acs-community-packaging icon indicating copy to clipboard operation
acs-community-packaging copied to clipboard

Published 20 hours ago verified publisher icon Alfresco

POST request not working on 2019.11 GA

Open mmagowski opened this issue 5 years ago • 0 comments

We have configuration based on alfresco 2019.01 with kerberos, docker compose. It is working quite nice. After upgrade to 2019.11 with SSO turn on POST requests are rejected by 500 status.

When you disable SSO, all type of requests are working. We finally did a didn't switch to newest version. To have kerberos SSO still working.

NGINX Conf: ` worker_processes 1;

events {
	worker_connections  1024;
}

http {
	sendfile on;


	server {
		listen 443 ssl;

		client_max_body_size 0;
  

		set  $allowOriginSite *;
	   proxy_pass_request_headers on;
	   proxy_pass_header Set-Cookie;

		
		ssl_certificate     /etc/nginx/client.crt;
		ssl_certificate_key /etc/nginx/client.key;
		ssl_ciphers         EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!RC4:!MD5:!DES;
		ssl_protocols       TLSv1.1 TLSv1.2;
	
		proxy_set_header X-Forwarded-Host $host;
		proxy_set_header X-Forwarded-Server $host;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		large_client_header_buffers  4 32k;

		# External settings, do not remove
		#ENV_ACCESS_LOG

		# proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
		# proxy_redirect off;
		# proxy_buffering off;
		proxy_set_header Host            $host:$server_port;
		proxy_set_header X-Real-IP       $remote_addr;
		proxy_redirect http:// https://;
		# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		# proxy_pass_header Set-Cookie;
		#  large_client_header_buffers  4 32k;


		# Protect access to SOLR APIs
		location ~ ^(/.*/service/api/solr/.*)$ {return 403;}
		location ~ ^(/.*/s/api/solr/.*)$ {return 403;}
		location ~ ^(/.*/wcservice/api/solr/.*)$ {return 403;}
		location ~ ^(/.*/wcs/api/solr/.*)$ {return 403;}

		location ~ ^(/.*/proxy/alfresco/api/solr/.*)$ {return 403 ;}
		location ~ ^(/.*/-default-/proxy/alfresco/api/.*)$ {return 403;}

		# Alfresco Repository
		location /alfresco/ {
			proxy_pass http://alfresco:8080;


		}

		# SOLR Web Console (Master)
		location /solr/ {

			proxy_pass http://solr6:8983;

			# Basic authentication
			auth_basic "Solr web console";
			auth_basic_user_file /etc/nginx/conf.d/nginx.htpasswd;

		}

		# Alfresco Share Web App
		location /share/ {
			proxy_pass http://share:8080;


		}

		# Alfresco Content App
		location / {
			proxy_pass http://alfresco:8080;
		}

	}

}

`

mmagowski avatar Jan 24 '20 09:01 mmagowski