如何解决更新 SSL 证书后出现 Alfresco 共享登录错误
我在使用配置域的 Ubuntu 机器上使用 Alfresco 独立社区版。 SSL 证书将在一周内到期,因此我更新了 Nginx.conf 中的新域 crt 和密钥 在登录共享时更新后出现以下错误,但旧域仍处于活动状态,并且即使配置了新域证书和密钥,也可以登录以共享。
Something's wrong with this page...
We may have hit an error or something might have been removed or deleted,so check that the URL is correct.
Alternatively you might not have permission to view the page (it Could be on a private site) or there Could have been an internal error. Try checking with your IT team.
If you're trying to get to your home page and it's no longer available you should change it by clicking your name on the toolbar
Nginx.conf(旧配置)
events {}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/Nginx/access.log main;
include /etc/Nginx/mime.types;
default_type application/octet-stream;
include /etc/Nginx/conf.d/*.conf;
index index.html index.htm;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name old.domain.com;
return 301 https://$host$request_uri;
location / {
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 504 /50x.html;
location = /50x.html {
}
}
}
server{
listen 80;
listen 443 ssl;
server_name new.domain.com;
return 301 https://old.domain.com/share;
}
server {
listen 443 default ssl;
server_name old.domain.com;
access_log on;
ssl on;
ssl_certificate /etc/Nginx/ssl/OLD.DOMAIN.COM.crt;
ssl_certificate_key /etc/Nginx/ssl/old.domain.key;
location / {
client_max_body_size 4000M;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080;
sub_filter_types text/javascript;
sub_filter_once off;
sub_filter '<img src="http://www.alfresco.com/assets/images/logos/community-5.2-share.png' '<img src="test';
sub_filter '<a href="http://www.alfresco.com/services/support/communityterms/#support' '<a href="test';
}
}
}
Nginx 配置(新)
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name new.domain.com;
return 301 https://$host$request_uri;
location / {
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 504 /50x.html;
location = /50x.html {
}
}
}
server {
listen 443 default ssl;
server_name new.domain.com;
access_log on;
ssl on;
ssl_certificate /etc/Nginx/ssl/NEW.DOMAIN.COM.crt;
ssl_certificate_key /etc/Nginx/ssl/new.domain.com.key;
location / {
client_max_body_size 4000M;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080;
}
}
}
通过web中的类似案例,有人建议更改端口号和代理传递等参数,server.xml更改。可能是我错了,但我的问题是,在更新新域证书获取共享登录错误后,设置可以正常工作 1 年。
即使使用新证书更新 Nginx.conf,也不要将旧证书存储或缓存为共享是否可以通过旧域访问。
任何想法或建议都会有很大帮助 谢谢
解决方法
您的错误发生在 Alfresco 本身,与证书无关。 如果您检查正确的日志 (tomcat/logs/catalina.out),您应该会看到您的问题。
我的猜测是您使用的主机名与配置的不同,这会触发 Alfresco Share 中的 CSRF 令牌过滤器。
更改 alfresco-global.properties 中的 share.host 和 alfresco.host 或禁用或修改 share-config-custom.xml 中的 CSRF 令牌过滤器
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
