inteligr8/SearchServices
1
0
Fork 0
mirror of https://github.com/Alfresco/SearchServices.git synced 2025-10-08 14:51:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'feature/SEARCH-1656_SSLByDefault' into 'master'

Browse Source 
Feature/search 1656 ssl by default

See merge request search_discovery/insightengine!16
This commit is contained in:
Angel Borroy
2019-06-17 15:34:56 +01:00
parent 8267d0f499 879c138006
commit 945229a496
18 changed files with 434 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

313
search-services/README.md
View File

@@ -7,40 +7,123 @@ Alfresco Search Services using Alfresco and Apache Solr
Git:
```bash
git clone https://github.com/Alfresco/SearchServices.git
$ git clone https://github.com/Alfresco/SearchServices.git
```
### Use Maven
Build project:
Build the project:
```bash
mvn clean install
$ mvn clean install -DskipTests=true
```
All the resources needed for the docker image will be available under packaging/target/docker-resources/
All the resources required to run Alfresco Search Services will be available under `packaging/target` folder.
### Start Alfresco Search Services from source
To run Alfresco Search Services locally first build the zip file using:
To run Alfresco Search Services locally, building the ZIP distribution file is required.
```bash
mvn clean install
$ mvn clean install -DskipTests=true
```
Extract the zip file and launch Alfresco Search Services using:
After the project is successfully built, ZIP can be extracted.
```bash
cd packaging/target
unzip alfresco-search-services-*.zip
cd alfresco-search-services/solr
./bin/solr start -Dcreate.alfresco.defaults=alfresco,archive
$ cd packaging/target
$ unzip alfresco-search-services-*.zip
$ cd alfresco-search-services
```
If you also start an ACS instance then index will be populated. By default Alfresco Search Services runs on port 8983, but this can be set by supplying e.g. `-p 8083` to the "solr start" command.
From Alfresco *Search Services 1.3.0.3*, distribution ZIP is released with Mutual Authentication TLS (SSL) by default. So before starting the service, generating secure keys for SSL communication is required. You can find detailed information for this step at [Alfresco documentation](https://docs.alfresco.com/search-enterprise/tasks/generate-keys-ssl.html).
The `keystores` folder generated by the SSL Tool contains the keystores and truststores for SSL configuration. In the following steps, it's assumed that SSL Tool has been executed from `/tmp` or `C:\tmp` folder.
```bash
$ tree /tmp/keystores/
keystores/
├── alfresco
│   ├── keystore
│   ├── keystore-passwords.properties
│   ├── ssl-keystore-passwords.properties
│   ├── ssl-truststore-passwords.properties
│   ├── ssl.keystore
│   └── ssl.truststore
├── client
│   └── browser.p12
├── solr
│   ├── ssl-keystore-passwords.properties
│   ├── ssl-truststore-passwords.properties
│   ├── ssl.repo.client.keystore
│   └── ssl.repo.client.truststore
└── zeppelin
├── ssl.repo.client.keystore
└── ssl.repo.client.truststore
```
SOLR SSL configuration files are available in `/tmp/keystores/solr` folder.
These files must be copied to `rerank` configuration folder.
```
$ cp /tmp/keystores/solr/* solrhome/templates/rerank/conf
```
If you are running from a *Linux* or *Mac OS X* machine, add following lines to `solr.in.sh` file.
```
SOLR_SSL_KEY_STORE=/tmp/keystores/solr/ssl.repo.client.keystore
SOLR_SSL_KEY_STORE_PASSWORD=keystore
SOLR_SSL_KEY_STORE_TYPE=JCEKS
SOLR_SSL_TRUST_STORE=/tmp/keystores/solr/ssl.repo.client.truststore
SOLR_SSL_TRUST_STORE_PASSWORD=truststore
SOLR_SSL_TRUST_STORE_TYPE=JCEKS
SOLR_SSL_NEED_CLIENT_AUTH=true
SOLR_SSL_WANT_CLIENT_AUTH=false
```
