SlideShare ist ein Scribd-Unternehmen logo

Alfresco Transform Services 4.0.0

Angel Borroy López
Angel Borroy López

This deck includes a description of the Transform Service available for Alfresco 7.4.0. Secure configuration sample, relying on mTLS, is also discussed.

Software
1 von 30
Downloaden Sie, um offline zu lesen
Transform Services & Repository
Transform Services & Repository Components • Transform Core (AIO) • Single-step transformations via HTTP • Individual T-Engines can be also deployed independently • Transform Router • Multi-step transformations with pipelines and failover mechanism via Messaging (ActiveMQ) • Shared File Store • Filesystem repository via HTTP
Transform Services & Repository Community Transform Core AIO LibreOffice ImageMagick PDF Renderer Tika Misc Alfresco Repository Transform Service SYNC Custom local.transform.service.enabled=true
Transform Services & Repository Transform Core AIO (Community) • Spring Boot App • HTTP services • Configuration GET transform/config • Transform POST / • Test Page GET / • Log GET /log • Live GET /live • Ready GET /ready • Synchronous • Unique option for Alfresco Community deployments Transform Core AIO
Transform Services & Repository Enterprise Shared File Store Transform Router Transform Core AIO ActiveMQ Alfresco Repository Transform Service SYNC ASYNC ASYNC LibreOffice ImageMagick PDF Renderer Tika Misc Custom DTE AIS SYNC (config) SYNC ASYNC SYNC transform.service.enabled=true
Transform Services & Repository Transform Core AIO (Enterprise) • Spring Boot App • HTTP services • Synchronous • Configuration, some Share actions and Text extraction (Solr) • Messaging services (ActiveMQ) • Asynchronous • Requests queue: org.alfresco.transform.t-request.acs • Replies queue: org.alfresco.transform.engine.t-reply.acs Transform Core AIO
Transform Services & Repository Transform Engines • LibreOffice Office Documents including Microsoft formats • ImageMagick Images and thumbnails • PDF Renderer Generate PNG of first page from a PDF document • Tika Compressed files and metadata extraction • Misc HTML, iWorks, EML, XML, Markdown, source code… • DTE (Document Transformation Engine): Word, Excel and PowerPoint • AIS (Alfresco Intelligence Services): Enrichment of content metadata • Custom Transformation and enrichment for additional formats Transform Core AIO Out of the Box Paid Modules Dev
Transform Router Transform Services & Repository Transform Router • Spring Boot App • Retrying policy • Max retries (3 by default) • Timeout (10 secs by default) • Types of Transformers • Single-step • Pipeline • Error handling • 400 BAD REQUEST • Invalid JSON • Invalid values • Unsupported transformation • 403 FORBIDDEN • mTLS fails due to wrong client certificate • 500 INTERNAL SERVER ERROR
Shared File Store Transform Services & Repository Shared File Store • Spring Boot App • HTTP service wrapping a shared filesystem • A place to store and retrieve files from different services (like ACS and ATS) • Configuration • scheduler.content.age.millis 86400000 Content retention period • scheduler.cleanup.interval 86400000 Cleanup Scheduler interval
Transform Services & Repository Configuration Described in T-Engines as JSON files • libreoffice_engine_config.json • imagemagick_engine_config.json • misc_engine_config.json • pdfrenderer_engine_config.json • tika_engine_config.json { "transformOptions": { "metadataOptions": [ {"value": {"name": "extractMapping"}} ] }, "transformers": [ { "transformerName": "Tika", "supportedSourceAndTargetList": [ { "sourceMediaType": "application/pdf", "maxSourceSizeBytes": 26214400, "priority": 55, "targetMediaType": "text/plain"}, ], "transformOptions": [ "metadataOptions" ] } ] }
Transform Services & Repository Configuration changes External JSON file configured as environment variable TRANSFORM_CONFIG_FILE_<NAME> • Add • Override • Removal • Default values modification { "addSupported": [ { "transformerName": "Archive", "sourceMediaType": "application/zip", "targetMediaType": "text/csv", "priority": 60, "maxSourceSizeBytes": 18874368 } ] } https://github.com/aborroy/alfresco-transform-service-3.0.0#changing-default-configuration
Transform Services & Repository Creating a new T-Engine • Maven <parent> <groupId>org.alfresco</groupId> <artifactId>alfresco-transform-core</artifactId> <version>3.0.0</version> </parent> <dependencies> <dependency> <groupId>org.alfresco</groupId> <artifactId>alfresco-base-t-engine</artifactId> <version>3.0.0</version> </dependency> </dependencies> • Java • org.alfresco.transform.base.TransformEngine to provide basic information about the Engine and the Transform pipelines • org.alfresco.transform.base.CustomTransformer to implement the transformation operation https://github.com/aborroy/alfresco-transform-service-3.0.0/tree/main/pandoc-t-engine
Transform Services & Repository Creating a new T-Engine • Define pipelines { "transformers": [ { "transformerName": "markdown", "supportedSourceAndTargetList": [ {"sourceMediaType": "text/markdown", "targetMediaType": "application/pdf" }, {"sourceMediaType": "text/x-markdown", "targetMediaType": "application/pdf" } ] }, { "transformerName": "latex", "supportedSourceAndTargetList": [ {"sourceMediaType": "application/x-tex", "targetMediaType": "application/pdf" } ] } ] }
Transform Services & Repository Creating a new T-Engine • Create the Dockerfile FROM pandoc/core:latest-ubuntu COPY target/pandoc-t-engine.jar /usr/bin EXPOSE 8090 USER ${USERNAME} ENTRYPOINT java $JAVA_OPTS -jar /usr/bin/pandoc-t-engine.jar
Transform Services & Repository Creating a new T-Engine • Deployment in Docker Compose services: alfresco: image: alfresco/alfresco-content-repository-community:7.4.0 environment: JAVA_OPTS: >- -DlocalTransform.pandoc.url=http://transform-pandoc:8090/ transform-pandoc: image: alfresco/pandoc-t-engine:latest ports: - 8096:8090
Transform Services & Repository Resources usage and logging level transform-core-aio: image: alfresco/alfresco-transform-core-aio:3.0.0 environment: JAVA_OPTS: " -Dserver.tomcat.threads.min=4 -Dserver.tomcat.threads.max=12 -Dlogging.level.org.alfresco.transform.common.TransformerDebug=ERROR "
Transform Services & Repository Scaling up https://github.com/aborroy/acs-transform-cluster Community Enterprise
Secure Communications & Settings
Secure Communications & Settings • From ACS 7.4, mTLS communication between Transform Service and Repository is supported • Alfresco SSL Generator tool has been updated to produce required keystore and truststore files • Generate a self-signed CA* • Generate certificates, keystores and truststores for Repository & Transform $ ./run_additional.sh -servicename transform-core-aio -rootcapass kT9X6oe68t -keysize 2048 -keystoretype PKCS12 -keystorepass kT9X6oe68t -truststoretype PKCS12 -truststorepass kT9X6oe68t -certdname "/C=GB/ST=UK/L=Maidenhead/O=Alfresco Software Ltd./OU=Unknown/CN=Transform Core AIO" -servername transform-core-aio -alfrescoformat current • Apply configuration settings for properties and keystores * You may use your own software or PKI infrastructure to create CA and certificates, but configuration related to keystore type and certificate alias should be followed as described by Alfresco SSL Generator
