I have an Alfresco server available via port 8080 (HTTP) and 443 (HTTPS), with a web proxy redirecting URLs ending with /alfresco to port 8080.
In my CMIS client, I specified the HTTPS CMIS URL.
PROBLEM: Despite this, I notice with a network analyzer that most of the CMIS traffic happens on 8080, unencrypted.
The trick here is that in the CMIS protocol, the response to a CMIS request contains more URLs, that are then used to perform all actions you want.
The first request (on port 443) generates a response that contains a long list of further URLs, all on port 8080.
The solution is to modify the Tomcat configuration file server.xml in the section concerning port 8080, and add the following parameters:
scheme="https" proxyName="myserver.com" proxyPort="443"
Then after a server restart, in the CMIS responses, the href are finally correct:
<app:collection href="https://myserver.com/alfresco/cmisatom/61ed1ed7-3a73-4368-a06c-4127e1704730/children?id=workspace%3A%2F%2FSpacesStore%2Fda93d7de-88d0-476e-899b-9c5c07c08fcb">