If you are running from a *Windows* machine, add following lines to `solr.in.cmd` file.
```
set SOLR_SSL_KEY_STORE=C:\tmp\keystores\solr\ssl.repo.client.keystore
SOLR_SSL_KEY_STORE_PASSWORD=keystore
SOLR_SSL_KEY_STORE_TYPE=JCEKS
SOLR_SSL_TRUST_STORE=C:\tmp\keystores\solr\ssl.repo.client.truststore
SOLR_SSL_TRUST_STORE_PASSWORD=truststore
SOLR_SSL_TRUST_STORE_TYPE=JCEKS
SOLR_SSL_NEED_CLIENT_AUTH=true
SOLR_SSL_WANT_CLIENT_AUTH=false
```
Once this settings are ready, start SOLR service from command line:
```
$ ./solr/bin/solr start "-Dcreate.alfresco.defaults=alfresco,archive \
-Dsolr.ssl.checkPeerName=false \
-Dsolr.allow.unsafe.resourceloading=true" -f
```
SOLR will create Alfresco cores (`alfresco` and `archive`) when starting, and configuration from `rerank` template will be copied to each core.
If you also started an ACS instance running in [https://localhost:8443/alfresco](https://localhost:8443/alfresco) with the keystores provided by the SSL Tool (`keystores/alfresco` folder), then the index will be populated.
SOLR Web Console will be available at:
[https://localhost:8983/solr](https://localhost:8983/solr)
**Note** Client certificate `browser.p12`, generated by the SSL Tool, is required to be installed in your browser in order to access to this Web Console.
By default Alfresco Search Services runs on port 8983, but this can be set by supplying e.g. `-p 8083` to the "solr start" command.
To set up remote debugging (on port 5005) start Alfresco Search Services with the following command and then connect using your IDE:
```bash
./bin/solr start -a "-Dcreate.alfresco.defaults=alfresco,archive -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=5005"
$ ./solr/bin/solr start -a "-Dcreate.alfresco.defaults=alfresco,archive \
-Dsolr.ssl.checkPeerName=false \
-Dsolr.allow.unsafe.resourceloading=true \
-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=5005" -f
```
DBID based sharding can be set up from the command line. For example a core containing shards 0, 1, 6 and 7 from an
@@ -56,34 +139,211 @@ replication of shards to achieve the desired index performance and redundancy.
To stop Alfresco Search Services:
```bash
./bin/solr stop
$ ./solr/bin/solr stop
```
### Docker
To build the docker image:
**Using Plain HTTP**
If you want to use Plain HTTP for SOLR instead of Mutual Auth TLS (SSL), use following steps.
```bash
cd packaging/target/docker-resources/
docker build -t searchservices:develop .
$ mvn clean install -DskipTests=true
```
After the project is successfully built, ZIP can be extracted.
```bash
$ cd packaging/target
$ unzip alfresco-search-services-*.zip
$ cd alfresco-search-services
```
Change default Alfresco Communication protocol to `none`.
```bash
$ sed -i 's/alfresco.secureComms=https/alfresco.secureComms=none/' solrhome/templates/rerank/conf/solrcore.properties
```
*Note* Above line is written in GNU sed, you can use `gsed` from Mac OS X or just edit the file with a Text Editor.
Start SOLR service from command line:
```
$ ./solr/bin/solr start "-Dcreate.alfresco.defaults=alfresco,archive" -f
```
SOLR will create Alfresco cores (`alfresco` and `archive`) when starting, and configuration from `rerank` template will be copied to each core and if you also started an ACS instance running in [http://localhost:8080/alfresco](http://localhost:8080/alfresco) then the index will be populated.
SOLR Web Console will be available at:
[http://localhost:8983/solr](http://localhost:8983/solr)
### Use Alfresco Search Services Docker Image
Once the project has been built, the Docker image can be also built:
```bash
$ cd packaging/target/docker-resources/
$ docker build -t searchservices:develop .
```