Secure Communications & Settings https://github.com/aborroy/alfresco-secure-connection Community
Community – Repository alfresco: environment: JAVA_TOOL_OPTIONS: >- -Dencryption.ssl.keystore.type=PKCS12 -Dencryption.ssl.keystore.location=/usr/local/tomcat/alfresco.keystore -Dssl-keystore.password=kT9X6oe68t -Dencryption.ssl.truststore.type=PKCS12 -Dencryption.ssl.truststore.location=/usr/local/tomcat/alfresco.truststore -Dssl-truststore.password=kT9X6oe68t JAVA_OPTS: >- -DlocalTransform.core-aio.url=https://transform-core-aio:8090/ -Dhttpclient.config.transform.mTLSEnabled=true -Dhttpclient.config.transform.hostnameVerificationDisabled=true -Djdk.tls.client.protocols=TLSv1.2 volumes: - ./keystore/alfresco/alfresco.keystore:/usr/local/tomcat/alfresco.keystore - ./keystore/alfresco/alfresco.truststore:/usr/local/tomcat/alfresco.truststore Secure Communications & Settings Alfresco SSL Generator
Secure Communications & Settings Community – Transform Service transform-core-aio: environment: SERVER_SSL_ENABLED: "true" SERVER_SSL_CLIENT_AUTH: "need" SERVER_SSL_ENABLED_PROTOCOLS: "TLSv1.2" SERVER_SSL_KEY_PASSWORD: "kT9X6oe68t" SERVER_SSL_KEY_STORE: "file:/transform-core-aio.keystore" SERVER_SSL_KEY_STORE_PASSWORD: "kT9X6oe68t" SERVER_SSL_KEY_STORE_TYPE: "PKCS12" SERVER_SSL_TRUST_STORE: "file:/transform-core-aio.truststore" SERVER_SSL_TRUST_STORE_PASSWORD: "kT9X6oe68t" SERVER_SSL_TRUST_STORE_TYPE: "PKCS12" volumes: - ./keystore/tengineAIO/transform-core-aio.keystore:/transform-core-aio.keystore - ./keystore/tengineAIO/transform-core-aio.truststore:/transform-core-aio.truststore Alfresco SSL Generator
Secure Communications & Settings Enterprise Shared File Store Transform Router Transform Core AIO Alfresco Repository Transform Service mTLS LibreOffice ImageMagick PDF Renderer Tika Misc Custom DTE AIS mTLS mTLS mTLS mTLS
Enterprise – Repository alfresco: environment: JAVA_TOOL_OPTIONS: >- -Dencryption.ssl.keystore.type=PKCS12 -Dencryption.ssl.keystore.location=/usr/local/tomcat/alfresco.keystore -Dssl-keystore.password=kT9X6oe68t -Dencryption.ssl.truststore.type=PKCS12 -Dencryption.ssl.truststore.location=/usr/local/tomcat/alfresco.truststore -Dssl-truststore.password=kT9X6oe68t JAVA_OPTS: >- -Dtransform.service.enabled=true -Dtransform.service.url=https://transform-router:8095 -DlocalTransform.core-aio.url=https://transform-core-aio:8090/ -Dsfs.url=https://shared-file-store:8099/ -Dhttpclient.config.transform.mTLSEnabled=true -Dhttpclient.config.transform.hostnameVerificationDisabled=true -Djdk.tls.client.protocols=TLSv1.2 volumes: - ./keystore/alfresco/alfresco.keystore:/usr/local/tomcat/alfresco.keystore - ./keystore/alfresco/alfresco.truststore:/usr/local/tomcat/alfresco.truststore Secure Communications & Settings Alfresco SSL Generator
Secure Communications & Settings Enterprise – Transform Router transform-router: environment: CORE_AIO_URL: https://transform-core-aio:8090 FILE_STORE_URL: https://shared-file-store:8099/alfresco/api/-default-/private/sfs/versions/1/file SERVER_SSL_ENABLED: "true" SERVER_SSL_CLIENT_AUTH: "need" SERVER_SSL_ENABLED_PROTOCOLS: "TLSv1.2" SERVER_SSL_KEY_PASSWORD: "password" SERVER_SSL_KEY_STORE: "file:/transformRouter.keystore" SERVER_SSL_KEY_STORE_PASSWORD: "password" SERVER_SSL_KEY_STORE_TYPE: "PKCS12" SERVER_SSL_TRUST_STORE: "file:/transformRouter.truststore" SERVER_SSL_TRUST_STORE_PASSWORD: "password" SERVER_SSL_TRUST_STORE_TYPE: "PKCS12" CLIENT_SSL_KEY_STORE: "file:/transformRouter.keystore" CLIENT_SSL_KEY_STORE_PASSWORD: "password" CLIENT_SSL_KEY_STORE_TYPE: "PKCS12" CLIENT_SSL_TRUST_STORE: "file:/transformRouter.truststore" CLIENT_SSL_TRUST_STORE_PASSWORD: "password" CLIENT_SSL_TRUST_STORE_TYPE: "PKCS12" CLIENT_SSL_HOSTNAME_VERIFICATION_DISABLED: true volumes: - ./keystore/transformRouter/transformRouter.truststore:/transformRouter.truststore - ./keystore/transformRouter/transformRouter.keystore:/transformRouter.keystore Alfresco SSL Generator
Secure Communications & Settings Enterprise – Transform Core transform-core-aio: environment: FILE_STORE_URL: >- https://shared-file-store:8099/alfresco/api/-default-/private/sfs/versions/1/file SERVER_SSL_ENABLED: "true" SERVER_SSL_CLIENT_AUTH: "need" SERVER_SSL_ENABLED_PROTOCOLS: "TLSv1.2" SERVER_SSL_KEY_PASSWORD: "password" SERVER_SSL_KEY_STORE: "file:/tengineAIO.keystore" SERVER_SSL_KEY_STORE_PASSWORD: "password" SERVER_SSL_KEY_STORE_TYPE: "PKCS12" SERVER_SSL_TRUST_STORE: "file:/tengineAIO.truststore" SERVER_SSL_TRUST_STORE_PASSWORD: "password" SERVER_SSL_TRUST_STORE_TYPE: "PKCS12" CLIENT_SSL_KEY_STORE: "file:/tengineAIO.keystore" CLIENT_SSL_KEY_STORE_PASSWORD: "password" CLIENT_SSL_KEY_STORE_TYPE: "PKCS12" CLIENT_SSL_TRUST_STORE: "file:/tengineAIO.truststore" CLIENT_SSL_TRUST_STORE_PASSWORD: "password" CLIENT_SSL_TRUST_STORE_TYPE: "PKCS12" CLIENT_SSL_HOSTNAME_VERIFICATION_DISABLED: true volumes: - ./keystore/tengineAIO/tengineAIO.truststore:/tengineAIO.truststore - ./keystore/tengineAIO/tengineAIO.keystore:/tengineAIO.keystore Alfresco SSL Generator
Secure Communications & Settings Enterprise – Shared File Store shared-file-store: environment: SERVER_SSL_ENABLED: "true" SERVER_SSL_CLIENT_AUTH: "need" SERVER_SSL_ENABLED_PROTOCOLS: "TLSv1.2" SERVER_SSL_KEY_PASSWORD: "password" SERVER_SSL_KEY_STORE: "file:/sharedFileStore.keystore" SERVER_SSL_KEY_STORE_PASSWORD: "password" SERVER_SSL_KEY_STORE_TYPE: "PKCS12" SERVER_SSL_TRUST_STORE: "file:/sharedFileStore.truststore" SERVER_SSL_TRUST_STORE_PASSWORD: "password" SERVER_SSL_TRUST_STORE_TYPE: "PKCS12" CLIENT_SSL_KEY_STORE: "file:/sharedFileStore.keystore" CLIENT_SSL_KEY_STORE_PASSWORD: "password" CLIENT_SSL_KEY_STORE_TYPE: "PKCS12" CLIENT_SSL_TRUST_STORE: "file:/sharedFileStore.truststore" CLIENT_SSL_TRUST_STORE_PASSWORD: "password" CLIENT_SSL_TRUST_STORE_TYPE: "PKCS12" CLIENT_SSL_HOSTNAME_VERIFICATION_DISABLED: true volumes: - ./keystore/sharedFileStore/sharedFileStore.truststore:/sharedFileStore.truststore - ./keystore/sharedFileStore/sharedFileStore.keystore:/sharedFileStore.keystore Alfresco SSL Generator
Tips & Tricks
Tips & Tricks TLS • Use TLSv1.3 where available • When using TLSv1.2, restrict accepted algorithms to • AES-128 with SHA-256 • AES-256 with SHA-384 • The use of SSL, TLSv1.0 and TLSv1.1 is severely discouraged Keystores • Use PKCS#12 keystore and truststore types • P#12 keystores built with OpenSSL don’t work with Java, using keytool is required * Keys • Use at least 2048 bits for RSA keys * https://angelborroy.wordpress.com/2022/08/12/building-a-custom-pkcs12-truststore-for-java/
Alfresco Transform Services 4.0.0

