SSL Sharepoint behind Ngnix Proxy help
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-14-2015 06:17 PM
Thanks to everyone in advance for taking a look.
After devoting several weeks of configurations, tear downs and rebuilds, and scouring the forum for related posts, I believe I am very close to having Alfresco 5.0.d up and running behind a Nginx Reverse Proxy. Currently running Ubuntu 14.04.
All certs are set up, and ssl is working great for accessing the share. However I can only get sharepoint documents to edit online if I do the reg hack to allow basic and ssl communications, found here http://support.microsoft.com/kb/2123563. If I remove those hacks I just get a blank page. I believe this is an indication that the documents are not being served securely which is the goal.
Many of the first attempts of using Tomcat broke various functions of Alfresco, so I went the reverse proxy route that so many recommended.
I am currently confused if I need to add the vti settings to the vti.custom file (would have to create) as well as the alfresco.global.properties file. I believe I shouldn't have to, but can't for the life of me figure out how I need to set up the reverse proxy conf file. Please find my config below for your consideration. I have seen various posts saying this is functioning great, but no detailed instructions on how to complete.
As I said, i very much appreciate any light someone could shed on the situation.
Thank you for your time.
server{
listen 443;
server_name host.domain.com;
ssl on;
ssl_certificate /etc/ssl/certs/domain.crt;
ssl_certificate_key /etc/ssl/private/domain.com.key;
rewrite ^/$ /share;
location /share {
root /opt/alfresco/tomcat/webapps/share/;
proxy_pass https://127.0.0.1:8443;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header host $host;
proxy_set_header X-Forwarded-Server $host;
}
location / {
proxy_pass https://127.0.0.1:7070;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header host $host;
proxy_set_header X-Forwarded-Server $host;
}
location /alfresco {
proxy_pass https://127.0.0.1:7070/alfresco;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header host $host;
proxy_set_header X-Forwarded-Server $host;
}
location /_vti-bin {
proxy_pass https://127.0.0.1:7070/_vti_bin.html;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header host $host;
proxy_set_header X-Forwarded-Server $host;
}
location /_vti-inf-html {
proxy_pass https://127.0.0.1:7070/_vti_inf.html;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header host $host;
proxy_set_header X-Forwarded-Server $host;
}
location /_vti_history {
proxy_pass https://localhost:7070/_vti_history;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header host $host;
proxy_set_header X-Forwarded-Server $host;
}
}
After devoting several weeks of configurations, tear downs and rebuilds, and scouring the forum for related posts, I believe I am very close to having Alfresco 5.0.d up and running behind a Nginx Reverse Proxy. Currently running Ubuntu 14.04.
All certs are set up, and ssl is working great for accessing the share. However I can only get sharepoint documents to edit online if I do the reg hack to allow basic and ssl communications, found here http://support.microsoft.com/kb/2123563. If I remove those hacks I just get a blank page. I believe this is an indication that the documents are not being served securely which is the goal.
Many of the first attempts of using Tomcat broke various functions of Alfresco, so I went the reverse proxy route that so many recommended.
I am currently confused if I need to add the vti settings to the vti.custom file (would have to create) as well as the alfresco.global.properties file. I believe I shouldn't have to, but can't for the life of me figure out how I need to set up the reverse proxy conf file. Please find my config below for your consideration. I have seen various posts saying this is functioning great, but no detailed instructions on how to complete.
As I said, i very much appreciate any light someone could shed on the situation.
Thank you for your time.
server{
listen 443;
server_name host.domain.com;
ssl on;
ssl_certificate /etc/ssl/certs/domain.crt;
ssl_certificate_key /etc/ssl/private/domain.com.key;
rewrite ^/$ /share;
location /share {
root /opt/alfresco/tomcat/webapps/share/;
proxy_pass https://127.0.0.1:8443;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header host $host;
proxy_set_header X-Forwarded-Server $host;
}
location / {
proxy_pass https://127.0.0.1:7070;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header host $host;
proxy_set_header X-Forwarded-Server $host;
}
location /alfresco {
proxy_pass https://127.0.0.1:7070/alfresco;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header host $host;
proxy_set_header X-Forwarded-Server $host;
}
location /_vti-bin {
proxy_pass https://127.0.0.1:7070/_vti_bin.html;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header host $host;
proxy_set_header X-Forwarded-Server $host;
}
location /_vti-inf-html {
proxy_pass https://127.0.0.1:7070/_vti_inf.html;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header host $host;
proxy_set_header X-Forwarded-Server $host;
}
location /_vti_history {
proxy_pass https://localhost:7070/_vti_history;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header host $host;
proxy_set_header X-Forwarded-Server $host;
}
}
Labels:
- Labels:
-
Archive
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-15-2015 01:36 PM
Anything guys? Much apprecaited
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-15-2015 01:36 PM
Do you still get a blank page if you put the registry value on the client to 1? (SSL communication only)
Locate and then click the following registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\ParametersOn the Edit menu, point to New, and then click DWORD Value.Type UseBasicAuth, and then press Enter.Right-click UseBasicAuth, and then click Modify.In the Value data box, type 1, and then click OK.