*Search Services* Docker image is configured with with **Mutual Authentication TLS (SSL)** by default.
**Configuration**
To pass an environment variable, it can be used the "-e" argument:
```bash
$ docker run -e SOLR_JAVA_MEM="-Xms4g -Xmx4g" -p 8983:8983 searchservices:develop
```
To pass several environment variables (e.g. SOLR\_ALFRESCO\_HOST, SOLR\_ALFRESCO\_PORT, SOLR\_SOLR\_HOST, SOLR\_SOLR\_PORT, SOLR\_CREATE\_ALFRESCO\_DEFAULTS, SOLR\_HEAP, etc.), just include the "-e" argument as times as required:
```bash
$ docker run -e SOLR_ALFRESCO_HOST=localhost -e SOLR_ALFRESCO_PORT=8080 -p 8983:8983 searchservices:develop
```
**Using Mutual Auth TLS (SSL)**
This Docker image is exposing as VOLUME the folder `/opt/alfresco-search-services/keystores`, that can be used to mount `keystores` folder from host.
By default Docker image is using SSL, but an environment variable `ALFRESCO_SECURE_COMMS=https` can be also passed to the Docker container to declare explicitly the SSL mode.
Additionally, SOLR Jetty server must be configured to start in SSL Mode using `SOLR_SSL_*` environment variables and Search Services must be configured by using Java environment variables starting with `alfresco.encryption.ssl.*`
Following command will start Search Services with SSL using keystores located at `/tmp/keystores/solr`. Note that the internal folders are relative to `/opt/alfresco-search-services/keystores`, as this is the Docker container folder exposed to hold the keystores.
```bash
$ docker run -p 8983:8983 \
-v /tmp/keystores/solr:/opt/alfresco-search-services/keystores \
-e SOLR_CREATE_ALFRESCO_DEFAULTS=alfresco,archive \
-e SOLR_SSL_KEY_STORE=/opt/alfresco-search-services/keystores/ssl.repo.client.keystore \
-e SOLR_SSL_KEY_STORE_PASSWORD=keystore \
-e SOLR_SSL_KEY_STORE_TYPE=JCEKS \
-e SOLR_SSL_TRUST_STORE=/opt/alfresco-search-services/keystores/ssl.repo.client.truststore \
-e SOLR_SSL_TRUST_STORE_PASSWORD=truststore \
-e SOLR_SSL_TRUST_STORE_TYPE=JCEKS \
-e SOLR_SSL_NEED_CLIENT_AUTH=true \
-e SOLR_OPTS="-Dsolr.ssl.checkPeerName=false \
-Dsolr.allow.unsafe.resourceloading=true \
-Dalfresco.encryption.ssl.keystore.type=JCEKS
-Dalfresco.encryption.ssl.keystore.location=/opt/alfresco-search-services/keystores/ssl.repo.client.keystore
-Dalfresco.encryption.ssl.keystore.passwordFileLocation=/opt/alfresco-search-services/keystores/ssl-keystore-passwords.properties
-Dalfresco.encryption.ssl.truststore.type=JCEKS
-Dalfresco.encryption.ssl.truststore.location=/opt/alfresco-search-services/keystores/ssl.repo.client.truststore
-Dalfresco.encryption.ssl.truststore.passwordFileLocation=/opt/alfresco-search-services/keystores/ssl-truststore-passwords.properties
" \
searchservices:develop
```
SOLR Web Console will be available at:
[https://localhost:8983/solr](https://localhost:8983/solr)
*Note* You must install the `browser.p12` certificate in your browser in order to access to this URL.
**Using Plain HTTP**
By default Docker image is using SSL, so it's required to add an environment variable `ALFRESCO_SECURE_COMMS=none` to use SOLR in plain HTTP mode.
To run the docker image:
```bash
docker run -p 8983:8983 searchservices:develop
$ docker run -p 8983:8983 -e ALFRESCO_SECURE_COMMS=none -e SOLR_CREATE_ALFRESCO_DEFAULTS=alfresco,archive searchservices:develop
```
To pass an environment variable:
SOLR Web Console will be available at:
```bash
docker run -e SOLR_JAVA_MEM=“-Xms4g -Xmx4g” -p 8983:8983 searchservices:develop
[http://localhost:8983/solr](http://localhost:8983/solr)
**Public Docker repository**
This Docker Image is available at Alfresco Docker Hub:
[https://hub.docker.com/r/alfresco/alfresco-search-services](https://hub.docker.com/r/alfresco/alfresco-search-services)