Empfohlen

Alfresco Certificates
Alfresco Certificates Alfresco Certificates
Alfresco Certificates
Angel Borroy López
 
Alfresco Backup and Disaster Recovery White Paper
Alfresco Backup and Disaster Recovery White PaperAlfresco Backup and Disaster Recovery White Paper
Alfresco Backup and Disaster Recovery White Paper
Toni de la Fuente
 
Alfresco Security Best Practices Guide
Alfresco Security Best Practices GuideAlfresco Security Best Practices Guide
Alfresco Security Best Practices Guide
Toni de la Fuente
 
From zero to hero Backing up alfresco
From zero to hero Backing up alfrescoFrom zero to hero Backing up alfresco
From zero to hero Backing up alfresco
Toni de la Fuente
 
Alfresco 5.2 REST API
Alfresco 5.2 REST APIAlfresco 5.2 REST API
Alfresco 5.2 REST API
J V
 
How to migrate from Alfresco Search Services to Alfresco SearchEnterprise
How to migrate from Alfresco Search Services to Alfresco SearchEnterpriseHow to migrate from Alfresco Search Services to Alfresco SearchEnterprise
How to migrate from Alfresco Search Services to Alfresco SearchEnterprise
Angel Borroy López
 
Collaborative Editing Tools for Alfresco
Collaborative Editing Tools for AlfrescoCollaborative Editing Tools for Alfresco
Collaborative Editing Tools for Alfresco
Angel Borroy López
 
Alfresco DevCon 2019 - Alfresco Identity Services in Action
Alfresco DevCon 2019 - Alfresco Identity Services in ActionAlfresco DevCon 2019 - Alfresco Identity Services in Action
Alfresco DevCon 2019 - Alfresco Identity Services in Action
Francesco Corti
 

Empfohlen

Alfresco Certificates
Alfresco Certificates Alfresco Certificates
Alfresco Certificates
Angel Borroy López
 
Alfresco Backup and Disaster Recovery White Paper
Alfresco Backup and Disaster Recovery White PaperAlfresco Backup and Disaster Recovery White Paper
Alfresco Backup and Disaster Recovery White Paper
Toni de la Fuente
 
Alfresco Security Best Practices Guide
Alfresco Security Best Practices GuideAlfresco Security Best Practices Guide
Alfresco Security Best Practices Guide
Toni de la Fuente
 
From zero to hero Backing up alfresco
From zero to hero Backing up alfrescoFrom zero to hero Backing up alfresco
From zero to hero Backing up alfresco
Toni de la Fuente
 
Alfresco 5.2 REST API
Alfresco 5.2 REST APIAlfresco 5.2 REST API
Alfresco 5.2 REST API
J V
 
How to migrate from Alfresco Search Services to Alfresco SearchEnterprise
How to migrate from Alfresco Search Services to Alfresco SearchEnterpriseHow to migrate from Alfresco Search Services to Alfresco SearchEnterprise
How to migrate from Alfresco Search Services to Alfresco SearchEnterprise
Angel Borroy López
 
Collaborative Editing Tools for Alfresco
Collaborative Editing Tools for AlfrescoCollaborative Editing Tools for Alfresco
Collaborative Editing Tools for Alfresco
Angel Borroy López
 
Alfresco DevCon 2019 - Alfresco Identity Services in Action
Alfresco DevCon 2019 - Alfresco Identity Services in ActionAlfresco DevCon 2019 - Alfresco Identity Services in Action
Alfresco DevCon 2019 - Alfresco Identity Services in Action
Francesco Corti
 
Introduction to Return-Oriented Exploitation on ARM64 - Billy Ellis
Introduction to Return-Oriented Exploitation on ARM64 - Billy EllisIntroduction to Return-Oriented Exploitation on ARM64 - Billy Ellis
Introduction to Return-Oriented Exploitation on ARM64 - Billy Ellis
BillyEllis3
 
Getting Started with CMIS
Getting Started with CMISGetting Started with CMIS
Getting Started with CMIS
Jeff Potts
 
Moving From Actions & Behaviors to Microservices
Moving From Actions & Behaviors to MicroservicesMoving From Actions & Behaviors to Microservices
Moving From Actions & Behaviors to Microservices
Jeff Potts
 
Terraform Modules and Continuous Deployment
Terraform Modules and Continuous DeploymentTerraform Modules and Continuous Deployment
Terraform Modules and Continuous Deployment
Zane Williamson
 
Alfresco Security Best Practices 2014
Alfresco Security Best Practices 2014Alfresco Security Best Practices 2014
Alfresco Security Best Practices 2014
Toni de la Fuente
 
Alfresco CMIS
Alfresco CMISAlfresco CMIS
Alfresco CMIS
Alfresco Software
 
CORS - Enable Alfresco for CORS
CORS - Enable Alfresco for CORSCORS - Enable Alfresco for CORS
CORS - Enable Alfresco for CORS
Jared Ottley
 
Alfresco Transform Service DevCon 2019
Alfresco Transform Service DevCon 2019Alfresco Transform Service DevCon 2019
Alfresco Transform Service DevCon 2019
J V
 
Alfresco tuning part1
Alfresco tuning part1Alfresco tuning part1
Alfresco tuning part1
Luis Cabaceira
 
Alfresco tuning part2
Alfresco tuning part2Alfresco tuning part2
Alfresco tuning part2
Luis Cabaceira
 
CUST-10 Customizing the Upload File(s) dialog in Alfresco Share
CUST-10 Customizing the Upload File(s) dialog in Alfresco ShareCUST-10 Customizing the Upload File(s) dialog in Alfresco Share
CUST-10 Customizing the Upload File(s) dialog in Alfresco Share
Alfresco Software
 
Final terraform
Final terraformFinal terraform
Final terraform
Gourav Varma
 
Scale your Alfresco Solutions
Scale your Alfresco Solutions Scale your Alfresco Solutions
Scale your Alfresco Solutions
Alfresco Software
 
