更新 SSL 证书后出现 Alfresco Share 登录错误
Alfresco Share Login Error after updating SSL certs
我在 Ubuntu 机器上使用 Alfresco 独立社区版,它正在使用配置的域。 SSL 证书将在一周内过期,因此我在 nginx.conf 中更新了新域 crt 和密钥
更新后登录共享出现以下错误,但旧域仍处于活动状态并且能够登录共享甚至配置了新域证书和密钥。
Something's wrong with this page...
We may have hit an error or something might have been removed or deleted, so check that the URL is correct.
Alternatively you might not have permission to view the page (it could be on a private site) or there could have been an internal error. Try checking with your IT team.
If you're trying to get to your home page and it's no longer available you should change it by clicking your name on the toolbar
nginx.conf(旧配置)
events {}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
index index.html index.htm;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name old.domain.com;
return 301 https://$host$request_uri;
location / {
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 504 /50x.html;
location = /50x.html {
}
}
}
server{
listen 80;
listen 443 ssl;
server_name new.domain.com;
return 301 https://old.domain.com/share;
}
server {
listen 443 default ssl;
server_name old.domain.com;
access_log on;
ssl on;
ssl_certificate /etc/nginx/ssl/OLD.DOMAIN.COM.crt;
ssl_certificate_key /etc/nginx/ssl/old.domain.key;
location / {
client_max_body_size 4000M;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080;
sub_filter_types text/javascript;
sub_filter_once off;
sub_filter '<img src="http://www.alfresco.com/assets/images/logos/community-5.2-share.png' '<img src="test';
sub_filter '<a href="http://www.alfresco.com/services/support/communityterms/#support' '<a href="test';
}
}
}
nginx 配置(新)
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name new.domain.com;
return 301 https://$host$request_uri;
location / {
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 504 /50x.html;
location = /50x.html {
}
}
}
server {
listen 443 default ssl;
server_name new.domain.com;
access_log on;
ssl on;
ssl_certificate /etc/nginx/ssl/NEW.DOMAIN.COM.crt;
ssl_certificate_key /etc/nginx/ssl/new.domain.com.key;
location / {
client_max_body_size 4000M;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080;
}
}
}
通过网络中的类似案例,一些人建议更改端口号和代理通行证等参数,server.xml 更改。可能是我错了但我的问题是设置在更新新域证书后出现共享登录错误后可以正常工作 1 年。
不知道是否存储或缓存了旧证书,因为即使使用新证书更新 nginx.conf 也可以通过旧域访问共享。
任何想法或建议都会有很大的帮助
谢谢
您的错误发生在Alfresco本身,与证书无关。
如果您检查正确的日志 (tomcat/logs/catalina.out),您应该会看到您的问题。
我的猜测是您使用了与配置不同的主机名,这会触发 Alfresco Share 中的 CSRF 令牌过滤器。
更改 alfresco-global.properties 中的 share.host 和 alfresco.host 或禁用或修改 share-config-custom.xml
中的 CSRF 令牌过滤器
我在 Ubuntu 机器上使用 Alfresco 独立社区版,它正在使用配置的域。 SSL 证书将在一周内过期,因此我在 nginx.conf 中更新了新域 crt 和密钥 更新后登录共享出现以下错误,但旧域仍处于活动状态并且能够登录共享甚至配置了新域证书和密钥。
Something's wrong with this page...
We may have hit an error or something might have been removed or deleted, so check that the URL is correct.
Alternatively you might not have permission to view the page (it could be on a private site) or there could have been an internal error. Try checking with your IT team.
If you're trying to get to your home page and it's no longer available you should change it by clicking your name on the toolbar
nginx.conf(旧配置)
events {}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
index index.html index.htm;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name old.domain.com;
return 301 https://$host$request_uri;
location / {
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 504 /50x.html;
location = /50x.html {
}
}
}
server{
listen 80;
listen 443 ssl;
server_name new.domain.com;
return 301 https://old.domain.com/share;
}
server {
listen 443 default ssl;
server_name old.domain.com;
access_log on;
ssl on;
ssl_certificate /etc/nginx/ssl/OLD.DOMAIN.COM.crt;
ssl_certificate_key /etc/nginx/ssl/old.domain.key;
location / {
client_max_body_size 4000M;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080;
sub_filter_types text/javascript;
sub_filter_once off;
sub_filter '<img src="http://www.alfresco.com/assets/images/logos/community-5.2-share.png' '<img src="test';
sub_filter '<a href="http://www.alfresco.com/services/support/communityterms/#support' '<a href="test';
}
}
}
nginx 配置(新)
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name new.domain.com;
return 301 https://$host$request_uri;
location / {
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 504 /50x.html;
location = /50x.html {
}
}
}
server {
listen 443 default ssl;
server_name new.domain.com;
access_log on;
ssl on;
ssl_certificate /etc/nginx/ssl/NEW.DOMAIN.COM.crt;
ssl_certificate_key /etc/nginx/ssl/new.domain.com.key;
location / {
client_max_body_size 4000M;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080;
}
}
}
通过网络中的类似案例,一些人建议更改端口号和代理通行证等参数,server.xml 更改。可能是我错了但我的问题是设置在更新新域证书后出现共享登录错误后可以正常工作 1 年。
不知道是否存储或缓存了旧证书,因为即使使用新证书更新 nginx.conf 也可以通过旧域访问共享。
任何想法或建议都会有很大的帮助 谢谢
您的错误发生在Alfresco本身,与证书无关。 如果您检查正确的日志 (tomcat/logs/catalina.out),您应该会看到您的问题。
我的猜测是您使用了与配置不同的主机名,这会触发 Alfresco Share 中的 CSRF 令牌过滤器。
更改 alfresco-global.properties 中的 share.host 和 alfresco.host 或禁用或修改 share-config-custom.xml
中的 CSRF 令牌过滤器