To use the public image instead of the local one (`searchservices:develop`) just use `alfresco/alfresco-search-services:1.3.x.x` labels.
### Use Alfresco Search Services Docker Image with Docker Compose
Sample configuration in a Docker Compose file using **Plain HTTP** protocol to communicate with Alfresco Repository.
```
solr6:
image: searchservices:develop
mem_limit: 2500m
environment:
# Solr needs to know how to register itself with Alfresco
SOLR_ALFRESCO_HOST: "alfresco"
SOLR_ALFRESCO_PORT: "8080"
# Alfresco needs to know how to call solr
SOLR_SOLR_HOST: "solr6"
SOLR_SOLR_PORT: "8983"
# HTTP settings
ALFRESCO_SECURE_COMMS: "none"
#Create the default alfresco and archive cores
SOLR_CREATE_ALFRESCO_DEFAULTS: "alfresco,archive"
SOLR_JAVA_MEM: "-Xms2g -Xmx2g"
ports:
- 8083:8983 #Browser port
```
To pass several environment variables (e.g. SOLR\_ALFRESCO\_HOST, SOLR\_ALFRESCO\_PORT, SOLR\_SOLR\_HOST, SOLR\_SOLR\_PORT, SOLR\_CREATE\_ALFRESCO\_DEFAULTS, SOLR\_HEAP, etc.):
SOLR Web Console will be available at:
[http://localhost:8983/solr](http://localhost:8983/solr)
Sample configuration in a Docker Compose file using **Mutual Auth TLS (SSL)** protocol to communicate with Alfresco Repository.
```bash
docker run -e SOLR_ALFRESCO_HOST=localhost -e SOLR_ALFRESCO_PORT=8080 -p 8983:8983 searchservices:develop
```
solr6:
image: searchservices:develop
mem_limit: 2500m
environment:
# Solr needs to know how to register itself with Alfresco
SOLR_ALFRESCO_HOST: "alfresco"
SOLR_ALFRESCO_PORT: "8443"
# Alfresco needs to know how to call solr
SOLR_SOLR_HOST: "solr6"
SOLR_SOLR_PORT: "8983"
# SSL settings
ALFRESCO_SECURE_COMMS: "https"
SOLR_SSL_TRUST_STORE: "/opt/alfresco-search-services/keystore/ssl.repo.client.truststore"
SOLR_SSL_TRUST_STORE_PASSWORD: "truststore"
SOLR_SSL_TRUST_STORE_TYPE: "JCEKS"
SOLR_SSL_KEY_STORE: "/opt/alfresco-search-services/keystore/ssl.repo.client.keystore"
SOLR_SSL_KEY_STORE_PASSWORD: "keystore"
SOLR_SSL_KEY_STORE_TYPE: "JCEKS"
SOLR_SSL_NEED_CLIENT_AUTH: "true"
#Create the default alfresco and archive cores
SOLR_CREATE_ALFRESCO_DEFAULTS: "alfresco,archive"
SOLR_JAVA_MEM: "-Xms2g -Xmx2g"
SOLR_OPTS: "
-Dsolr.ssl.checkPeerName=false
-Dsolr.allow.unsafe.resourceloading=true
-Dalfresco.encryption.ssl.keystore.type=JCEKS
-Dalfresco.encryption.ssl.keystore.location=/opt/alfresco-search-services/keystores/ssl.repo.client.keystore
-Dalfresco.encryption.ssl.keystore.passwordFileLocation=/opt/alfresco-search-services/keystores/ssl-keystore-passwords.properties
-Dalfresco.encryption.ssl.truststore.type=JCEKS
-Dalfresco.encryption.ssl.truststore.location=/opt/alfresco-search-services/keystores/ssl.repo.client.truststore
-Dalfresco.encryption.ssl.truststore.passwordFileLocation=/opt/alfresco-search-services/keystores/ssl-truststore-passwords.properties
"
ports:
- 8083:8983 #Browser port
volumes:
- ./keystores/solr:/opt/alfresco-search-services/keystores
```
SOLR Web Console will be available at:
[https://localhost:8983/solr](https://localhost:8983/solr)
**Samples for development use only**
docker-compose files can be used to start up Search Services with Alfresco and Share. There are two docker-composes files available. Depending on the version you want to start either change to 5.x or 6.x. E.g.
@@ -97,12 +357,13 @@ This will start up Alfresco, Postgres, Share and SearchServices. You can access
* Alfresco: http://localhost:8081/alfresco
* Share: http://localhost:8082/share
* Solr: http://localhost:8083/solr
If you start version 5.x instead you can also access the API Explorer:
* API Explorer: http://localhost:8084/api-explorer
### License
Copyright (C) 2005 - 2017 Alfresco Software Limited
This file is part of the Alfresco software.