No Docker? No Problem: Automating installation and config with Ansible
No Docker? No Problem: Automating installation and config with AnsibleNo Docker? No Problem: Automating installation and config with Ansible
No Docker? No Problem: Automating installation and config with Ansible
Jeff Potts
 
Scouter와 influx db – grafana 연동 가이드
Scouter와 influx db – grafana 연동 가이드Scouter와 influx db – grafana 연동 가이드
Scouter와 influx db – grafana 연동 가이드
Ji-Woong Choi
 
Alfresco y SOLR, presentación en español
Alfresco y SOLR, presentación en españolAlfresco y SOLR, presentación en español
Alfresco y SOLR, presentación en español
Toni de la Fuente
 
Alfresco : Implementing Membership and Security
Alfresco : Implementing Membership and Security Alfresco : Implementing Membership and Security
Alfresco : Implementing Membership and Security
Wildan Maulana
 
Docker, Konteyner Teknolojisi Nedir? Docker Güvenliği Nasıl Sağlanır?
Docker, Konteyner Teknolojisi Nedir? Docker Güvenliği Nasıl Sağlanır?Docker, Konteyner Teknolojisi Nedir? Docker Güvenliği Nasıl Sağlanır?
Docker, Konteyner Teknolojisi Nedir? Docker Güvenliği Nasıl Sağlanır?
BGA Cyber Security
 
Alfresco devcon 2019: How to track user activities without using the audit fu...
Alfresco devcon 2019: How to track user activities without using the audit fu...Alfresco devcon 2019: How to track user activities without using the audit fu...
Alfresco devcon 2019: How to track user activities without using the audit fu...
konok
 
NGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA BroadcastNGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA Broadcast
NGINX, Inc.
 
Otimizando servidores web
Otimizando servidores webOtimizando servidores web
Otimizando servidores web
Amazon Web Services LATAM
 
Introduction of Tomcat
Introduction of TomcatIntroduction of Tomcat
Introduction of Tomcat
Debashis Nath
 

Weitere ähnliche Inhalte

Was ist angesagt?

Moving From Actions & Behaviors to Microservices
Moving From Actions & Behaviors to MicroservicesMoving From Actions & Behaviors to Microservices
Moving From Actions & Behaviors to Microservices
Jeff Potts
 
CUST-10 Customizing the Upload File(s) dialog in Alfresco Share
CUST-10 Customizing the Upload File(s) dialog in Alfresco ShareCUST-10 Customizing the Upload File(s) dialog in Alfresco Share
CUST-10 Customizing the Upload File(s) dialog in Alfresco Share
Alfresco Software
 
Alfresco : Implementing Membership and Security
Alfresco : Implementing Membership and Security Alfresco : Implementing Membership and Security
Alfresco : Implementing Membership and Security
Wildan Maulana
 

Was ist angesagt? (20)

Introduction to Return-Oriented Exploitation on ARM64 - Billy Ellis
Introduction to Return-Oriented Exploitation on ARM64 - Billy EllisIntroduction to Return-Oriented Exploitation on ARM64 - Billy Ellis
Introduction to Return-Oriented Exploitation on ARM64 - Billy Ellis
 
Getting Started with CMIS
Getting Started with CMISGetting Started with CMIS
Getting Started with CMIS
 
Moving From Actions & Behaviors to Microservices
Moving From Actions & Behaviors to MicroservicesMoving From Actions & Behaviors to Microservices
Moving From Actions & Behaviors to Microservices
 
Terraform Modules and Continuous Deployment
Terraform Modules and Continuous DeploymentTerraform Modules and Continuous Deployment
Terraform Modules and Continuous Deployment
 
Alfresco Security Best Practices 2014
Alfresco Security Best Practices 2014Alfresco Security Best Practices 2014
Alfresco Security Best Practices 2014
 
Alfresco CMIS
Alfresco CMISAlfresco CMIS
Alfresco CMIS
 
CORS - Enable Alfresco for CORS
CORS - Enable Alfresco for CORSCORS - Enable Alfresco for CORS
CORS - Enable Alfresco for CORS
 
Alfresco Transform Service DevCon 2019
Alfresco Transform Service DevCon 2019Alfresco Transform Service DevCon 2019
Alfresco Transform Service DevCon 2019
 
Alfresco tuning part1
Alfresco tuning part1Alfresco tuning part1
Alfresco tuning part1
 
Alfresco tuning part2
Alfresco tuning part2Alfresco tuning part2
Alfresco tuning part2
 
CUST-10 Customizing the Upload File(s) dialog in Alfresco Share
CUST-10 Customizing the Upload File(s) dialog in Alfresco ShareCUST-10 Customizing the Upload File(s) dialog in Alfresco Share
CUST-10 Customizing the Upload File(s) dialog in Alfresco Share
 
Final terraform
Final terraformFinal terraform
Final terraform
 
Scale your Alfresco Solutions
Scale your Alfresco Solutions Scale your Alfresco Solutions
Scale your Alfresco Solutions
 
No Docker? No Problem: Automating installation and config with Ansible
No Docker? No Problem: Automating installation and config with AnsibleNo Docker? No Problem: Automating installation and config with Ansible
No Docker? No Problem: Automating installation and config with Ansible
 
Scouter와 influx db – grafana 연동 가이드
Scouter와 influx db – grafana 연동 가이드Scouter와 influx db – grafana 연동 가이드
Scouter와 influx db – grafana 연동 가이드
 
Alfresco y SOLR, presentación en español
Alfresco y SOLR, presentación en españolAlfresco y SOLR, presentación en español
Alfresco y SOLR, presentación en español
 
Alfresco : Implementing Membership and Security
Alfresco : Implementing Membership and Security Alfresco : Implementing Membership and Security
Alfresco : Implementing Membership and Security
 
Docker, Konteyner Teknolojisi Nedir? Docker Güvenliği Nasıl Sağlanır?
Docker, Konteyner Teknolojisi Nedir? Docker Güvenliği Nasıl Sağlanır?Docker, Konteyner Teknolojisi Nedir? Docker Güvenliği Nasıl Sağlanır?
Docker, Konteyner Teknolojisi Nedir? Docker Güvenliği Nasıl Sağlanır?
 
Alfresco devcon 2019: How to track user activities without using the audit fu...
Alfresco devcon 2019: How to track user activities without using the audit fu...Alfresco devcon 2019: How to track user activities without using the audit fu...
Alfresco devcon 2019: How to track user activities without using the audit fu...
 
NGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA BroadcastNGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA Broadcast
 

Ähnlich wie Alfresco Transform Services 4.0.0

Rails Request & Middlewares
Rails Request & MiddlewaresRails Request & Middlewares
Rails Request & Middlewares
Santosh Wadghule
 
Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...
Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...
Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...
J V
 
(DVO308) Docker & ECS in Production: How We Migrated Our Infrastructure from ...
(DVO308) Docker & ECS in Production: How We Migrated Our Infrastructure from ...(DVO308) Docker & ECS in Production: How We Migrated Our Infrastructure from ...
(DVO308) Docker & ECS in Production: How We Migrated Our Infrastructure from ...
Amazon Web Services
 

Ähnlich wie Alfresco Transform Services 4.0.0 (20)

Otimizando servidores web
Otimizando servidores webOtimizando servidores web
Otimizando servidores web
 
Introduction of Tomcat
Introduction of TomcatIntroduction of Tomcat
Introduction of Tomcat
 
Year in Review: Perforce 2014 Product Updates
Year in Review: Perforce 2014 Product UpdatesYear in Review: Perforce 2014 Product Updates
Year in Review: Perforce 2014 Product Updates
 
Rails Request & Middlewares
Rails Request & MiddlewaresRails Request & Middlewares
Rails Request & Middlewares
 
StackMate - CloudFormation for CloudStack
StackMate - CloudFormation for CloudStackStackMate - CloudFormation for CloudStack
StackMate - CloudFormation for CloudStack
 
Mule overview
Mule overviewMule overview
Mule overview
 
App fabric introduction
App fabric introductionApp fabric introduction
App fabric introduction
 
Deploying and Managing PowerPivot for SharePoint
Deploying and Managing PowerPivot for SharePointDeploying and Managing PowerPivot for SharePoint
Deploying and Managing PowerPivot for SharePoint
 
Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...
Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...
Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...
 
