Daily Log for #alfresco IRC Channel

Alfresco discussion and collaboration. Stick around a few hours after asking a question.

Official support for Enterprise subscribers: support.alfresco.com.

Joining the Channel:

Join in the conversation by getting an IRC client and connecting to #alfresco at Freenode. Our you can use the IRC web chat.

More information about the channel is in the wiki.

Getting Help

More help is available in this list of resources.

Daily Log for #alfresco

2020-03-24 06:16:45 GMT <alfresco-discord> <MartinM> Morning :). Is it with wisely to use the jpl connector? Never used it but my colleagues seem convinced. Is it not lacking in security than using it?

2020-03-24 06:17:03 GMT <alfresco-discord> <MartinM> Compared to using ssl

2020-03-24 06:56:00 GMT <alfresco-discord> <Muhammed Eren Demir> Hi everyone, ฤฑ am run Alfresco Content Repository-6.3.0-a5 but ฤฑ have google docs error Error : Error creating bean with name 'googleDocsImportFormats' defined in file [/usr/local/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/googledocs/drive/google-customResponse-context.xml]: Cannot resolve reference to bean 'GoogleDocsService' while setting bean property

2020-03-24 06:56:00 GMT <alfresco-discord> 'googledocsService'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'GoogleDocsService' defined in file [/usr/local/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/googledocs/drive/googledocs-context.xml]: Cannot resolve reference to bean 'googledocsService' while setting bean property 'target'; nested exception is

2020-03-24 06:56:00 GMT <alfresco-discord> org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'googledocsService' defined in file [/usr/local/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/googledocs/drive/googledocs-context.xml]: Invocation of init method failed; Can you help me . I think the version of Google Docs is incompatible.

2020-03-24 07:23:23 GMT <alfresco-discord> <LMattioli> @Muhammed Eren Demir I'm not a programmer, but it seems to me that you don't have loaded the Google Doc Amp

2020-03-24 07:23:39 GMT <alfresco-discord> <LMattioli> The error is that he is not finding a Bean

2020-03-24 07:23:56 GMT <alfresco-discord> <yreg> @Muhammed Eren Demir this page lists Alfresco CE 6.2 as latest stable release, any particular reason why you went through with 6.3 ?

2020-03-24 07:24:00 GMT <alfresco-discord> <yreg> https://www.alfresco.com/products/community/download

2020-03-24 07:24:02 GMT <alfbot> Title:Alfresco Community Edition Download | Alfresco (at www.alfresco.com)

2020-03-24 07:26:58 GMT <alfresco-discord> <Muhammed Eren Demir> I have favorite area error in Alfresco 6.2 .

2020-03-24 07:27:46 GMT <alfresco-discord> <yreg> this page suggests that you should use Google Docs integration amp v 3.1 with Alfresco CE 6.2 : https://hub.alfresco.com/t5/alfresco-content-services-hub/alfresco-community-edition-201911-ga-release-notes/ba-p/294411

2020-03-24 07:27:47 GMT <alfbot> Title:Alfresco Community Edition 201911 GA Release Notes - Alfresco Hub (at hub.alfresco.com)

2020-03-24 07:37:43 GMT <alfresco-discord> <Muhammed Eren Demir> thank you yreg ๐Ÿ™‚

2020-03-24 08:13:53 GMT <alfresco-discord> <MartinM> when Is configre a proxy in front to use SSL and the ACS behind the Proxy to use SSL as well, does ACS need to use the same certificates? Sorry I am very noobish about SSL stuff as I never needed to configured it before ๐Ÿ˜„

2020-03-24 08:15:39 GMT <alfresco-discord> <angel.borroy> The proxy uses SSL to handle client requests to applications

2020-03-24 08:15:40 GMT <alfresco-discord> <yreg> no

2020-03-24 08:15:56 GMT <alfresco-discord> <angel.borroy> ACS uses SSL to handle server communications between Repository and SOLR

2020-03-24 08:16:17 GMT <alfresco-discord> <angel.borroy> As @yreg said, both are different use cases

2020-03-24 08:16:41 GMT <alfresco-discord> <yreg> your reverse proxy needs to trust the Alfresco certificate though

2020-03-24 09:20:34 GMT <alfresco-discord> <MartinM> Wow thank you guys. That was the missing piece ๐Ÿ™

2020-03-24 09:34:50 GMT <alfresco-discord> <hi-ko> Most reverse proxies like nginx don't care about ssl cert validation used by the backend/upstream system by default. So best practice is always only care about the ssl cert in your reverse proxy and leave certs configured in tomcat untouched unless you know what you're doing and why

2020-03-24 09:38:00 GMT <alfresco-discord> <hi-ko> What I miss nowadays of container deployment is the lack of documentation and examples for best practice since the containers may have incomplete or not for production configurations

2020-03-24 09:41:41 GMT <alfresco-discord> <yreg> it depends, I wouldn't say that, if unauthorized users can hop into that network (between nginx and alfresco) and even with authorized users ....

