Hyland Connect

ronekyng · ‎10-15-2024

I install the community edition with docker compose. When I loggin share the first time. It happened. I use the official yaml file and do not use https.

The logs:

2024-10-15T07:28:15,432 [] INFO  [config.packaging.ModulePackageManager] [main] Found 1 module package(s)

2024-10-15T07:28:15,453 [] INFO  [config.packaging.ModulePackageManager] [main] Alfresco / Google Docs Share Module, 4.1.0, The Share side artifacts of the Alfresco / Google Docs Integration.

2024-10-15T07:28:18,426 [] INFO  [extensions.webscripts.TemplateProcessorRegistry] [main] Registered template processor freemarker for extension ftl

2024-10-15T07:28:18,438 [] INFO  [extensions.webscripts.ScriptProcessorRegistry] [main] Registered script processor javascript for extension js

2024-10-15T07:28:18,439 [] INFO  [extensions.webscripts.TemplateProcessorRegistry] [main] Registered template processor freemarker for extension ftl

2024-10-15T07:28:18,445 [] INFO  [extensions.webscripts.ScriptProcessorRegistry] [main] Registered script processor javascript for extension js

2024-10-15T07:28:22,213 [] INFO  [extensions.webscripts.DeclarativeRegistry] [main] Registered 384 Web Scripts (+0 failed), 402 URLs

2024-10-15T07:28:22,217 [] INFO  [extensions.webscripts.DeclarativeRegistry] [main] Registered 8 Package Description Documents (+0 failed) 

2024-10-15T07:28:22,225 [] INFO  [extensions.webscripts.DeclarativeRegistry] [main] Registered 0 Schema Description Documents (+0 failed) 

2024-10-15T07:28:22,500 [] INFO  [extensions.webscripts.AbstractRuntimeContainer] [main] Initialised Surf Container Web Script Container (in 4009.2954ms)

2024-10-15T07:28:22,505 [] INFO  [extensions.webscripts.TemplateProcessorRegistry] [main] Registered template processor freemarker for extension ftl

2024-10-15T07:28:22,506 [] INFO  [extensions.webscripts.ScriptProcessorRegistry] [main] Registered script processor javascript for extension js

2024-10-15T07:28:22,696 [] INFO  [site.servlet.AIMSFilter] [main] Initializing the AIMS filter.

2024-10-15T07:28:22,696 [] INFO  [site.servlet.AIMSFilter] [main] AIMS filter initialized.

15-Oct-2024 07:28:22.983 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/tomcat/webapps/share] has finished in [73,849] ms

15-Oct-2024 07:28:23.012 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"]

15-Oct-2024 07:28:23.082 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in [74414] milliseconds

2024-10-15T08:13:23,251 [] INFO  [web.site.EditionInterceptor] [http-nio-8080-exec-3] Successfully retrieved license information from Alfresco.

2024-10-15T08:13:34,185 [] INFO  [webscripts.servlet.CSRFFilter] [http-nio-8080-exec-5] Possible CSRF attack noted when asserting referer header 'http://192.168.110.170:8080/share/page/'. Request: POST /share/page/dologin

2024-10-15T08:13:34,381 [] ERROR [alfresco.web.site] [http-nio-8080-exec-5] jakarta.servlet.ServletException: Possible CSRF attack noted when asserting referer header 'http://192.168.110.170:8080/share/page/'. Request: POST /share/page/dologin, FAILED TEST: Assert referer POST /share/page/dologin :: referer: 'http://192.168.110.170:8080/share/page/' vs server & context: http://192.168.110.170/ (string) or http://localhost:8080/share/.* (regexp)

2024-10-15T08:53:29,185 [] INFO  [webscripts.servlet.CSRFFilter] [http-nio-8080-exec-9] Possible CSRF attack noted when asserting referer header 'http://192.168.110.170:8080/share/page/'. Request: POST /share/page/dologin