DEVNET-1128 Cisco Intercloud Fabric NB Api's for Business & Providers
DEVNET-1128 Cisco Intercloud Fabric NB Api's for Business & ProvidersDEVNET-1128 Cisco Intercloud Fabric NB Api's for Business & Providers
DEVNET-1128 Cisco Intercloud Fabric NB Api's for Business & Providers
 
Developer’s intro to the alfresco platform
Developer’s intro to the alfresco platformDeveloper’s intro to the alfresco platform
Developer’s intro to the alfresco platform
 
Migrate from Oracle to Aurora PostgreSQL: Best Practices, Design Patterns, & ...
Migrate from Oracle to Aurora PostgreSQL: Best Practices, Design Patterns, & ...Migrate from Oracle to Aurora PostgreSQL: Best Practices, Design Patterns, & ...
Migrate from Oracle to Aurora PostgreSQL: Best Practices, Design Patterns, & ...
 
Migrating from Pivotal tc Server on-prem to IBM Liberty in the cloud
Migrating from Pivotal tc Server on-prem to IBM Liberty in the cloudMigrating from Pivotal tc Server on-prem to IBM Liberty in the cloud
Migrating from Pivotal tc Server on-prem to IBM Liberty in the cloud
 
(ATS6-PLAT04) Query service
(ATS6-PLAT04) Query service (ATS6-PLAT04) Query service
(ATS6-PLAT04) Query service
 
TOMCAT WEB SERVER TECHNICAL BY SAIKIRAN PANJALA
TOMCAT WEB SERVER TECHNICAL BY SAIKIRAN PANJALATOMCAT WEB SERVER TECHNICAL BY SAIKIRAN PANJALA
TOMCAT WEB SERVER TECHNICAL BY SAIKIRAN PANJALA
 
WAF deployment
WAF deploymentWAF deployment
WAF deployment
 
Coherence sig-nfr-web-tier-scaling-using-coherence-web
Coherence sig-nfr-web-tier-scaling-using-coherence-webCoherence sig-nfr-web-tier-scaling-using-coherence-web
Coherence sig-nfr-web-tier-scaling-using-coherence-web
 
(DVO308) Docker & ECS in Production: How We Migrated Our Infrastructure from ...
(DVO308) Docker & ECS in Production: How We Migrated Our Infrastructure from ...(DVO308) Docker & ECS in Production: How We Migrated Our Infrastructure from ...
(DVO308) Docker & ECS in Production: How We Migrated Our Infrastructure from ...
 
Java-Web-Applications.pdf
Java-Web-Applications.pdfJava-Web-Applications.pdf
Java-Web-Applications.pdf
 
Angular - Chapter 7 - HTTP Services
Angular - Chapter 7 - HTTP ServicesAngular - Chapter 7 - HTTP Services
Angular - Chapter 7 - HTTP Services
 

Mehr von Angel Borroy López

Before & After Docker Init
Before & After Docker InitBefore & After Docker Init
Before & After Docker Init
Angel Borroy López
 
Alfresco search services: Now and Then
Alfresco search services: Now and ThenAlfresco search services: Now and Then
Alfresco search services: Now and Then
Angel Borroy López
 

Mehr von Angel Borroy López (20)

Transitioning from Customized Solr to Out-of-the-Box OpenSearch
Transitioning from Customized Solr to Out-of-the-Box OpenSearchTransitioning from Customized Solr to Out-of-the-Box OpenSearch
Transitioning from Customized Solr to Out-of-the-Box OpenSearch
 
Alfresco integration with OpenSearch - OpenSearchCon 2024 Europe
Alfresco integration with OpenSearch - OpenSearchCon 2024 EuropeAlfresco integration with OpenSearch - OpenSearchCon 2024 Europe
Alfresco integration with OpenSearch - OpenSearchCon 2024 Europe
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
Using Generative AI and Content Service Platforms together
Using Generative AI and Content Service Platforms togetherUsing Generative AI and Content Service Platforms together
Using Generative AI and Content Service Platforms together
 
Enhancing Document-Centric Features with On-Premise Generative AI for Alfresc...
Enhancing Document-Centric Features with On-Premise Generative AI for Alfresc...Enhancing Document-Centric Features with On-Premise Generative AI for Alfresc...
Enhancing Document-Centric Features with On-Premise Generative AI for Alfresc...
 
La Guía Definitiva para una Actualización Exitosa a Alfresco 23.1
La Guía Definitiva para una Actualización Exitosa a Alfresco 23.1La Guía Definitiva para una Actualización Exitosa a Alfresco 23.1
La Guía Definitiva para una Actualización Exitosa a Alfresco 23.1
 
Docker Init with Templates for Alfresco
Docker Init with Templates for AlfrescoDocker Init with Templates for Alfresco
Docker Init with Templates for Alfresco
 
Before & After Docker Init
Before & After Docker InitBefore & After Docker Init
Before & After Docker Init
 
Using Podman with Alfresco
Using Podman with AlfrescoUsing Podman with Alfresco
Using Podman with Alfresco
 
CSP: Evolución de servicios de código abierto en un mundo Cloud Native
CSP: Evolución de servicios de código abierto en un mundo Cloud NativeCSP: Evolución de servicios de código abierto en un mundo Cloud Native
CSP: Evolución de servicios de código abierto en un mundo Cloud Native
 
Alfresco Embedded Activiti Engine
Alfresco Embedded Activiti EngineAlfresco Embedded Activiti Engine
Alfresco Embedded Activiti Engine
 
Alfresco Transform Core 3.0.0
Alfresco Transform Core 3.0.0Alfresco Transform Core 3.0.0
Alfresco Transform Core 3.0.0
 
Desarrollando una Extensión para Docker
Desarrollando una Extensión para DockerDesarrollando una Extensión para Docker
Desarrollando una Extensión para Docker
 
DockerCon 2022 Spanish Room-ONBOARDING.pdf
DockerCon 2022 Spanish Room-ONBOARDING.pdfDockerCon 2022 Spanish Room-ONBOARDING.pdf
DockerCon 2022 Spanish Room-ONBOARDING.pdf
 
Deploying Containerised Open-Source CSP Platforms
Deploying Containerised Open-Source CSP PlatformsDeploying Containerised Open-Source CSP Platforms
Deploying Containerised Open-Source CSP Platforms
 
Introduction to AWS
Introduction to AWSIntroduction to AWS
Introduction to AWS
 
Discovering the 2 in Alfresco Search Services 2.0
Discovering the 2 in Alfresco Search Services 2.0Discovering the 2 in Alfresco Search Services 2.0
Discovering the 2 in Alfresco Search Services 2.0
 