2
search-services/alfresco-search/src/main/java/org/alfresco/solr/config/ConfigUtil.java
View File

@@ -52,7 +52,7 @@ public class ConfigUtil {
{
String propertyValue = null;
String propertyKey = propertyName.toLowerCase();
String propertyKey = propertyName;
String jndiKey = convertPropertyNameToJNDIPath(propertyKey);
String envVar = convertPropertyNameToEnvironmentParam(propertyKey);

34
search-services/alfresco-search/src/main/java/org/apache/solr/core/CoreDescriptorDecorator.java
View File

@@ -18,12 +18,14 @@
*/
package org.apache.solr.core;
import com.google.common.collect.ImmutableList;
import java.util.List;
import java.util.Properties;
import org.alfresco.solr.config.ConfigUtil;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import java.util.Properties;
import com.google.common.collect.ImmutableList;
/**
* This class was created solely for the purpose of exposing the coreProperties of the CoreDescriptor.
@@ -32,13 +34,16 @@ import java.util.Properties;
* The Substitutable Properties are defined in the substitutableProperties list.
* @author Ahmed Owian
* @author Gethin James
* @author aborroy
*/
public class CoreDescriptorDecorator
{
private static Log log = LogFactory.getLog(CoreDescriptorDecorator.class);
private final Properties properties = new Properties();
private static String SECURE_COMMS_PROPERTY = "alfresco.secureComms";
public static ImmutableList<String> substitutableProperties =
public static ImmutableList<String> substitutablePropertiesSecure =
ImmutableList.of(
"alfresco.host",
"alfresco.port",
@@ -54,18 +59,37 @@ public class CoreDescriptorDecorator
"alfresco.encryption.ssl.keystore.provider",
"alfresco.encryption.ssl.truststore.type");
public static ImmutableList<String> substitutablePropertiesNone =
ImmutableList.of(
"alfresco.host",
"alfresco.port",
"alfresco.baseUrl",
"alfresco.secureComms");
public CoreDescriptorDecorator(CoreDescriptor descriptor)
{
properties.putAll(descriptor.coreProperties);
List<String> coreProperties;
String comms = ConfigUtil.locateProperty(SECURE_COMMS_PROPERTY, "none");
if (comms.equals("https"))
{
coreProperties = substitutablePropertiesSecure;
}
else
{
coreProperties = substitutablePropertiesNone;
}
try
{
substitutableProperties.forEach(prop ->
coreProperties.forEach(prop ->
properties.put(prop, ConfigUtil.locateProperty(prop,properties.getProperty(prop)))
);
}
catch(Exception e)
{
log.warn("Unable to locate alfresco host|port|baseUrl|ssl properties");
log.warn("Unable to locate alfresco host|port|baseUrl|ssl properties", e);
}
}

5
search-services/alfresco-search/src/main/resources/solr/instance/templates/noRerank/conf/solrcore.properties
View File

@@ -33,9 +33,10 @@ alfresco.recordUnindexedNodes=false
# encryption
# none, https
alfresco.secureComms=none
alfresco.secureComms=https
# ssl
# ssl, default values
# keystore and trustore files are not provided by default
alfresco.encryption.ssl.keystore.type=JCEKS
alfresco.encryption.ssl.keystore.provider=
alfresco.encryption.ssl.keystore.location=ssl.repo.client.keystore

7
search-services/alfresco-search/src/main/resources/solr/instance/templates/noRerank/conf/ssl-keystore-passwords.properties
View File

@@ -1,7 +0,0 @@
aliases=ssl.alfresco.ca,ssl.repo.client
# The ssl keystore password
keystore.password=kT9X6oe68t
# The password protecting the ssl repository key
ssl.repo.client.password=kT9X6oe68t
# The password protecting the ssl Alfresco CA key
ssl.alfresco.ca.password=kT9X6oe68t

5
search-services/alfresco-search/src/main/resources/solr/instance/templates/noRerank/conf/ssl-truststore-passwords.properties
View File

@@ -1,5 +0,0 @@
aliases=alfresco.ca
# The ssl truststore password
keystore.password=kT9X6oe68t
# The password protecting the ssl Alfresco CA strust certificate
alfresco.ca.password=kT9X6oe68t

BIN
search-services/alfresco-search/src/main/resources/solr/instance/templates/noRerank/conf/ssl.repo.client.keystore
View File

Binary file not shown.

