Installing and Configuring Alfresco Community Edition: A Comprehensive Guide — Parto 03
3 min readMay 31, 2024
HAProxy Load Balancer with Alfresco Session Persistence
This document outlines the steps for installing, configuring, and managing HAProxy as a load balancer for your Alfresco servers, ensuring session persistence.
1. Installation and Configuration of HAProxy
1.1. Install HAProxy
- Explanation: This command installs the HAProxy package using the
yum
package manager. Adjust the command based on your Linux distribution (e.g.,apt install haproxy
for Debian/Ubuntu).
yum -y install haproxy
1.2. Edit the Configuration File (/etc/haproxy/haproxy.cfg)
- Explanation: This step involves editing the HAProxy configuration file. Make sure to back up the original file before making changes.
sudo nano /etc/haproxy/haproxy.cfg
- Add the following lines at the end:
frontend http-in
bind *:80
http-request redirect scheme https code 301 # Force HTTPS redirection
frontend https-in
bind *:443 ssl crt /etc/haproxy/ssl force-tlsv12 # Secure HTTPS binding
#mode http # Uncomment for HTTP mode (optional) acl go_share hdr_beg(host) -i ecm.domain.com # Allow traffic for ecm.domain.com host ### Access Control Lists (ACLs)
acl robots path_reg ^/robots.txt$
acl alfresco_path path_reg ^/alfresco/.*
acl share_path path_reg ^/share/.*/proxy/alfresco/api/solr/.*
acl share_redirect path_reg ^$|^/$
acl cockpit_path path_reg ^/cockpit/.*
### http-request deny if alfresco_path go_share # Deny Alfresco requests for ecm.domain.com
redirect location /share/ if share_redirect go_share # Redirect root and empty paths to share
use_backend share if share_redirect # Use share backend for redirected paths
use_backend cockpit if cockpit_path # Use cockpit backend for cockpit paths
default_backend share # Default backend for all other trafficbackend share
stats enable
stats hide-version
stats uri /monitor
stats refresh 2s
balance roundrobin # Round-robin load balancing
option httpchk GET /share # Health check for backend servers
cookie JSESSIONID prefix # Maintain session IDs with prefix
server ecm1.domain.com XXX.XXX.XXX.XXX:80 check cookie ecm1 check inter 5000 # Backend server definition
server ecm2.domain.com XXX.XXX.XXX.XXX:80 check cookie ecm2 check inter 5000
Explanation of Configuration Options:
frontend http-in
: Defines a frontend that listens on port 80 and redirects all traffic to HTTPS.frontend https-in
: Defines a frontend that listens on port 443 with SSL encryption using the certificate stored at/etc/haproxy/ssl
. It enforces TLSv1.2 for secure communication (uncommentmode http
for HTTP mode if necessary).acl
directives: Define access control lists (ACLs) to route traffic based on path or host header.http-request deny if alfresco_path go_share
: Prevents direct access to Alfresco paths onecm.domain.com
.redirect location /share/ if share_redirect go_share
: Redirects root and empty paths to/share/
.use_backend
directives: Route traffic to specific backends based on ACL matches.default_backend share
: Sets the default backend for unmatched requests.backend share
: Defines a backend named "share" that uses round-robin load balancing, performs health checks usingGET /share
, and maintains session IDs with theJSESSIONID
cookie prefix.server
directives: Define the Alfresco servers (ecm1.domain.com
andecm2.domain.com
) with their IP addresses, ports, and health check options.
Part 01 : https://medium.com/p/6ddd06416711
Part 02 : https://medium.com/p/8a95c6fbf117