(Re)Indexing Large Repositories in Alfresco
(Re)Indexing Large Repositories in Alfresco(Re)Indexing Large Repositories in Alfresco
(Re)Indexing Large Repositories in Alfresco
 
A Practical Introduction to Apache Solr
A Practical Introduction to Apache SolrA Practical Introduction to Apache Solr
A Practical Introduction to Apache Solr
 
Alfresco search services: Now and Then
Alfresco search services: Now and ThenAlfresco search services: Now and Then
Alfresco search services: Now and Then
 

Kürzlich hochgeladen

Odoo vs Shopify: Why Odoo is Best for Ecommerce Website Builder in 2024
Odoo vs Shopify: Why Odoo is Best for Ecommerce Website Builder in 2024Odoo vs Shopify: Why Odoo is Best for Ecommerce Website Builder in 2024
Odoo vs Shopify: Why Odoo is Best for Ecommerce Website Builder in 2024
Primacy Infotech
 
JustNaik Solution Deck (stage bus sector)
JustNaik Solution Deck (stage bus sector)JustNaik Solution Deck (stage bus sector)
JustNaik Solution Deck (stage bus sector)
Max Lee
 
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)
Gáspár Nagy
 
What is an API Development- Definition, Types, Specifications, Documentation.pdf
What is an API Development- Definition, Types, Specifications, Documentation.pdfWhat is an API Development- Definition, Types, Specifications, Documentation.pdf
What is an API Development- Definition, Types, Specifications, Documentation.pdf
Connect Infosoft Technologies Private Limited
 
Community is Just as Important as Code by Andrea Goulet
Community is Just as Important as Code by Andrea GouletCommunity is Just as Important as Code by Andrea Goulet
Community is Just as Important as Code by Andrea Goulet
Andrea Goulet
 

Kürzlich hochgeladen (20)

Workforce Efficiency with Employee Time Tracking Software.pdf
Workforce Efficiency with Employee Time Tracking Software.pdfWorkforce Efficiency with Employee Time Tracking Software.pdf
Workforce Efficiency with Employee Time Tracking Software.pdf
 
Optimizing Operations by Aligning Resources with Strategic Objectives Using O...
Optimizing Operations by Aligning Resources with Strategic Objectives Using O...Optimizing Operations by Aligning Resources with Strategic Objectives Using O...
Optimizing Operations by Aligning Resources with Strategic Objectives Using O...
 
Food Delivery Business App Development Guide 2024
Food Delivery Business App Development Guide 2024Food Delivery Business App Development Guide 2024
Food Delivery Business App Development Guide 2024
 
Modern binary build systems - PyCon 2024
Modern binary build systems - PyCon 2024Modern binary build systems - PyCon 2024
Modern binary build systems - PyCon 2024
 
Odoo vs Shopify: Why Odoo is Best for Ecommerce Website Builder in 2024
Odoo vs Shopify: Why Odoo is Best for Ecommerce Website Builder in 2024Odoo vs Shopify: Why Odoo is Best for Ecommerce Website Builder in 2024
Odoo vs Shopify: Why Odoo is Best for Ecommerce Website Builder in 2024
 
JustNaik Solution Deck (stage bus sector)
JustNaik Solution Deck (stage bus sector)JustNaik Solution Deck (stage bus sector)
JustNaik Solution Deck (stage bus sector)
 
Automate your OpenSIPS config tests - OpenSIPS Summit 2024
Automate your OpenSIPS config tests - OpenSIPS Summit 2024Automate your OpenSIPS config tests - OpenSIPS Summit 2024
Automate your OpenSIPS config tests - OpenSIPS Summit 2024
 
KLARNA - Language Models and Knowledge Graphs: A Systems Approach
KLARNA - Language Models and Knowledge Graphs: A Systems ApproachKLARNA - Language Models and Knowledge Graphs: A Systems Approach
KLARNA - Language Models and Knowledge Graphs: A Systems Approach
 
What need to be mastered as AI-Powered Java Developers
What need to be mastered as AI-Powered Java DevelopersWhat need to be mastered as AI-Powered Java Developers
What need to be mastered as AI-Powered Java Developers
 
how-to-download-files-safely-from-the-internet.pdf
how-to-download-files-safely-from-the-internet.pdfhow-to-download-files-safely-from-the-internet.pdf
how-to-download-files-safely-from-the-internet.pdf
 
Lessons Learned from Building a Serverless Notifications System.pdf
Lessons Learned from Building a Serverless Notifications System.pdfLessons Learned from Building a Serverless Notifications System.pdf
Lessons Learned from Building a Serverless Notifications System.pdf
 
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)
 
architecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdfarchitecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdf
 
SQL Injection Introduction and Prevention
SQL Injection Introduction and PreventionSQL Injection Introduction and Prevention
SQL Injection Introduction and Prevention
 
Sourcing Success - How to Find a Clothing Manufacturer
Sourcing Success - How to Find a Clothing ManufacturerSourcing Success - How to Find a Clothing Manufacturer
Sourcing Success - How to Find a Clothing Manufacturer
 
Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024
Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024
Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024
 
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...
 
What is an API Development- Definition, Types, Specifications, Documentation.pdf
What is an API Development- Definition, Types, Specifications, Documentation.pdfWhat is an API Development- Definition, Types, Specifications, Documentation.pdf
What is an API Development- Definition, Types, Specifications, Documentation.pdf
 
The Evolution of Web App Testing_ An Ultimate Guide to Future Trends.pdf
The Evolution of Web App Testing_ An Ultimate Guide to Future Trends.pdfThe Evolution of Web App Testing_ An Ultimate Guide to Future Trends.pdf
The Evolution of Web App Testing_ An Ultimate Guide to Future Trends.pdf
 
Community is Just as Important as Code by Andrea Goulet
Community is Just as Important as Code by Andrea GouletCommunity is Just as Important as Code by Andrea Goulet
Community is Just as Important as Code by Andrea Goulet
 