BIN
search-services/alfresco-search/src/main/resources/solr/instance/templates/noRerank/conf/ssl.repo.client.truststore
View File

Binary file not shown.

5
search-services/alfresco-search/src/main/resources/solr/instance/templates/rerank/conf/solrcore.properties
View File

@@ -33,9 +33,10 @@ alfresco.recordUnindexedNodes=false
# encryption
# none, https
alfresco.secureComms=none
alfresco.secureComms=https
# ssl
# ssl, default values
# keystore and trustore files are not provided by default
alfresco.encryption.ssl.keystore.type=JCEKS
alfresco.encryption.ssl.keystore.provider=
alfresco.encryption.ssl.keystore.location=ssl.repo.client.keystore

7
search-services/alfresco-search/src/main/resources/solr/instance/templates/rerank/conf/ssl-keystore-passwords.properties
View File

@@ -1,7 +0,0 @@
aliases=ssl.alfresco.ca,ssl.repo.client
# The ssl keystore password
keystore.password=kT9X6oe68t
# The password protecting the ssl repository key
ssl.repo.client.password=kT9X6oe68t
# The password protecting the ssl Alfresco CA key
ssl.alfresco.ca.password=kT9X6oe68t

5
search-services/alfresco-search/src/main/resources/solr/instance/templates/rerank/conf/ssl-truststore-passwords.properties
View File

@@ -1,5 +0,0 @@
aliases=alfresco.ca
# The ssl truststore password
keystore.password=kT9X6oe68t
# The password protecting the ssl Alfresco CA strust certificate
alfresco.ca.password=kT9X6oe68t

BIN
search-services/alfresco-search/src/main/resources/solr/instance/templates/rerank/conf/ssl.repo.client.keystore
View File

Binary file not shown.

BIN
search-services/alfresco-search/src/main/resources/solr/instance/templates/rerank/conf/ssl.repo.client.truststore
View File

Binary file not shown.

119
search-services/alfresco-solrclient-lib/src/main/java/org/alfresco/solr/client/SOLRAPIClientFactory.java
View File

