Web Scripts behind nginx SSL reverse proxy

cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
madjic
Active Member

Web Scripts behind nginx SSL reverse proxy

Jump to solution

I'm trying to do a manual install of Alfresco Community Edition 201609 EA on tomcat8.

solr4 is throwing all kinds of errors, so I refrained deploying solr4.war on tomcat. My plan is to fix that if the other stuff is up and running, unless solr is the reason for my problems

After lots of head-scratching I can now access share, but I'm getting the

Alfresco is running without Share Services. See your System Administrator for more details.

Error.

So I checked /alfresco, only to find out the web scripts don't work

/alfresco/s/index:

The Web Script /alfresco/ss/index has responded with a status of 404 - Not Found.

404 Description:Requested resource is not available.
Message:09130002 Script url s/index does not map to a Web Script.
Server:Community v5.2.0 (r130508-b9) schema 10,004
Time:13-Oct-2016 14:56:30

When I'm accessing the tomcat server directly on port 8080 everything seems to be working fine, only when I try to access it through the nginx SSL reverse proxy the webscripts don't work.

in alfresco-global.properties I set:

alfresco.context=alfresco

alfresco.host=cms.url.tld

alfresco.port=443

alfresco.protocol=https

share.context=share

share.host=cms.url.tld

share.port=443

share.protocol=https

nginx config:

server {

        listen 443;

        server_name cms.url.tld;

        ssl on;

        ssl_certificate /etc/letsencrypt/live/cms.url.tld/fullchain.pem;

        ssl_certificate_key /etc/letsencrypt/live/cms.url.tld/privkey.pem;

        proxy_buffer_size 128k;

        proxy_buffers 4 256k;

        satisfy any;

        allow 87.138.198.126;

        deny all;

        location / {

                root /var/lib/tomcat8/webapps/ROOT/;

               proxy_set_header X-Real-IP $remote_addr;

               proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

               proxy_set_header X-Forwarded-Proto $scheme;

               proxy_set_header Host $http_host;

               proxy_http_version 1.1;

                proxy_pass http://localhost:8080;

                proxy_redirect default;

        }

        location /share/ {

                root /var/lib/tomcat8/webapps/share/;

               proxy_set_header X-Real-IP $remote_addr;

               proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

               proxy_set_header X-Forwarded-Proto $scheme;

               proxy_set_header Host $http_host;

               proxy_http_version 1.1;

                proxy_pass http://localhost:8080/share/;

                proxy_redirect http:// https://;

        }

        location /alfresco {

                root /var/lib/tomcat8/webapps/alfresco/;

               proxy_set_header X-Real-IP $remote_addr;

               proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

               proxy_set_header X-Forwarded-Proto $scheme;

               proxy_set_header Host $http_host;

               proxy_http_version 1.1;

                proxy_pass http://localhost:8080/alfresco/;

                proxy_redirect http:// https://;

                #allow all;

        }

}

CSRF is disabled in $TOMCAT_HOME/shared/classes/alfresco/web-extension/share-config-custom.xml

   <config evaluator="string-compare" condition="CSRFPolicy" replace="true">

      <filter/>

   </config>

my Connector in $TOMCAT_HOME/conf/server.xml

    <Connector port="8080" protocol="HTTP/1.1"

               connectionTimeout="20000"

               URIEncoding="UTF-8"

               proxyPort="443" scheme="https"

               redirectPort="8443" />

what did I forget/do wrong?

1 Solution

Accepted Solutions
madjic
Active Member

Re: Web Scripts behind nginx SSL reverse proxy

Jump to solution

Found the problem, missing / after location /alfresco/

nginx.conf:

        location /alfresco/ {

                root /var/lib/tomcat8/webapps/alfresco/;

               proxy_set_header X-Real-IP $remote_addr;

               proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

               proxy_set_header X-Forwarded-Proto $scheme;

               proxy_set_header Host $http_host;

               proxy_http_version 1.1;

                proxy_pass http://localhost:8080/alfresco/;

                proxy_redirect http:// https://;

                #allow all;

        }

4 Replies
jpotts
Advanced II

Re: Web Scripts behind nginx SSL reverse proxy

Jump to solution

Your URL has an extra 's' in it. You typed /alfresco/ss/index but it should be /alfresco/s/index.

madjic
Active Member

Re: Web Scripts behind nginx SSL reverse proxy

Jump to solution

Except I didn't

My browser is pointing to /alfresco/s/index, but something (nginx?) seems to rewrite it.

I thought the /ss/ was some kind of internal URL, but now I have something to work with

edit:

I noticed the link leads me to https://cms.url.tld/alfresco/s/%2Falfresco%2Fss%2Findex, that's of course totally wrong

madjic
Active Member

Re: Web Scripts behind nginx SSL reverse proxy

Jump to solution

Found the problem, missing / after location /alfresco/

nginx.conf:

        location /alfresco/ {

                root /var/lib/tomcat8/webapps/alfresco/;

               proxy_set_header X-Real-IP $remote_addr;

               proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

               proxy_set_header X-Forwarded-Proto $scheme;

               proxy_set_header Host $http_host;

               proxy_http_version 1.1;

                proxy_pass http://localhost:8080/alfresco/;

                proxy_redirect http:// https://;

                #allow all;

        }

mamatov86
Member II

Re: Web Scripts behind nginx SSL reverse proxy

Jump to solution

Hi Matthias,

Thanks for your post.

I applied the same configuration and the nginx reverse proxy works with ssl.

Now, I'm trying to use the mobile application (Alfresco Content Services) but it doesn't work.

Have you try to use it ? If yes can you explain me how fix the connection issue ?

Thanks in advance.