cores by default with `-Dcreate.alfresco.defaults=alfresco,archive` command line option)\n\n```\nalfresco.secureComms=https\nalfresco.encryption.ssl.keystore.location=/opt/alfresco-search-services/keystore/ssl-repo-client.keystore\nalfresco.encryption.ssl.keystore.passwordFileLocation=\nalfresco.encryption.ssl.keystore.type=JCEKS\nalfresco.encryption.ssl.truststore.location=/opt/alfresco-search-services/keystore/ssl-repo-client.truststore\nalfresco.encryption.ssl.truststore.passwordFileLocation=\nalfresco.encryption.ssl.truststore.type=JCEKS\n```\n\nAdd the following values to your `/opt/alfresco-search-services/solr.in.sh` file (or to `solr.in.cmd` file if you are installing SOLR in Windows)\n\n```\n$ cat /opt/alfresco-search-services/solr.in.sh\nSOLR_SSL_TRUST_STORE=/opt/alfresco-search-services/keystore/ssl-repo-client.truststore\nSOLR_SSL_TRUST_STORE_TYPE=JCEKS\nSOLR_SSL_TRUST_STORE_PASSWORD=kT9X6oe68t\nSOLR_SSL_KEY_STORE=/opt/alfresco-search-services/keystore/ssl-repo-client.keystore\nSOLR_SSL_KEY_STORE_TYPE=JCEKS\nSOLR_SSL_KEY_STORE_PASSWORD=kT9X6oe68t\nSOLR_SSL_NEED_CLIENT_AUTH=true\n```\n\nStart SOLR using the following parameters:\n\n```\n$ /opt/alfresco-search-services/solr/bin/solr start -a\n\"-Dcreate.alfresco.defaults=alfresco,archive \\\n-Dsolr.ssl.checkPeerName=false \\\n-Dsolr.allow.unsafe.resourceloading=true \\\n-Dsolr.jetty.truststore.password=kT9X6oe68t\n-Dsolr.jetty.keystore.password=kT9X6oe68t\n-Dssl-keystore.password=kT9X6oe68t\n-Dssl-keystore.aliases=ssl-alfresco-ca,ssl-repo-client\n-Dssl-keystore.ssl-alfresco-ca.password=kT9X6oe68t\n-Dssl-keystore.ssl-repo-client.password=kT9X6oe68t\n-Dssl-truststore.password=kT9X6oe68t\n-Dssl-truststore.aliases=ssl-alfresco-ca,ssl-repo,ssl-repo-client\n-Dssl-truststore.ssl-alfresco-ca.password=kT9X6oe68t\n-Dssl-truststore.ssl-repo.password=kT9X6oe68t\n-Dssl-truststore.ssl-repo-client.password=kT9X6oe68t\" -f\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faborroy%2Falfresco-solr-docker-mtls","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faborroy%2Falfresco-solr-docker-mtls","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faborroy%2Falfresco-solr-docker-mtls/lists"}