[MNT-20815] Activiti: Need documentation for setting up HTTP2/SSL using NGINX reverse proxy against Activiti Enterprise Suite sample configuration Created: 12-Dec-16  Updated: 29-Jul-19

Status: Open
Project: Service Packs and Hot Fixes
Component/s: APS Kickstart/Studio
Affects Version/s: Alfresco Activiti, Alfresco Process Services
Fix Version/s: None

Type: Documentation
Reporter: Seng Liaw Assignee: Mark Hulbert
Resolution: Unresolved Votes: 0
Labels: Documentation
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Activiti 1.5.2, NGINX/Apache reverse proxy

Issue Links:
is related to by ACTIVITI-1084 Provide Support for Elasticsearch Shi... Done
Bug Priority:
Category 2
ACT Numbers:


Sprint: Docs Sprint 18


Issue and Enhancement Request
Partner were able to configure Activiti over HTTPS after configure Tomcat over SSL(http 1.1). However, they are still unable to figure out how to configure Activiti against NGINX/Apache reverse proxy for SSL using HTTP2 protocol. The partner is hoping there is documentation which would details the steps to configure Activiti Enterprise against NGINX reverse proxy for SSL using HTTP 2.0 protocol.

I have refer the customer to read NGINX official documentation for the moment.

Original partner feedbacks

  1. That’s unfortunate that there is not any official support or documentation for getting Activiti secured over HTTPS. I understand that I’m sort of on my own to get this working if we’re not able to get something working here but please add this to some sort of feature request list or issue. I would be concerned if the majority of deployments were unsecured given the common use cases of BPM software like Activiti (demo scenarios are commonly in the healthcare and financial industry).
  2. Shortly after posting this case, I was able to configure SSL with Tomcat. Nginx would be nice to use as it is simpler and would support future enhancements we wish to use like ApplicationDevelopmentFramework which needs nginx in place.

Question: While reading your nginx.conf, you are using ssl http2, not ssl (http 1.1), is that on purpose?
Answer: Using HTTP2 is intentional. I wish to give our customer a deployment that runs with a slightly more modern protocol.

Generated at Tue Jul 07 04:35:18 BST 2020 using JIRA 7.6.3#76005-sha1:8a4e38d34af948780dbf52044e7aafb13a7cae58.