How to Install Alfresco Community Edition on CentOS 7

Updated on May 4, 2018
How to Install Alfresco Community Edition on CentOS 7 header image

Alfresco Community Edition is an open source version of the Alfresco Content Services. It is written in Java and uses PostgreSQL to store its database. Alfresco is an enterprise content management system for many types of digital assets such as documents, records, web, images, videos and more. It is also used for collaborative content development. The file repository of your hosted Alfresco can be accessed using SMB, WebDAV, FTP, and CIMS. Searching through the files is powered by Apache Solr.

Prerequisites

  • A Vultr CentOS 7 server instance with at least 4GB RAM.
  • A sudo user.
  • A domain name pointed towards the server.

For this tutorial, we will use 192.168.0.1 as the public IP address and share.example.com as the domain name pointed towards the Vultr instance. Please make sure to replace all occurrences of the example domain name and public IP address with the actual one.

Update your base system using the guide How to Update CentOS 7. Once your system has been updated, proceed to install the dependencies.

Install Dependencies

Alfresco provides a ready to install binary installer package which contains all the software required to run the application. However, we need to install a few dependencies to support the LibreOffice plugin.

sudo yum -y install fontconfig libSM libICE libXrender libXext cups-libs libGLU cairo mesa-libGL-devel

Remove Postfix.

sudo yum -y remove postfix

Install Alfresco

Download the installer package from the Alfresco website. You can always find the link to the latest installer on the Alfresco download page.

wget https://download.alfresco.com/release/community/201707-build-00028/alfresco-community-installer-201707-linux-x64.bin

Provide execution permissions to the installer file.

sudo chmod +x alfresco-community-installer-201707-linux-x64.bin

Start the installation.

sudo ./alfresco-community-installer-201707-linux-x64.bin

Select the language of installation. For the installation type, you can choose the first one which says "Easy install" method. This will install the application with the default configuration.

Choose the default location /opt/alfresco-community for the installation of the application.

Specify the administrator password and choose "Y" for the installation as a service. This will create a startup service to easily start and manage the application process.

Note: Alfresco recommends at least 2 CPU and 4GB RAM. If your system does not have the recommended configuration, you might get a warning saying the environment is not configured optimally for Alfresco Content Services, however, you can still proceed with the installation.

The installation of the application should start now. Once the application is installed, you will be asked if you want to launch Alfresco Community server. If you choose "Y", the application will start the server immediately and you will see the following output.

Launch Alfresco Community [Y/n]: y

waiting for server to start.... done
server started
/opt/alfresco-community/postgresql/scripts/ctl.sh : postgresql  started at port 5432
Using CATALINA_BASE:   /opt/alfresco-community/tomcat
Using CATALINA_HOME:   /opt/alfresco-community/tomcat
Using CATALINA_TMPDIR: /opt/alfresco-community/tomcat/temp
Using JRE_HOME:        /opt/alfresco-community/java
Using CLASSPATH:       /opt/alfresco-community/tomcat/bin/bootstrap.jar:/opt/alfresco-community/tomcat/bin/tomcat-juli.jar
Using CATALINA_PID:    /opt/alfresco-community/tomcat/temp/catalina.pid
Tomcat started.
/opt/alfresco-community/tomcat/scripts/ctl.sh : tomcat started

Since the installer also added a startup service, you can also start the application.

sudo systemctl start alfresco

Enable the Alfresco service to automatically start at boot time and failures.

sudo systemctl enable alfresco

By default, Alfresco starts the Tomcat web server to serve the application on the port 8080. To check if the Alfresco server is working, allow the required port 8080 through the system firewall.

sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent
sudo firewall-cmd --reload

Open your favorite browser and go to http://192.168.0.1:8080/share, you will see the Alfresco landing page.

Configure Reverse Proxy

By default, Alfresco's Tomcat server listens to the port 8080. In this tutorial, we will use Nginx as the reverse proxy so that the application can be accessed via standard HTTP and HTTPS ports. We will also configure Nginx to use an SSL generated with Let's Encrypt free SSL.

