Help

POST requests 500 - Nginx Kerberos SSO SSL Alfresco 201911/6.2

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
mmagowski
Member II
‎28 Jan 2020 10:16 AM

POST requests 500 - Nginx Kerberos SSO SSL Alfresco 201911/6.2

I probably find a bug in alfresco 2019.11 which stopped us from upgrading to 6.2. 

We have problem on clean alfresco base on docker-compose configuration. 

Problem exists in: 2019.11 with SSO turn on. All post request in system are rejected and have status 500. When you turn off SSO you can send POST requests, for example upload a file.

Our configuration: 2019.11, nginx, docker-compose, SSO, SSL in nginx, Kerberos, AD.

We handle the issue...by not using the newest alfresco Smiley Wink We don't have any problems with clean alfresco and 201901 with same configuration. We were testing this in simple fashion, just simply changing .env file for docker-compose and docker files. We not changing anything in configuration, only changing version for alfresco repository and alfresco share.

Nginx configuration:

worker_processes  1;

events {
    worker_connections  1024;
}

http {
    sendfile on;

    server {
        listen 443 ssl;

        client_max_body_size 0;
  
        set  $allowOriginSite *;
       proxy_pass_request_headers on;
       proxy_pass_header Set-Cookie;
        
        ssl_certificate     /etc/nginx/client.crt;
        ssl_certificate_key /etc/nginx/client.key;
        ssl_ciphers         EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!RC4:!MD5:!DES;
        ssl_protocols       TLSv1.1 TLSv1.2;
    
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        large_client_header_buffers  4 32k;

        # External settings, do not remove
        #ENV_ACCESS_LOG
        error_page 497 https://$host:$server_port$request_uri;

        proxy_set_header Host            $host:$server_port;
        proxy_set_header X-Real-IP       $remote_addr;
        proxy_redirect http:// https://;

        # Protect access to SOLR APIs
        location ~ ^(/.*/service/api/solr/.*)$ {return 403;}
        location ~ ^(/.*/s/api/solr/.*)$ {return 403;}
        location ~ ^(/.*/wcservice/api/solr/.*)$ {return 403;}
        location ~ ^(/.*/wcs/api/solr/.*)$ {return 403;}

        location ~ ^(/.*/proxy/alfresco/api/solr/.*)$ {return 403 ;}
        location ~ ^(/.*/-default-/proxy/alfresco/api/.*)$ {return 403;}

        # Alfresco Repository
        location /alfresco/ {
            proxy_pass http://alfresco:8080;
        }

        # SOLR Web Console (Master)
        location /solr/ {
            proxy_pass http://solr6:8983;

            # Basic authentication
            auth_basic "Solr web console";
            auth_basic_user_file /etc/nginx/conf.d/nginx.htpasswd;
        }

        # Alfresco Share Web App
        location /share/ {
            proxy_pass http://share:8080;
        }

        # Alfresco Content App
        location / {
            proxy_pass http://alfresco:8080;
        }
    }
}

 

0 Kudos
Reply
3 Replies
EddieMay
Alfresco Employee
‎28 Jan 2020 10:40 AM

Re: POST requests 500 - Nginx Kerberos SSO SSL Alfresco 201911/6.2

Hi @mmagowski,

Currently investigating this issue. Will update when I have some news. 

Digital Community Manager, Alfresco Software.
Problem solved? Click Accept as Solution!
0 Kudos
Reply
EddieMay
Alfresco Employee
‎29 Jan 2020 9:43 AM

Re: POST requests 500 - Nginx Kerberos SSO SSL Alfresco 201911/6.2

Hi @mmagowski,

Have you had a look here https://docs.alfresco.com/sso/topics/kerberos.html

Let me know if this helps.

 

Digital Community Manager, Alfresco Software.
Problem solved? Click Accept as Solution!
0 Kudos
Reply
mmagowski
Member II
‎29 Jan 2020 9:55 AM

Re: POST requests 500 - Nginx Kerberos SSO SSL Alfresco 201911/6.2

Yep I saw that. I can't find any mistakes and we have working conf with SSO with nginx, kerberos, ad on alfresco 2019.01. I don't think only we have a problem, becouse we have same config working 2019.01-ga. Base on clean alfresco. So our .env file now looks like that.

 

# Community
ALFRESCO_CE_TAG=6.1.2-ga
SEARCH_CE_TAG=1.4.0
SHARE_TAG=6.1.0
ACA_TAG=master-latest
POSTGRES_TAG=11.4
API_EXPLORER_TAG=6.0.7-ga
TRANSFORM_ENGINE_TAG=2.1.0
ACTIVEMQ_TAG=5.15.8

If we switch config to newest:

 

 

# Community
ALFRESCO_CE_TAG=6.2.0-ga
SEARCH_CE_TAG=1.4.0
SHARE_TAG=6.2.0
ACA_TAG=master-latest
POSTGRES_TAG=11.4
API_EXPLORER_TAG=6.2.0
TRANSFORM_ENGINE_TAG=2.1.0
ACTIVEMQ_TAG=5.15.8

We will have 500 for each post request after login to alfresco. In 2019.01 we don't have this problem. Same configuration only change of .env. 

Don't get me wrong I would love to use 2019.11, but for now we upgraded only to 2019.01 becouse of this (we were upgrading alfresco from 201701-ga).

 

0 Kudos
Reply
Alfresco Content Services Forum

Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.

Related links:

We use cookies on this site to enhance your user experience

By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods).   If you are not ok with these terms, please do not use this website.