Alfresco Transform Services 4.0.0

  • 1. Transform Services & Repository
  • 2. Transform Services & Repository Components • Transform Core (AIO) • Single-step transformations via HTTP • Individual T-Engines can be also deployed independently • Transform Router • Multi-step transformations with pipelines and failover mechanism via Messaging (ActiveMQ) • Shared File Store • Filesystem repository via HTTP
  • 3. Transform Services & Repository Community Transform Core AIO LibreOffice ImageMagick PDF Renderer Tika Misc Alfresco Repository Transform Service SYNC Custom local.transform.service.enabled=true
  • 4. Transform Services & Repository Transform Core AIO (Community) • Spring Boot App • HTTP services • Configuration GET transform/config • Transform POST / • Test Page GET / • Log GET /log • Live GET /live • Ready GET /ready • Synchronous • Unique option for Alfresco Community deployments Transform Core AIO
  • 5. Transform Services & Repository Enterprise Shared File Store Transform Router Transform Core AIO ActiveMQ Alfresco Repository Transform Service SYNC ASYNC ASYNC LibreOffice ImageMagick PDF Renderer Tika Misc Custom DTE AIS SYNC (config) SYNC ASYNC SYNC transform.service.enabled=true
  • 6. Transform Services & Repository Transform Core AIO (Enterprise) • Spring Boot App • HTTP services • Synchronous • Configuration, some Share actions and Text extraction (Solr) • Messaging services (ActiveMQ) • Asynchronous • Requests queue: org.alfresco.transform.t-request.acs • Replies queue: org.alfresco.transform.engine.t-reply.acs Transform Core AIO
  • 7. Transform Services & Repository Transform Engines • LibreOffice Office Documents including Microsoft formats • ImageMagick Images and thumbnails • PDF Renderer Generate PNG of first page from a PDF document • Tika Compressed files and metadata extraction • Misc HTML, iWorks, EML, XML, Markdown, source code… • DTE (Document Transformation Engine): Word, Excel and PowerPoint • AIS (Alfresco Intelligence Services): Enrichment of content metadata • Custom Transformation and enrichment for additional formats Transform Core AIO Out of the Box Paid Modules Dev
  • 8. Transform Router Transform Services & Repository Transform Router • Spring Boot App • Retrying policy • Max retries (3 by default) • Timeout (10 secs by default) • Types of Transformers • Single-step • Pipeline • Error handling • 400 BAD REQUEST • Invalid JSON • Invalid values • Unsupported transformation • 403 FORBIDDEN • mTLS fails due to wrong client certificate • 500 INTERNAL SERVER ERROR
  • 9. Shared File Store Transform Services & Repository Shared File Store • Spring Boot App • HTTP service wrapping a shared filesystem • A place to store and retrieve files from different services (like ACS and ATS) • Configuration • scheduler.content.age.millis 86400000 Content retention period • scheduler.cleanup.interval 86400000 Cleanup Scheduler interval
  • 10. Transform Services & Repository Configuration Described in T-Engines as JSON files • libreoffice_engine_config.json • imagemagick_engine_config.json • misc_engine_config.json • pdfrenderer_engine_config.json • tika_engine_config.json { "transformOptions": { "metadataOptions": [ {"value": {"name": "extractMapping"}} ] }, "transformers": [ { "transformerName": "Tika", "supportedSourceAndTargetList": [ { "sourceMediaType": "application/pdf", "maxSourceSizeBytes": 26214400, "priority": 55, "targetMediaType": "text/plain"}, ], "transformOptions": [ "metadataOptions" ] } ] }
  • 11. Transform Services & Repository Configuration changes External JSON file configured as environment variable TRANSFORM_CONFIG_FILE_<NAME> • Add • Override • Removal • Default values modification { "addSupported": [ { "transformerName": "Archive", "sourceMediaType": "application/zip", "targetMediaType": "text/csv", "priority": 60, "maxSourceSizeBytes": 18874368 } ] } https://github.com/aborroy/alfresco-transform-service-3.0.0#changing-default-configuration
  • 12. Transform Services & Repository Creating a new T-Engine • Maven <parent> <groupId>org.alfresco</groupId> <artifactId>alfresco-transform-core</artifactId> <version>3.0.0</version> </parent> <dependencies> <dependency> <groupId>org.alfresco</groupId> <artifactId>alfresco-base-t-engine</artifactId> <version>3.0.0</version> </dependency> </dependencies> • Java • org.alfresco.transform.base.TransformEngine to provide basic information about the Engine and the Transform pipelines • org.alfresco.transform.base.CustomTransformer to implement the transformation operation https://github.com/aborroy/alfresco-transform-service-3.0.0/tree/main/pandoc-t-engine
  • 13. Transform Services & Repository Creating a new T-Engine • Define pipelines { "transformers": [ { "transformerName": "markdown", "supportedSourceAndTargetList": [ {"sourceMediaType": "text/markdown", "targetMediaType": "application/pdf" }, {"sourceMediaType": "text/x-markdown", "targetMediaType": "application/pdf" } ] }, { "transformerName": "latex", "supportedSourceAndTargetList": [ {"sourceMediaType": "application/x-tex", "targetMediaType": "application/pdf" } ] } ] }
  • 14. Transform Services & Repository Creating a new T-Engine • Create the Dockerfile FROM pandoc/core:latest-ubuntu COPY target/pandoc-t-engine.jar /usr/bin EXPOSE 8090 USER ${USERNAME} ENTRYPOINT java $JAVA_OPTS -jar /usr/bin/pandoc-t-engine.jar
  • 15. Transform Services & Repository Creating a new T-Engine • Deployment in Docker Compose services: alfresco: image: alfresco/alfresco-content-repository-community:7.4.0 environment: JAVA_OPTS: >- -DlocalTransform.pandoc.url=http://transform-pandoc:8090/ transform-pandoc: image: alfresco/pandoc-t-engine:latest ports: - 8096:8090
  • 16. Transform Services & Repository Resources usage and logging level transform-core-aio: image: alfresco/alfresco-transform-core-aio:3.0.0 environment: JAVA_OPTS: " -Dserver.tomcat.threads.min=4 -Dserver.tomcat.threads.max=12 -Dlogging.level.org.alfresco.transform.common.TransformerDebug=ERROR "
  • 17. Transform Services & Repository Scaling up https://github.com/aborroy/acs-transform-cluster Community Enterprise
  • 19. Secure Communications & Settings • From ACS 7.4, mTLS communication between Transform Service and Repository is supported • Alfresco SSL Generator tool has been updated to produce required keystore and truststore files • Generate a self-signed CA* • Generate certificates, keystores and truststores for Repository & Transform $ ./run_additional.sh -servicename transform-core-aio -rootcapass kT9X6oe68t -keysize 2048 -keystoretype PKCS12 -keystorepass kT9X6oe68t -truststoretype PKCS12 -truststorepass kT9X6oe68t -certdname "/C=GB/ST=UK/L=Maidenhead/O=Alfresco Software Ltd./OU=Unknown/CN=Transform Core AIO" -servername transform-core-aio -alfrescoformat current • Apply configuration settings for properties and keystores * You may use your own software or PKI infrastructure to create CA and certificates, but configuration related to keystore type and certificate alias should be followed as described by Alfresco SSL Generator
