I probably find a bug in alfresco 2019.11 which stopped us from upgrading to 6.2.
We have problem on clean alfresco base on docker-compose configuration.
Problem exists in: 2019.11 with SSO turn on. All post request in system are rejected and have status 500. When you turn off SSO you can send POST requests, for example upload a file.
Our configuration: 2019.11, nginx, docker-compose, SSO, SSL in nginx, Kerberos, AD.
We handle the issue...by not using the newest alfresco We don't have any problems with clean alfresco and 201901 with same configuration. We were testing this in simple fashion, just simply changing .env file for docker-compose and docker files. We not changing anything in configuration, only changing version for alfresco repository and alfresco share.
Nginx configuration:
worker_processes 1; events { worker_connections 1024; } http { sendfile on; server { listen 443 ssl; client_max_body_size 0; set $allowOriginSite *; proxy_pass_request_headers on; proxy_pass_header Set-Cookie; ssl_certificate /etc/nginx/client.crt; ssl_certificate_key /etc/nginx/client.key; ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!RC4:!MD5:!DES; ssl_protocols TLSv1.1 TLSv1.2; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; large_client_header_buffers 4 32k; # External settings, do not remove #ENV_ACCESS_LOG error_page 497 https://$host:$server_port$request_uri; proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_redirect http:// https://; # Protect access to SOLR APIs location ~ ^(/.*/service/api/solr/.*)$ {return 403;} location ~ ^(/.*/s/api/solr/.*)$ {return 403;} location ~ ^(/.*/wcservice/api/solr/.*)$ {return 403;} location ~ ^(/.*/wcs/api/solr/.*)$ {return 403;} location ~ ^(/.*/proxy/alfresco/api/solr/.*)$ {return 403 ;} location ~ ^(/.*/-default-/proxy/alfresco/api/.*)$ {return 403;} # Alfresco Repository location /alfresco/ { proxy_pass http://alfresco:8080; } # SOLR Web Console (Master) location /solr/ { proxy_pass http://solr6:8983; # Basic authentication auth_basic "Solr web console"; auth_basic_user_file /etc/nginx/conf.d/nginx.htpasswd; } # Alfresco Share Web App location /share/ { proxy_pass http://share:8080; } # Alfresco Content App location / { proxy_pass http://alfresco:8080; } } }
Hi @mmagowski,
Currently investigating this issue. Will update when I have some news.
Hi @mmagowski,
Have you had a look here https://docs.alfresco.com/sso/topics/kerberos.html?
Let me know if this helps.
Yep I saw that. I can't find any mistakes and we have working conf with SSO with nginx, kerberos, ad on alfresco 2019.01. I don't think only we have a problem, becouse we have same config working 2019.01-ga. Base on clean alfresco. So our .env file now looks like that.
# Community ALFRESCO_CE_TAG=6.1.2-ga SEARCH_CE_TAG=1.4.0 SHARE_TAG=6.1.0 ACA_TAG=master-latest POSTGRES_TAG=11.4 API_EXPLORER_TAG=6.0.7-ga TRANSFORM_ENGINE_TAG=2.1.0 ACTIVEMQ_TAG=5.15.8
If we switch config to newest:
# Community ALFRESCO_CE_TAG=6.2.0-ga SEARCH_CE_TAG=1.4.0 SHARE_TAG=6.2.0 ACA_TAG=master-latest POSTGRES_TAG=11.4 API_EXPLORER_TAG=6.2.0 TRANSFORM_ENGINE_TAG=2.1.0 ACTIVEMQ_TAG=5.15.8
We will have 500 for each post request after login to alfresco. In 2019.01 we don't have this problem. Same configuration only change of .env.
Don't get me wrong I would love to use 2019.11, but for now we upgraded only to 2019.01 becouse of this (we were upgrading alfresco from 201701-ga).
Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.
Related links:
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.