Install the Nginx web server.

sudo yum -y install nginx

Start the web server and enable it to automatically start at boot time.

sudo systemctl start nginx
sudo systemctl enable nginx

Install Certbot, which is a client application for Let's Encrypt CA.

sudo yum -y install certbot

Before you can request the certificates, you will need to allow the ports 80 and 443 through the firewall. Also, remove the port 8080 from the list of firewall exceptions as it is no longer required.

sudo firewall-cmd --zone=public --remove-port=8080/tcp --permanent
sudo firewall-cmd --zone=public --add-service=http --permanent
sudo firewall-cmd --zone=public --add-service=https --permanent
sudo firewall-cmd --reload

Note: To obtain certificates from Let's Encrypt CA, the domain for which the certificates are to be generated must be pointed towards the server. If not, make the necessary changes to the DNS records of the domain and wait for the DNS to propagate before making the certificate request again. Certbot checks the domain authority before providing the certificates.

Generate the SSL certificates.

sudo certbot certonly --webroot -w /usr/share/nginx/html -d share.example.com

The generated certificates are likely to be stored in /etc/letsencrypt/live/share.example.com/. Let's Encrypt certificates expire in 90 days, hence it is recommended to set up auto-renewal of the certificates using Cron jobs.

Open the cron job file.

sudo crontab -e

Add the following line at the end of the file.

30 5 * * * /usr/bin/certbot renew --quiet

The above cron job will run every day at 5:30 AM. If the certificate is due for expiry, it will automatically be renewed.

Edit Alfresco's Tomcat server configuration file.

sudo nano /opt/alfresco-community/tomcat/conf/server.xml

Find the following lines.

<Connector port="8080" URIEncoding="UTF-8" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" maxHttpHeaderSize="32768" />

Add the line proxyPort="443" scheme="https" in the above configuration block so that it looks like the block shown below.

<Connector port="8080" URIEncoding="UTF-8" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" maxHttpHeaderSize="32768" 
               proxyPort="443" scheme="https" />

Open the Alfresco default configuration file.

sudo nano /opt/alfresco-community/tomcat/shared/classes/alfresco-global.properties

Find the following lines.

alfresco.context=alfresco
alfresco.host=127.0.0.1
alfresco.port=8080
alfresco.protocol=http

share.context=share
share.host=127.0.0.1
share.port=8080
share.protocol=http

...

system.serverMode=UNKNOWN

Change the above lines according to your system. It should look like what is shown below.

alfresco.context=alfresco
alfresco.host=share.example.com
alfresco.port=443
alfresco.protocol=https

share.context=share
share.host=share.example.com
share.port=443
share.protocol=https

...

system.serverMode=PRODUCTION

Create a new server block file for Alfresco.

sudo nano /etc/nginx/conf.d/share.example.com.conf

Populate the file.

server {
    listen 80;
    server_name share.example.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443;
    server_name share.example.com;

    ssl_certificate           /etc/letsencrypt/live/share.example.com/fullchain.pem;
    ssl_certificate_key       /etc/letsencrypt/live/share.example.com/privkey.pem;

    ssl on;
    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    access_log            /var/log/nginx/alfresco.access.log;
    location / {

           root /opt/alfresco-community/tomcat/webapps/ROOT;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_set_header X-Forwarded-Proto $scheme;
           proxy_set_header Host $http_host;
           proxy_http_version 1.1;
           proxy_pass http://localhost:8080;
           proxy_redirect default;
    }

    location /share/ {
           root /opt/alfresco-community/tomcat/webapps/share/;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_set_header X-Forwarded-Proto $scheme;
           proxy_set_header Host $http_host;
           proxy_http_version 1.1;
           proxy_pass http://localhost:8080/share/;
           proxy_redirect http:// https://;
    }

    location /alfresco/ {
           root /opt/alfresco-community/tomcat/webapps/alfresco/;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_set_header X-Forwarded-Proto $scheme;
           proxy_set_header Host $http_host;
           proxy_http_version 1.1;
           proxy_pass http://localhost:8080/alfresco/;
           proxy_redirect http:// https://;
    }
}

Restart the web server and Alfresco service so that the changes in the configuration can take effect.

sudo systemctl restart nginx alfresco

Alfresco is now installed and configured on your server, access the Alfresco modules at the following address.

https://share.example.com/alfresco

To access the Alfresco share services, visit the following address.

https://share.example.com/share

Log in using the initial administrator account, admin and the password you have chosen during installation.

Congratulations, Alfresco community edition is now installed on your server.