  • 20. Secure Communications & Settings https://github.com/aborroy/alfresco-secure-connection Community
  • 21. Community – Repository alfresco: environment: JAVA_TOOL_OPTIONS: >- -Dencryption.ssl.keystore.type=PKCS12 -Dencryption.ssl.keystore.location=/usr/local/tomcat/alfresco.keystore -Dssl-keystore.password=kT9X6oe68t -Dencryption.ssl.truststore.type=PKCS12 -Dencryption.ssl.truststore.location=/usr/local/tomcat/alfresco.truststore -Dssl-truststore.password=kT9X6oe68t JAVA_OPTS: >- -DlocalTransform.core-aio.url=https://transform-core-aio:8090/ -Dhttpclient.config.transform.mTLSEnabled=true -Dhttpclient.config.transform.hostnameVerificationDisabled=true -Djdk.tls.client.protocols=TLSv1.2 volumes: - ./keystore/alfresco/alfresco.keystore:/usr/local/tomcat/alfresco.keystore - ./keystore/alfresco/alfresco.truststore:/usr/local/tomcat/alfresco.truststore Secure Communications & Settings Alfresco SSL Generator
  • 22. Secure Communications & Settings Community – Transform Service transform-core-aio: environment: SERVER_SSL_ENABLED: "true" SERVER_SSL_CLIENT_AUTH: "need" SERVER_SSL_ENABLED_PROTOCOLS: "TLSv1.2" SERVER_SSL_KEY_PASSWORD: "kT9X6oe68t" SERVER_SSL_KEY_STORE: "file:/transform-core-aio.keystore" SERVER_SSL_KEY_STORE_PASSWORD: "kT9X6oe68t" SERVER_SSL_KEY_STORE_TYPE: "PKCS12" SERVER_SSL_TRUST_STORE: "file:/transform-core-aio.truststore" SERVER_SSL_TRUST_STORE_PASSWORD: "kT9X6oe68t" SERVER_SSL_TRUST_STORE_TYPE: "PKCS12" volumes: - ./keystore/tengineAIO/transform-core-aio.keystore:/transform-core-aio.keystore - ./keystore/tengineAIO/transform-core-aio.truststore:/transform-core-aio.truststore Alfresco SSL Generator
  • 23. Secure Communications & Settings Enterprise Shared File Store Transform Router Transform Core AIO Alfresco Repository Transform Service mTLS LibreOffice ImageMagick PDF Renderer Tika Misc Custom DTE AIS mTLS mTLS mTLS mTLS
  • 24. Enterprise – Repository alfresco: environment: JAVA_TOOL_OPTIONS: >- -Dencryption.ssl.keystore.type=PKCS12 -Dencryption.ssl.keystore.location=/usr/local/tomcat/alfresco.keystore -Dssl-keystore.password=kT9X6oe68t -Dencryption.ssl.truststore.type=PKCS12 -Dencryption.ssl.truststore.location=/usr/local/tomcat/alfresco.truststore -Dssl-truststore.password=kT9X6oe68t JAVA_OPTS: >- -Dtransform.service.enabled=true -Dtransform.service.url=https://transform-router:8095 -DlocalTransform.core-aio.url=https://transform-core-aio:8090/ -Dsfs.url=https://shared-file-store:8099/ -Dhttpclient.config.transform.mTLSEnabled=true -Dhttpclient.config.transform.hostnameVerificationDisabled=true -Djdk.tls.client.protocols=TLSv1.2 volumes: - ./keystore/alfresco/alfresco.keystore:/usr/local/tomcat/alfresco.keystore - ./keystore/alfresco/alfresco.truststore:/usr/local/tomcat/alfresco.truststore Secure Communications & Settings Alfresco SSL Generator
  • 25. Secure Communications & Settings Enterprise – Transform Router transform-router: environment: CORE_AIO_URL: https://transform-core-aio:8090 FILE_STORE_URL: https://shared-file-store:8099/alfresco/api/-default-/private/sfs/versions/1/file SERVER_SSL_ENABLED: "true" SERVER_SSL_CLIENT_AUTH: "need" SERVER_SSL_ENABLED_PROTOCOLS: "TLSv1.2" SERVER_SSL_KEY_PASSWORD: "password" SERVER_SSL_KEY_STORE: "file:/transformRouter.keystore" SERVER_SSL_KEY_STORE_PASSWORD: "password" SERVER_SSL_KEY_STORE_TYPE: "PKCS12" SERVER_SSL_TRUST_STORE: "file:/transformRouter.truststore" SERVER_SSL_TRUST_STORE_PASSWORD: "password" SERVER_SSL_TRUST_STORE_TYPE: "PKCS12" CLIENT_SSL_KEY_STORE: "file:/transformRouter.keystore" CLIENT_SSL_KEY_STORE_PASSWORD: "password" CLIENT_SSL_KEY_STORE_TYPE: "PKCS12" CLIENT_SSL_TRUST_STORE: "file:/transformRouter.truststore" CLIENT_SSL_TRUST_STORE_PASSWORD: "password" CLIENT_SSL_TRUST_STORE_TYPE: "PKCS12" CLIENT_SSL_HOSTNAME_VERIFICATION_DISABLED: true volumes: - ./keystore/transformRouter/transformRouter.truststore:/transformRouter.truststore - ./keystore/transformRouter/transformRouter.keystore:/transformRouter.keystore Alfresco SSL Generator
  • 26. Secure Communications & Settings Enterprise – Transform Core transform-core-aio: environment: FILE_STORE_URL: >- https://shared-file-store:8099/alfresco/api/-default-/private/sfs/versions/1/file SERVER_SSL_ENABLED: "true" SERVER_SSL_CLIENT_AUTH: "need" SERVER_SSL_ENABLED_PROTOCOLS: "TLSv1.2" SERVER_SSL_KEY_PASSWORD: "password" SERVER_SSL_KEY_STORE: "file:/tengineAIO.keystore" SERVER_SSL_KEY_STORE_PASSWORD: "password" SERVER_SSL_KEY_STORE_TYPE: "PKCS12" SERVER_SSL_TRUST_STORE: "file:/tengineAIO.truststore" SERVER_SSL_TRUST_STORE_PASSWORD: "password" SERVER_SSL_TRUST_STORE_TYPE: "PKCS12" CLIENT_SSL_KEY_STORE: "file:/tengineAIO.keystore" CLIENT_SSL_KEY_STORE_PASSWORD: "password" CLIENT_SSL_KEY_STORE_TYPE: "PKCS12" CLIENT_SSL_TRUST_STORE: "file:/tengineAIO.truststore" CLIENT_SSL_TRUST_STORE_PASSWORD: "password" CLIENT_SSL_TRUST_STORE_TYPE: "PKCS12" CLIENT_SSL_HOSTNAME_VERIFICATION_DISABLED: true volumes: - ./keystore/tengineAIO/tengineAIO.truststore:/tengineAIO.truststore - ./keystore/tengineAIO/tengineAIO.keystore:/tengineAIO.keystore Alfresco SSL Generator
  • 27. Secure Communications & Settings Enterprise – Shared File Store shared-file-store: environment: SERVER_SSL_ENABLED: "true" SERVER_SSL_CLIENT_AUTH: "need" SERVER_SSL_ENABLED_PROTOCOLS: "TLSv1.2" SERVER_SSL_KEY_PASSWORD: "password" SERVER_SSL_KEY_STORE: "file:/sharedFileStore.keystore" SERVER_SSL_KEY_STORE_PASSWORD: "password" SERVER_SSL_KEY_STORE_TYPE: "PKCS12" SERVER_SSL_TRUST_STORE: "file:/sharedFileStore.truststore" SERVER_SSL_TRUST_STORE_PASSWORD: "password" SERVER_SSL_TRUST_STORE_TYPE: "PKCS12" CLIENT_SSL_KEY_STORE: "file:/sharedFileStore.keystore" CLIENT_SSL_KEY_STORE_PASSWORD: "password" CLIENT_SSL_KEY_STORE_TYPE: "PKCS12" CLIENT_SSL_TRUST_STORE: "file:/sharedFileStore.truststore" CLIENT_SSL_TRUST_STORE_PASSWORD: "password" CLIENT_SSL_TRUST_STORE_TYPE: "PKCS12" CLIENT_SSL_HOSTNAME_VERIFICATION_DISABLED: true volumes: - ./keystore/sharedFileStore/sharedFileStore.truststore:/sharedFileStore.truststore - ./keystore/sharedFileStore/sharedFileStore.keystore:/sharedFileStore.keystore Alfresco SSL Generator
  • 29. Tips & Tricks TLS • Use TLSv1.3 where available • When using TLSv1.2, restrict accepted algorithms to • AES-128 with SHA-256 • AES-256 with SHA-384 • The use of SSL, TLSv1.0 and TLSv1.1 is severely discouraged Keystores • Use PKCS#12 keystore and truststore types • P#12 keystores built with OpenSSL don’t work with Java, using keytool is required * Keys • Use at least 2048 bits for RSA keys * https://angelborroy.wordpress.com/2022/08/12/building-a-custom-pkcs12-truststore-for-java/