@@ -38,6 +38,7 @@ import org.alfresco.httpclient.HttpClientFactory;
import org.alfresco.httpclient.HttpClientFactory.SecureCommsType;
import org.alfresco.repo.dictionary.NamespaceDAO;
import org.alfresco.service.cmr.dictionary.DictionaryService;
import org.apache.commons.httpclient.params.DefaultHttpParams;
/**
* This factory encapsulates the creation of a SOLRAPIClient and the management of that resource.
@@ -53,10 +54,6 @@ public class SOLRAPIClientFactory
// encryption related parameters
private String secureCommsType; // "none", "https"
private String keyStoreType;
private String keyStoreProvider;
private String passwordFileLocation;
private String keyStoreLocation;
// ssl
private String sslKeyStoreType;
@@ -151,24 +148,25 @@ public class SOLRAPIClientFactory
if (client == null)
{
baseUrl = props.getProperty("alfresco.baseUrl", "/alfresco");
keyStoreType = props.getProperty("alfresco.encryption.keystore.type", "JCEKS");
keyStoreProvider = props.getProperty("alfresco.encryption.keystore.provider");
passwordFileLocation = props.getProperty("alfresco.encryption.keystore.passwordFileLocation");
keyStoreLocation = props.getProperty("alfresco.encryption.keystore.location");
sslKeyStoreType = props.getProperty("alfresco.encryption.ssl.keystore.type", "JCEKS");
sslKeyStoreProvider = props.getProperty("alfresco.encryption.ssl.keystore.provider", "");
sslKeyStoreLocation = props.getProperty("alfresco.encryption.ssl.keystore.location",
"ssl.repo.client.keystore");
sslKeyStorePasswordFileLocation = props.getProperty(
"alfresco.encryption.ssl.keystore.passwordFileLocation", "ssl-keystore-passwords.properties");
sslTrustStoreType = props.getProperty("alfresco.encryption.ssl.truststore.type", "JCEKS");
sslTrustStoreProvider = props.getProperty("alfresco.encryption.ssl.truststore.provider", "");
sslTrustStoreLocation = props.getProperty("alfresco.encryption.ssl.truststore.location",
"ssl.repo.client.truststore");
sslTrustStorePasswordFileLocation = props.getProperty(
"alfresco.encryption.ssl.truststore.passwordFileLocation",
"ssl-truststore-passwords.properties");
// Load SSL settings only when using HTTPs protocol
secureCommsType = props.getProperty("alfresco.secureComms", "none");
if (secureCommsType.equals("https"))
{
sslKeyStoreType = getProperty(props, "alfresco.encryption.ssl.keystore.type", "JCEKS");
sslKeyStoreProvider = getProperty(props, "alfresco.encryption.ssl.keystore.provider", "");
sslKeyStoreLocation = getProperty(props, "alfresco.encryption.ssl.keystore.location",
"ssl.repo.client.keystore");
sslKeyStorePasswordFileLocation = getProperty(props,
"alfresco.encryption.ssl.keystore.passwordFileLocation",
"ssl-keystore-passwords.properties");
sslTrustStoreType = getProperty(props, "alfresco.encryption.ssl.truststore.type", "JCEKS");
sslTrustStoreProvider = getProperty(props, "alfresco.encryption.ssl.truststore.provider", "");
sslTrustStoreLocation = getProperty(props, "alfresco.encryption.ssl.truststore.location",
"ssl.repo.client.truststore");
sslTrustStorePasswordFileLocation = getProperty(props,
"alfresco.encryption.ssl.truststore.passwordFileLocation",
"ssl-truststore-passwords.properties");
}
maxTotalConnections = Integer.parseInt(props.getProperty("alfresco.maxTotalConnections", "40"));
maxHostConnections = Integer.parseInt(props.getProperty("alfresco.maxHostConnections", "40"));
socketTimeout = Integer.parseInt(props.getProperty("alfresco.socketTimeout", "60000"));
@@ -182,20 +180,79 @@ public class SOLRAPIClientFactory
protected AlfrescoHttpClient getRepoClient(KeyResourceLoader keyResourceLoader)
{
// TODO i18n
KeyStoreParameters keyStoreParameters = new KeyStoreParameters("SSL Key Store", sslKeyStoreType,
sslKeyStoreProvider, sslKeyStorePasswordFileLocation, sslKeyStoreLocation);
KeyStoreParameters trustStoreParameters = new KeyStoreParameters("SSL Trust Store", sslTrustStoreType,
sslTrustStoreProvider, sslTrustStorePasswordFileLocation, sslTrustStoreLocation);
SSLEncryptionParameters sslEncryptionParameters = new SSLEncryptionParameters(keyStoreParameters,
trustStoreParameters);
HttpClientFactory httpClientFactory = new HttpClientFactory(SecureCommsType.getType(secureCommsType),
HttpClientFactory httpClientFactory = null;
if (secureCommsType.equals("https"))
{
KeyStoreParameters keyStoreParameters = new KeyStoreParameters("SSL Key Store", sslKeyStoreType,
sslKeyStoreProvider, sslKeyStorePasswordFileLocation, sslKeyStoreLocation);
KeyStoreParameters trustStoreParameters = new KeyStoreParameters("SSL Trust Store", sslTrustStoreType,
sslTrustStoreProvider, sslTrustStorePasswordFileLocation, sslTrustStoreLocation);
SSLEncryptionParameters sslEncryptionParameters = new SSLEncryptionParameters(keyStoreParameters,
trustStoreParameters);
httpClientFactory = new HttpClientFactory(SecureCommsType.getType(secureCommsType),
sslEncryptionParameters, keyResourceLoader, null, null, alfrescoHost, alfrescoPort,
alfrescoPortSSL, maxTotalConnections, maxHostConnections, socketTimeout);
// TODO need to make port configurable depending on secure comms, or just make redirects work
}
else
{
httpClientFactory = new PlainHttpClientFactory(alfrescoHost, alfrescoPort, maxTotalConnections, maxHostConnections);
}
AlfrescoHttpClient repoClient = httpClientFactory.getRepoClient(alfrescoHost, alfrescoPortSSL);
repoClient.setBaseUrl(baseUrl);
return repoClient;
}
/**
* Return property value from system (passed as -D argument).
* If the system property does not exists, return local value from solrcore.properties
* If the local property does not exists, return default value
*
* @param props Local properties file (solrcore.properties)
* @param key The property key
* @return The value
*/
private String getProperty(Properties props, String key, String defaultValue)
{
String value = System.getProperties().getProperty(key);
if (value == null)
{
value = props.getProperty(key);
}
if (value == null)
{
value = defaultValue;
}
return value;
}
/**
* Local class to avoid loading sslEntryptionParameters for plain http connections.
*
* @author aborroy
*
*/
class PlainHttpClientFactory extends HttpClientFactory
{
public PlainHttpClientFactory(String host, int port, int maxTotalConnections, int maxHostConnections)
{
setSecureCommsType("none");
setHost(host);
setPort(port);
setMaxTotalConnections(maxTotalConnections);
setMaxHostConnections(maxHostConnections);
init();
}
@Override
public void init()
{
DefaultHttpParams.setHttpParamsFactory(new NonBlockingHttpParamsFactory());
}
}
}

