https://connect.hyland.com/t5/alfresco-archive/ssl-nginx-reverse-proxy-configuration-and-csrf-attack/m-p/279041#M232171 <HTML><HEAD></HEAD><BODY><SPAN>I may be wrong but I think you're bypassing the CSRF protection entirely that way.</SPAN><BR /><BR /><SPAN>To answer your question: I'm running Alfresco with an Nginx SSL offloading proxy but I did not get it working using proxy_set_header directives either.</SPAN><BR /><BR /><SPAN>If you use your Tomcat for Alfresco only you may simply override the connector scheme in server.xml:</SPAN><BR /><PRE class="language-none line-numbers"><CODE><BR />&lt;Connector port="8080" protocol="org.apache.coyote.http11.Http11AprProtocol"<BR />&nbsp;&nbsp;&nbsp; connectionTimeout="20000" redirectPort="8443"<BR />&nbsp;&nbsp;&nbsp; scheme="https" proxyName="your-domain.com" proxyPort="443" /&gt;<BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><BR /><SPAN>Another option would be to point your nginx upstream resource to the https Tomcat connector on port 8443.</SPAN><BR /><SPAN>I just don't know how efficient that would be … performance should be better following the first approach.</SPAN><BR /><BR /><SPAN>Cheers,</SPAN><BR /><SPAN>Basti</SPAN></BODY></HTML> Wed, 20 May 2015 13:30:00 GMT basti_g 2015-05-20T13:30:00Z https://connect.hyland.com/t5/alfresco-archive/ssl-nginx-reverse-proxy-configuration-and-csrf-attack/m-p/279040#M232170 Hi,does anybody have a working configuration for nginx and/or alfresco, using https.I cannot set up nginx and/or alfresco without prompting CSRF attack in Alfresco logs (cannot log in).If i setproxy_set_header Host $host;the error is<IMG id="smileyfrustrated" class="emoticon emoticon-smileyfrustrated" src="https://migration33.stage.lithium.com/i/smilies/16x16_smiley-frustrated.png" alt="Smiley Frustrated" title="Smiley Frustrated" />EVERE: Servlet.service() for servlet [Spring Surf Dispatcher Serv Tue, 19 May 2015 09:43:22 GMT https://connect.hyland.com/t5/alfresco-archive/ssl-nginx-reverse-proxy-configuration-and-csrf-attack/m-p/279040#M232170 dasddd 2015-05-19T09:43:22Z https://connect.hyland.com/t5/alfresco-archive/ssl-nginx-reverse-proxy-configuration-and-csrf-attack/m-p/279041#M232171 <HTML><HEAD></HEAD><BODY><SPAN>I may be wrong but I think you're bypassing the CSRF protection entirely that way.</SPAN><BR /><BR /><SPAN>To answer your question: I'm running Alfresco with an Nginx SSL offloading proxy but I did not get it working using proxy_set_header directives either.</SPAN><BR /><BR /><SPAN>If you use your Tomcat for Alfresco only you may simply override the connector scheme in server.xml:</SPAN><BR /><PRE class="language-none line-numbers"><CODE><BR />&lt;Connector port="8080" protocol="org.apache.coyote.http11.Http11AprProtocol"<BR />&nbsp;&nbsp;&nbsp; connectionTimeout="20000" redirectPort="8443"<BR />&nbsp;&nbsp;&nbsp; scheme="https" proxyName="your-domain.com" proxyPort="443" /&gt;<BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><BR /><SPAN>Another option would be to point your nginx upstream resource to the https Tomcat connector on port 8443.</SPAN><BR /><SPAN>I just don't know how efficient that would be … performance should be better following the first approach.</SPAN><BR /><BR /><SPAN>Cheers,</SPAN><BR /><SPAN>Basti</SPAN></BODY></HTML> Wed, 20 May 2015 13:30:00 GMT https://connect.hyland.com/t5/alfresco-archive/ssl-nginx-reverse-proxy-configuration-and-csrf-attack/m-p/279041#M232171 basti_g 2015-05-20T13:30:00Z https://connect.hyland.com/t5/alfresco-archive/ssl-nginx-reverse-proxy-configuration-and-csrf-attack/m-p/279042#M232172 <HTML><HEAD></HEAD><BODY><SPAN>I took care of it by overriding. Attached is my share-config-custom.xml (replace my.site.com)</SPAN></BODY></HTML> Wed, 20 May 2015 23:56:54 GMT https://connect.hyland.com/t5/alfresco-archive/ssl-nginx-reverse-proxy-configuration-and-csrf-attack/m-p/279042#M232172 i2aml8 2015-05-20T23:56:54Z