You are here

Configuring Alfresco on JBoss with Solr installed on a Tomcat instance

This section describes how to configure Alfresco deployed on JBoss EAP 6 with Solr on a separate Tomcat instance.

Before configuring Alfresco, ensure that:

  • Solr is installed on a separate Tomcat instance. For detailed information, see Configuring Solr.
  • Alfresco has been deployed on JBoss EAP 6.
  • JBoss server is not running.
The following instructions use <ALF_DATA> to refer to the value of the dir.root property, which specifies the directory where the content and indexes are stored.
  1. Add the following properties to the file:
  2. Generate certificates that will be used for Solr and Alfresco communication. The <ALF_DATA>\keystore\generate_keystores.bat can be used, the only requirement is to use JKS keystores and truststores, as JBoss does not support JCEKS.
  3. Replace the newly generated certificates with certificates in the <ALF_DATA>\keystore and Solr configuration directories.
  4. Add the SSL connector to the web subsystem in the <JBOSS_EAP_HOME>\standalone\configuration\standalone.xml file.

    <subsystem xmlns="urn:jboss:domain:web:1.5" default-virtual-server="default-host" native="false">
      <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
        <ssl name="ssl" key-alias="ssl.repo" password="kT9X6oe68t" certificate-key-file="<ALF_DATA>\keystore\ssl.keystore"
            protocol="TLSv1" verify-client="true" ca-certificate-file="<ALF_DATA>\keystore\ssl.truststore" keystore-type="JKS"
    Note: Remember to replace <ALF_DATA> with an actual path.
  5. Create the file in <ALF_DATA>\keystore with the following content:


    where SOLR_CLIENT_CERT_DNAME is the Solr client certificate subject name.

    For example, if the following certificate subject name was used:

    SOLR_CLIENT_CERT_DNAME="CN=Alfresco Repository Client, OU=Unknown, O=Alfresco Software Ltd., L=Maidenhead, ST=UK, C=GB"
    then contents of should be:
    CN\=Alfresco\ Repository\ Client,\ OU\=Unknown,\ O\=Alfresco\ Software\ Ltd.,\ L\=Maidenhead,\ ST\=UK,\ C\=GB=repoclient
  6. Add a security domain in the security subsystem in the <JBOSS_EAP_HOME>\standalone\configuration\ standalone.xml file.

    <subsystem xmlns="urn:jboss:domain:security:1.2">
     <security-domain name="trustStore">
      <jsse truststore-password="kT9X6oe68t" truststore-type="JKS" truststore-url="<ALF_DATA>\keystore\ssl.truststore" protocols="TLSv1"/>
     <security-domain name="alfresco" cache-type="default">
        <login-module code="CertificateRoles" flag="required">
          <module-option name="securityDomain" value="java:/jaas/trustStore"/>
          <module-option name="verifier" value=""/>
          <module-option name="rolesProperties" value="<ALF_DATA>\keystore\"/>

    where <ALF_DATA> should be substituted with an actual path.

  7. Unzip the alfresco-enterprise-4.2.7.ear\alfresco.war file and add the security domain to the WEB-INF\jboss-web.xml file:

    <?xml version='1.0' encoding='UTF-8'?>
    <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 4.2//EN" "">
  8. Start the standalone JBoss Web Server.
  9. Redeploy the Alfresco EAR as we have made changes to it.