2020-03-24 10:02:19 GMT <hi-ko> yreg: which sense make's a reverse proxy if users can connect the alfresco http services directly?

2020-03-24 10:07:04 GMT <alfresco-discord> <AFaust> Or, contrary to what @angel.borroy said, you simply disable MTLS between Repository and SOLR, and don't have to deal with certificates there.

2020-03-24 10:07:25 GMT <alfresco-discord> <angel.borroy> This what I used to do

2020-03-24 10:07:39 GMT <alfresco-discord> <AFaust> "used" as in "before you joined the dark side"?

2020-03-24 10:07:44 GMT <alfresco-discord> <angel.borroy> Not sure why you need to add that MTLs communication inside your network

2020-03-24 10:07:48 GMT <alfresco-discord> <angel.borroy> Suddenly, yes

2020-03-24 10:21:49 GMT <alfresco-discord> <yreg> @hi-ko It's quite common in on-premises installation that users (knowledgeable or not) share the same network as your on perm-services/servers

2020-03-24 10:22:42 GMT <alfresco-discord> <yreg> at least admins of other components/applications not necessarily authorised to admin Alfresco itself

2020-03-24 10:25:18 GMT <alfresco-discord> <yreg> a malicious user who is supposed to access only a restricted section of the network, or an external party exploiting an other software in your stack could in the less secure scenario you are describing spoof your server and play man in the middle to do all sorts of malicious activities ...

2020-03-24 10:27:18 GMT <alfresco-discord> <yreg> in security, the more you close doors, the less likely you would have backdoors later on ๐Ÿ˜…

2020-03-24 10:31:49 GMT <alfresco-discord> <AFaust> Well, in Docker environment these backdoors should be closed by default (not saying that Alfresco templates do this) by having isolated Docker networks for communication between reverse proxy and ACS

2020-03-24 10:34:51 GMT <alfresco-discord> <yreg> not necessarily I am afraid ๐Ÿ™‚

2020-03-24 10:36:48 GMT <alfresco-discord> <yreg> but yes to some extent if the different services / servers aren't supposed to communicate with one an other and therefore placed into different networks... or when all those integrations are properly handled by appropriate middelware bridging networks from the different services / components ๐Ÿ˜‰

2020-03-24 10:37:04 GMT <alfresco-discord> <dgradecak> and then somone just connect via a console to docker ... and ... and ๐Ÿ˜‰

2020-03-24 10:37:31 GMT <alfresco-discord> <yreg> anyhow, I am still confident that the wider ecosystem (community, partners, and clients) aren't there yet

2020-03-24 10:49:21 GMT <alfresco-discord> <MartinM> Guys thank you so much. Makes perfectly sense.

2020-03-24 10:50:05 GMT <hi-ko> by default we run all acs tomcat on 127.0.0.1 only having a default nginx on the ACS VM/Container but we don't run any ACS on docker in production

2020-03-24 10:53:18 GMT <hi-ko> If container we prefer running in a trusted subnet without the machine internal subnets and we prefer lxd/lxc which is more flexible/easier to maintain in production

2020-03-24 10:57:09 GMT <alfresco-discord> <dgradecak> I am not a good devops, but last year a client wanted to use docker with Alfresco (in prod) and once we setup everything, we saw that actually docker bypasses (by default) the local firewall

2020-03-24 10:57:23 GMT <alfresco-discord> <dgradecak> that was a deal breaker at that time

2020-03-24 11:30:41 GMT <alfresco-discord> <hi-ko> I think docker is perfect for dev and testing but if an organisation has not the skills/experience/team for the required concepts running in production like kubernetes, fs clusters, new B&R and monitoring concepts it is a starting point for having systems out of control

2020-03-24 11:35:39 GMT <alfresco-discord> <dgradecak> @hi-ko exactly

2020-03-24 11:47:05 GMT <alfresco-discord> <dgradecak> anyone knows why script tasks are not allowed in APS 1.x ?

2020-03-24 12:12:19 GMT <alfresco-discord> <MartinM> Und how about using JPA ? Never saw that before but folks in my company seem to like it ๐Ÿ™‚

2020-03-24 12:12:35 GMT <alfresco-discord> <dgradecak> JPA or AJP ?

2020-03-24 12:13:15 GMT <alfresco-discord> <dgradecak> you mentioned JPA in a "proxy" context, so I guess you mean ajp ?