2
search-services/packaging/src/docker/6.x/docker-compose.yml
View File

@@ -45,6 +45,8 @@ services:
- SOLR_SOLR_PORT=8983
#Create the default alfresco and archive cores
- SOLR_CREATE_ALFRESCO_DEFAULTS=alfresco,archive
#HTTP by default
- ALFRESCO_SECURE_COMMS=none
ports:
- 8083:8983 #Browser port
activemq:

2
search-services/packaging/src/docker/Dockerfile
View File

@@ -42,6 +42,8 @@ WORKDIR $DIST_DIR
VOLUME $DIST_DIR/data
VOLUME $DIST_DIR/solrhome
# Expose a folder to mount keystores in the host (required for Mutual TLS Auth)
VOLUME $DIST_DIR/keystores
EXPOSE 8983
USER ${USERNAME}

14
search-services/packaging/src/docker/search_config_setup.sh
View File

@@ -18,4 +18,18 @@ if [[ ! -z "$SOLR_JAVA_MEM" ]]; then
sed -i -e "s/.*SOLR_JAVA_MEM=.*/SOLR_JAVA_MEM=\"$SOLR_JAVA_MEM\"/g" $SOLR_IN_FILE
fi
# By default Docker Image is using TLS Mutual Authentication (SSL) for communications with Repository
# Plain HTTP can be enabled by setting ALFRESCO_SECURE_COMMS to 'none'
if [[ "none" == "$ALFRESCO_SECURE_COMMS" ]]; then
sed -i 's/alfresco.secureComms=https/alfresco.secureComms=none/' ${PWD}/solrhome/templates/rerank/conf/solrcore.properties
sed -i 's/alfresco.secureComms=https/alfresco.secureComms=none/' ${PWD}/solrhome/templates/noRerank/conf/solrcore.properties
# Apply also the setting to existing SOLR cores property files when existing
if [[ -f ${PWD}/solrhome/alfresco/conf/solrcore.properties ]]; then
sed -i 's/alfresco.secureComms=https/alfresco.secureComms=none/' ${PWD}/solrhome/alfresco/conf/solrcore.properties
fi
if [[ -f ${PWD}/solrhome/archive/conf/solrcore.properties ]]; then
sed -i 's/alfresco.secureComms=https/alfresco.secureComms=none/' ${PWD}/solrhome/archive/conf/solrcore.properties
fi
fi
bash -c "$@"

22
search-services/packaging/src/main/resources/README.MD
View File

@@ -1,28 +1,16 @@
## Alfresco Search Services
Alfresco Search Services ${project.version} using Apache Solr ${solr.version}
## Solr 6
Solr 6 is now available as a drop in replacement for Solr 4 with Alfresco 5.2.
Find out more about Solr 6 and how to be installed at:
Solr 6 brings with it a number of new features:
* Community users: https://docs.alfresco.com/search-community/concepts/search-home.html
- SHARDING by DATE, PROPERTY & DBID
- FINGERPRINTS to find similar documents
- Indexing Multiple Document Versions
- Full SSL support with sharding
* Enterprise users: https://docs.alfresco.com/search-enterprise/concepts/search-home.html
Find out more about Solr 6 and how it differs here: http://docs.alfresco.com/5.2/concepts/solr6-home.html
### Install & Run
**Please read the [Installation Documentation](http://docs.alfresco.com/5.2/concepts/solr6-install-config.html).**
To run, unzip then
```
solr/bin/solr start
```
### License
Copyright (C) 2005 - 2017 Alfresco Software Limited
Copyright (C) 2005 - 2019 Alfresco Software Limited
This file is part of the Alfresco software.
If the software was purchased under a paid Alfresco license, the terms of