AnsweredAssumed Answered

Web Scripts behind nginx SSL reverse proxy

Question asked by madjic on Oct 13, 2016
Latest reply on Sep 27, 2017 by mamatov86

I'm trying to do a manual install of Alfresco Community Edition 201609 EA on tomcat8.

 

solr4 is throwing all kinds of errors, so I refrained deploying solr4.war on tomcat. My plan is to fix that if the other stuff is up and running, unless solr is the reason for my problems

 

After lots of head-scratching I can now access share, but I'm getting the

Alfresco is running without Share Services. See your System Administrator for more details.

Error.

 

So I checked /alfresco, only to find out the web scripts don't work

/alfresco/s/index:

The Web Script /alfresco/ss/index has responded with a status of 404 - Not Found.

 

404 Description:Requested resource is not available.
Message:09130002 Script url s/index does not map to a Web Script.
Server:Community v5.2.0 (r130508-b9) schema 10,004
Time:13-Oct-2016 14:56:30

When I'm accessing the tomcat server directly on port 8080 everything seems to be working fine, only when I try to access it through the nginx SSL reverse proxy the webscripts don't work.

in alfresco-global.properties I set:

 

alfresco.context=alfresco

alfresco.host=cms.url.tld

alfresco.port=443

alfresco.protocol=https

 

 

share.context=share

share.host=cms.url.tld

share.port=443

share.protocol=https

nginx config:

server {

        listen 443;

        server_name cms.url.tld;

 

 

        ssl on;

        ssl_certificate /etc/letsencrypt/live/cms.url.tld/fullchain.pem;

        ssl_certificate_key /etc/letsencrypt/live/cms.url.tld/privkey.pem;

 

 

        proxy_buffer_size 128k;

        proxy_buffers 4 256k;

 

 

        satisfy any;

        allow 87.138.198.126;

        deny all;

 

 

        location / {

                root /var/lib/tomcat8/webapps/ROOT/;

               proxy_set_header X-Real-IP $remote_addr;

               proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

               proxy_set_header X-Forwarded-Proto $scheme;

               proxy_set_header Host $http_host;

 

 

               proxy_http_version 1.1;

 

 

                proxy_pass http://localhost:8080;

                proxy_redirect default;

        }

 

 

        location /share/ {

                root /var/lib/tomcat8/webapps/share/;

 

 

               proxy_set_header X-Real-IP $remote_addr;

               proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

               proxy_set_header X-Forwarded-Proto $scheme;

               proxy_set_header Host $http_host;

 

 

               proxy_http_version 1.1;

 

 

 

                proxy_pass http://localhost:8080/share/;

                proxy_redirect http:// https://;

        }

 

 

        location /alfresco {

                root /var/lib/tomcat8/webapps/alfresco/;

 

 

               proxy_set_header X-Real-IP $remote_addr;

               proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

               proxy_set_header X-Forwarded-Proto $scheme;

               proxy_set_header Host $http_host;

 

 

               proxy_http_version 1.1;

 

 

 

                proxy_pass http://localhost:8080/alfresco/;

                proxy_redirect http:// https://;

                #allow all;

        }

}

CSRF is disabled in $TOMCAT_HOME/shared/classes/alfresco/web-extension/share-config-custom.xml

   <config evaluator="string-compare" condition="CSRFPolicy" replace="true">

      <filter/>

   </config>

my Connector in $TOMCAT_HOME/conf/server.xml

    <Connector port="8080" protocol="HTTP/1.1"

               connectionTimeout="20000"

               URIEncoding="UTF-8"

               proxyPort="443" scheme="https"

               redirectPort="8443" />

what did I forget/do wrong?

Outcomes