2020-03-24 12:22:16 GMT <alfresco-discord> <MartinM> Oh no ๐Ÿคฆโ€โ™‚๏ธ AJP

2020-03-24 12:22:26 GMT <alfresco-discord> <MartinM> Yes AJP

2020-03-24 12:36:49 GMT <hi-ko> ajp makes sense if you use apache as reverse proxy but only increases security a little by using a binary protocol

2020-03-24 12:38:18 GMT <alfresco-discord> <AFaust> and reduces security by having a binary protocol that can lead to remote code execution

2020-03-24 12:40:39 GMT <alfresco-discord> <AFaust> https://de.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487

2020-03-24 12:40:41 GMT <alfbot> Title:CVE-2020-1938: Ghostcat - Apache Tomcat AJP File Read/Inclusion Vulnerability (CNVD-2020-10487) - Blog | Tenableยฎ (at de.tenable.com)

2020-03-24 12:42:50 GMT <alfresco-discord> <AFaust> I never found any convincing pros for using AJP, and found it always a bit too cumbersome to set up mod_jk, so I always stick to regular HTTP connector and mod_proxy_hjttp

2020-03-24 12:43:53 GMT <alfresco-discord> <dgradecak> same here

2020-03-24 12:45:20 GMT <alfresco-discord> <yreg> > anyone knows why script tasks are not allowed in APS 1.x ? @dgradecak They are disabled by default, and you need to explicitely whitelist them in some conf file somewhere, along with the language interpreters you would like to support/permit

2020-03-24 12:46:03 GMT <alfresco-discord> <dgradecak> aha, now I remember the whitelist, but could not associate with the script task

2020-03-24 12:46:13 GMT <alfresco-discord> <dgradecak> tnx @yreg

2020-03-24 12:47:17 GMT <alfresco-discord> <dgradecak> whitelisted-scripts.conf

2020-03-24 12:47:27 GMT <alfresco-discord> <dgradecak> pfff ... how could I forget about that ๐Ÿ˜„

2020-03-24 13:00:50 GMT <alfresco-discord> <MartinM> Cool stuff thanks again ๐Ÿ™‚

2020-03-24 14:17:53 GMT <alfresco-discord> <dhrn> hey guys!, is there any service to update mime type of a file. ('cause it is failed to detect the mime type while uploading) ?

2020-03-24 14:19:15 GMT <alfresco-discord> <dhrn> it is almost related to this -> https://issues.alfresco.com/jira/browse/ALF-21813

2020-03-24 14:19:45 GMT <hi-ko> document.mimetype = "text/plain";

2020-03-24 14:19:45 GMT <hi-ko> document.save();

2020-03-24 14:20:20 GMT <alfresco-discord> <dhrn> I don't have any extension. i am expecting kind of node update service.

2020-03-24 14:21:18 GMT <hi-ko> you want to change mimetype by document version?

2020-03-24 14:21:47 GMT <hi-ko> looks like a weired pattern.

2020-03-24 14:22:31 GMT <alfresco-discord> <angel.borroy> https://api-explorer.alfresco.com/api-explorer/#!/nodes/updateNode

2020-03-24 14:22:32 GMT <alfbot> Title:Alfresco Content Services REST API Explorer (at api-explorer.alfresco.com)

2020-03-24 14:22:37 GMT <alfresco-discord> <angel.borroy> You mean this service?

2020-03-24 14:23:11 GMT <alfresco-discord> <dhrn> yep, i just want to consume it from ADF level

2020-03-24 14:23:52 GMT <alfresco-discord> <angel.borroy> https://github.com/Alfresco/alfresco-js-api

2020-03-24 14:23:53 GMT <alfbot> Title:GitHub - Alfresco/alfresco-js-api: This project provides a JavaScript client API into the Alfresco REST API and Activiti REST API. (at github.com)

2020-03-24 14:24:30 GMT <alfresco-discord> <angel.borroy> https://github.com/Alfresco/alfresco-js-api/blob/development/src/api/content-rest-api/docs/NodesApi.md#updateNode

2020-03-24 14:24:31 GMT <alfbot> Title:alfresco-js-api/NodesApi.md at development ยท Alfresco/alfresco-js-api ยท GitHub (at github.com)

2020-03-24 14:25:23 GMT <alfresco-discord> <dhrn> i tried it from swagger, no luck

2020-03-24 14:25:24 GMT <alfresco-discord> <dhrn> https://cdn.discordapp.com/attachments/451644531323174914/692016215744577576/unknown.png

2020-03-24 14:27:43 GMT <hi-ko> angel.borroy: What's your idea? To create a script to be run from Alfresco REST API? Wouldn't it be easier to just create a simple RESTful webscript?

2020-03-24 14:28:01 GMT <alfresco-discord> <angel.borroy> He said he wanted to use that from ADF

2020-03-24 14:28:12 GMT <alfresco-discord> <angel.borroy> This is why I linked that API

2020-03-24 14:29:03 GMT <hi-ko> sorry - we don't use ADF

2020-03-24 14:30:16 GMT <alfresco-discord> <dhrn> @angel.borroy can we update mime type using that (/updateNode) api?

2020-03-24 14:30:38 GMT <alfresco-discord> <angel.borroy> I guess that the answer is no

2020-03-24 14:30:53 GMT <alfresco-discord> <angel.borroy> You need some logic for that, as "mimeType" is not a real property

2020-03-24 14:31:11 GMT <alfresco-discord> <angel.borroy> The easiest is to use what @hi-ko posted

2020-03-24 14:31:16 GMT <alfresco-discord> <angel.borroy> JavaScript API / Java API

2020-03-24 14:34:53 GMT <alfresco-discord> <dhrn> thank you

End of Daily Log

The other logs are at http://esplins.org/hash_alfresco