cancel
Showing results for 
Search instead for 
Did you mean: 

POST requests 500 - Nginx Kerberos SSO SSL Alfresco 201911/6.2

mmagowski
Champ in-the-making
Champ in-the-making

I probably find a bug in alfresco 2019.11 which stopped us from upgrading to 6.2. 

We have problem on clean alfresco base on docker-compose configuration. 

Problem exists in: 2019.11 with SSO turn on. All post request in system are rejected and have status 500. When you turn off SSO you can send POST requests, for example upload a file.

Our configuration: 2019.11, nginx, docker-compose, SSO, SSL in nginx, Kerberos, AD.

We handle the issue...by not using the newest alfresco Smiley Wink We don't have any problems with clean alfresco and 201901 with same configuration. We were testing this in simple fashion, just simply changing .env file for docker-compose and docker files. We not changing anything in configuration, only changing version for alfresco repository and alfresco share.

Nginx configuration:

worker_processes  1;

events {
    worker_connections  1024;
}

http {
    sendfile on;

    server {
        listen 443 ssl;

        client_max_body_size 0;
  
        set  $allowOriginSite *;
       proxy_pass_request_headers on;
       proxy_pass_header Set-Cookie;
        
        ssl_certificate     /etc/nginx/client.crt;
        ssl_certificate_key /etc/nginx/client.key;
        ssl_ciphers         EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!RC4:!MD5:!DES;
        ssl_protocols       TLSv1.1 TLSv1.2;
    
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        large_client_header_buffers  4 32k;

        # External settings, do not remove
        #ENV_ACCESS_LOG
        error_page 497 https://$host:$server_port$request_uri;

        proxy_set_header Host            $host:$server_port;
        proxy_set_header X-Real-IP       $remote_addr;
        proxy_redirect http:// https://;

        # Protect access to SOLR APIs
        location ~ ^(/.*/service/api/solr/.*)$ {return 403;}
        location ~ ^(/.*/s/api/solr/.*)$ {return 403;}
        location ~ ^(/.*/wcservice/api/solr/.*)$ {return 403;}
        location ~ ^(/.*/wcs/api/solr/.*)$ {return 403;}

        location ~ ^(/.*/proxy/alfresco/api/solr/.*)$ {return 403 ;}
        location ~ ^(/.*/-default-/proxy/alfresco/api/.*)$ {return 403;}

        # Alfresco Repository
        location /alfresco/ {
            proxy_pass http://alfresco:8080;
        }

        # SOLR Web Console (Master)
        location /solr/ {
            proxy_pass http://solr6:8983;

            # Basic authentication
            auth_basic "Solr web console";
            auth_basic_user_file /etc/nginx/conf.d/nginx.htpasswd;
        }

        # Alfresco Share Web App
        location /share/ {
            proxy_pass http://share:8080;
        }

        # Alfresco Content App
        location / {
            proxy_pass http://alfresco:8080;
        }
    }
}
3 REPLIES 3

EddieMay
World-Class Innovator
World-Class Innovator

Hi @mmagowski,

Currently investigating this issue. Will update when I have some news. 

Digital Community Manager, Alfresco Software.
Problem solved? Click Accept as Solution!

EddieMay
World-Class Innovator
World-Class Innovator

Hi @mmagowski,

Have you had a look here https://docs.alfresco.com/sso/topics/kerberos.html

Let me know if this helps.

Digital Community Manager, Alfresco Software.
Problem solved? Click Accept as Solution!

mmagowski
Champ in-the-making
Champ in-the-making

Yep I saw that. I can't find any mistakes and we have working conf with SSO with nginx, kerberos, ad on alfresco 2019.01. I don't think only we have a problem, becouse we have same config working 2019.01-ga. Base on clean alfresco. So our .env file now looks like that.

# Community
ALFRESCO_CE_TAG=6.1.2-ga
SEARCH_CE_TAG=1.4.0
SHARE_TAG=6.1.0
ACA_TAG=master-latest
POSTGRES_TAG=11.4
API_EXPLORER_TAG=6.0.7-ga
TRANSFORM_ENGINE_TAG=2.1.0
ACTIVEMQ_TAG=5.15.8

If we switch config to newest:

# Community
ALFRESCO_CE_TAG=6.2.0-ga
SEARCH_CE_TAG=1.4.0
SHARE_TAG=6.2.0
ACA_TAG=master-latest
POSTGRES_TAG=11.4
API_EXPLORER_TAG=6.2.0
TRANSFORM_ENGINE_TAG=2.1.0
ACTIVEMQ_TAG=5.15.8

We will have 500 for each post request after login to alfresco. In 2019.01 we don't have this problem. Same configuration only change of .env. 

Don't get me wrong I would love to use 2019.11, but for now we upgraded only to 2019.01 becouse of this (we were upgrading alfresco from 201701-ga).