2024-10-15T08:53:29,209 [] ERROR [alfresco.web.site] [http-nio-8080-exec-9] jakarta.servlet.ServletException: Possible CSRF attack noted when asserting referer header 'http://192.168.110.170:8080/share/page/'. Request: POST /share/page/dologin, FAILED TEST: Assert referer POST /share/page/dologin :: referer: 'http://192.168.110.170:8080/share/page/' vs server & context: http://192.168.110.170/ (string) or http://localhost:8080/share/.* (regexp)

2024-10-15T08:53:58,208 [] INFO  [webscripts.servlet.CSRFFilter] [http-nio-8080-exec-3] Possible CSRF attack noted when asserting referer header 'http://192.168.110.170:8080/share/page/'. Request: POST /share/page/dologin

2024-10-15T08:53:58,211 [] ERROR [alfresco.web.site] [http-nio-8080-exec-3] jakarta.servlet.ServletException: Possible CSRF attack noted when asserting referer header 'http://192.168.110.170:8080/share/page/'. Request: POST /share/page/dologin, FAILED TEST: Assert referer POST /share/page/dologin :: referer: 'http://192.168.110.170:8080/share/page/' vs server & context: http://192.168.110.170/ (string) or http://localhost:8080/share/.* (regexp)

Paudiger · ‎10-15-2024

Hello,

What ACS and Share version do you use ?
What link are you using to navigate on Share ? (Written :8080 for the port in the log but i think it is :8180 in the default configuration)
Do you have access to ACS ?

ronekyng · ‎10-15-2024

hello,

Thank you for your reply.

I use the lasted version of acs and share.

  services:
  alfresco:
    image: docker.io/alfresco/alfresco-content-repository-community:23.3.0

  share:
    image: docker.io/alfresco/alfresco-share:23.3.2

The port of share is 8080 as the default.

I can visit ACS correctly

angelborroy · ‎10-16-2024

The key part of the error is this comparison:

Referer header: 'http://192.168.110.170:8080/share/page/'
Expected referer: 'http://192.168.110.170/' (or a regular expression: http://localhost:8080/share/.*)

The mismatch happens because the referer includes the port (:8080) while the expected value does not.

Correct the CSRF_FILTER_REFERER environment variable in your compose.yaml file

Hyland Developer Evangelist

ronekyng · ‎10-16-2024

Thank you,

I use the office yaml file . It include the port.

share:
    image: docker.io/alfresco/alfresco-share:23.3.2
    mem_limit: 1g
    environment:
      CSRF_FILTER_ORIGIN: http://localhost:8080
      CSRF_FILTER_REFERER: http://localhost:8080/share/.*
      REPO_HOST: "alfresco"
      REPO_PORT: "8080"
      JAVA_OPTS: >-
        -XX:MinRAMPercentage=50
        -XX:MaxRAMPercentage=80
        -Dalfresco.host=localhost
        -Dalfresco.port=8080
        -Dalfresco.context=alfresco
        -Dalfresco.protocol=http
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.share.rule=PathPrefix(`/share`)"
      - "traefik.http.services.share.loadbalancer.server.port=8080"
      - "traefik.http.routers.proxiedsolrapideny.rule=PathRegexp(`^/share/proxy/alfresco(-(noauth|feed|api))?/api/solr
/`)"
      - "traefik.http.middlewares.sharefakeauth.basicauth.users=fake:"
      - "traefik.http.routers.proxiedsolrapideny.middlewares=sharefakeauth@docker"

ronekyng · ‎10-16-2024

I forgot on thing:

I use the officail compsose yaml file like:

 alfresco:
    image: docker.io/alfresco/alfresco-content-repository-community:23.3.0
    mem_limit: 1900m
    environment:
      JAVA_TOOL_OPTIONS: >-
        -Dencryption.keystore.type=JCEKS
        -Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding
        -Dencryption.keyAlgorithm=DESede
        -Dencryption.keystore.location=/usr/local/tomcat/shared/classes/alfresco/extension/keystore/keystore
        -Dmetadata-keystore.password=mp6yc0UD9e
        -Dmetadata-keystore.aliases=metadata
        -Dmetadata-keystore.metadata.password=oKIWzVdEdA
        -Dmetadata-keystore.metadata.algorithm=DESede
      JAVA_OPTS: >-
        -Ddb.driver=org.postgresql.Driver
        -Ddb.username=alfresco
        -Ddb.password=alfresco
        -Ddb.url=jdbc:postgresql://postgres:5432/alfresco
        -Dsolr.host=solr6
        -Dsolr.port=8983
        -Dsolr.http.connection.timeout=1000
        -Dsolr.secureComms=secret
        -Dsolr.sharedSecret=secret
        -Dsolr.base.url=/solr
        -Dindex.subsystem.name=solr6
        -Dshare.host=127.0.0.1
        -Dshare.port=8080
        -Dalfresco.host=localhost
        -Dalfresco.port=8080
        -Dcsrf.filter.enabled=false
        -Daos.baseUrlOverwrite=http://localhost:8080/alfresco/aos
        -Dmessaging.broker.url="failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true"
        -Ddeployment.method=DOCKER_COMPOSE
        -DlocalTransform.core-aio.url=http://transform-core-aio:8090/
        -XX:MinRAMPercentage=50
        -XX:MaxRAMPercentage=80
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.alfresco.rule=PathPrefix(`/`)"
      - "traefik.http.services.alfresco.loadbalancer.server.port=8080"
      - "traefik.http.routers.solrapideny.rule=PathRegexp(`^/alfresco/(wc)?s(ervice)?/api/solr/.*$`)"
      - "traefik.http.middlewares.acsfakeauth.basicauth.users=fake:"
      - "traefik.http.routers.solrapideny.middlewares=acsfakeauth@docker"

when I compose up , erro occured:

ERROR: Invalid interpolation format for "labels" option in service "alfresco": "traefik.http.routers.solrapideny.rule=PathRegexp(`^/alfresco/(wc)?s(ervice)?/api/solr/.*$`)"

gionn · ‎10-16-2024

Hello, we introduced traefik quite recently, I think this may have to do with the compose version you are using.

Can you provide the output of docker compose version and docker version commands?

ronekyng · ‎10-16-2024

Thank you, here is the output:

root@alfresco:/var/acs/docker-compose# docker compose version
Docker Compose version v2.29.7
root@alfresco:/var/acs/docker-compose# docker version
Client: Docker Engine - Community
 Version:           27.3.1
 API version:       1.47
 Go version:        go1.22.7
 Git commit:        ce12230
 Built:             Fri Sep 20 11:41:00 2024
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          27.3.1
  API version:      1.47 (minimum version 1.24)
  Go version:       go1.22.7
  Git commit:       41ca978
  Built:            Fri Sep 20 11:41:00 2024
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.7.22
  GitCommit:        7f7fdf5fed64eb6a7caf99b3e12efcf9d60e311c
 runc:
  Version:          1.1.14
  GitCommit:        v1.1.14-0-g2c9f560
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0
root@alfresco:/var/acs/docker-compose#

gionn · ‎10-17-2024

You are running on latest version of everything, which works fine for me with the current community-docker-compose.yml you can fetch from https://github.com/Alfresco/acs-deployment/blob/b54b5142083d945d5134639e6a2b798da91ced9b/docker-comp...

Can you try with it as well, without further changes?

If it works then compare your faulty yaml with the upstream one with something like https://www.yamldiff.com/ that may help in understanding what's going on.

That specific Invalid interpolation format for xxxx seems related to the usage of ${ which is the compose way of injecting environment variables, which need to be escaped by replacing it with $${, however I don't see any usage of that in the compose you pasted, so I am not really sure what's your issue is really about.

ronekyng · ‎10-17-2024

Thank you very much,

I may have found the source of the Traefik error issue: I installed Docker and Docker Compose using a Chinese source, and there might be some problems with the versions of these software.

I tried the ommunity-compose.yaml file from https://github.com/Alfresco/acs-deployment/blob/b54b5142083d945d5134639e6a2b798da91ced9b/docker-comp... and do not modify any thing, but unfortunately, erro occured again.

I do this on a LXC container with ubuntu 22.04，I don't know if it's related to this.

Hyland Connect

Something's wrong with this page...When login share