Hello, I have been using Alfresco for some time now through Docker. I recently had to configure Nginx to run on port 443 using SSL. After making this change only in Nginx the Share application can no longer communicate with Alfresco. When logging in the following error occurs:
We may have encountered an error, or maybe something has been removed or deleted, so check to see if the URL is correct.
It is also possible that you do not have permission to view the page (it may be part of a private site) or that an internal error has occurred. Contact your IT staff.
If you are trying to access the home page and it is no longer available, change it by clicking its name on the toolbar.
Where should I change in SHARE so that it can connect to alfresco?
Thank you very much in advance.
Take a look at this project:
https://github.com/Alfresco/alfresco-docker-installer
Basically, you need to add the proxy properties to Tomcat connector.
You can find sample nginx configuration here
https://github.com/loftuxab/alfresco-ubuntu-install/blob/master/nginx/alfresco.conf.ssl
You should also verify you CSRFPolicy configuration in share-config-custom, see a sample here
https://github.com/loftuxab/alfresco-ubuntu-install/blob/master/tomcat/share-config-custom.xml#L23
You'll see the reason in tomcat's catalina.out (repository tier). As @loftux stated the CSRFPolicy may be your issue. If you only want to access share from your nginx the easiest way would be to set alfresco.host and alfresco.port to your nginx virtual host. So you don't need open up / configure the default CSRFPolicy .
In nginx you should also set the X-Forwarded-* header to remap them in tomcat's server.xml to avoid trouble with DAV and AOS. e.g. by setting RemoteIpValve:
<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="x-forwarded-for" remoteIpProxiesHeader="x-forwarded-by" protocolHeader="x-forwarded-proto" />
best practice is also to set up custom (tomcat) connectors to be used by nginx only. This example listens only on localhost and expects requests using http (take a look on scheme and secure):
<!-- Connectors for reverse proxy (nginx) --> <Connector port="8081" address="localhost" URIEncoding="UTF-8" protocol="HTTP/1.1" maxThreads="300" connectionTimeout="600000" maxHttpHeaderSize="32768" redirectPort="443" disableUploadTimeout="false" proxyPort="443" scheme="https" secure="false" sslProtocol="TLS" maxSavePostSize="-1" /> <Connector port="8082" address="localhost" URIEncoding="UTF-8" protocol="HTTP/1.1" maxThreads="300" connectionTimeout="600000" maxHttpHeaderSize="32768" redirectPort="80" disableUploadTimeout="false" proxyPort="80" scheme="http" secure="false" maxSavePostSize="-1" />
last, but not least you need to set the external url for AOS
aos.baseUrlOverwrite=https://alfresco.mycompany.com/alfresco/aos
since aos does not respect the proxyName for the online edit action in share.
Hello, I was able to make the SHARE application connect to alfresco by adding the content in Dockerfile as:
https://github.com/keensoft/docker-alfresco/wiki/Running-the-service-behind-an-SSL-Proxy
But now, when I access SHARE, I have the following error:
2019-09-20 16:31:29,757 ERROR [extensions.webscripts.AbstractRuntime] [http-nio-8080-exec-9] Exception from executeScript: 08200045 Wrapped Exception (with status template): 08200162 Request failed 500 /solr/alfresco/afts?wt=json&locale=pt_BR&stats=true&rows=0&stats.field=content.size&stats.facet=%40%7Bhttp%3A%2F%2Fwww.alfresco.org%2Fmodel%2Fcontent%2F1.0%7Dcreator.__ org.springframework.extensions.webscripts.WebScriptException: 08200045 Wrapped Exception (with status template): 08200162 Request failed 500 /solr/alfresco/afts?wt=json&locale=pt_BR&stats=true&rows=0&stats.field=content.size&stats.facet=%40%7Bhttp%3A%2F%2Fwww.alfresco.org%2Fmodel%2Fcontent%2F1.0%7Dcreator.__ at org.springframework.extensions.webscripts.AbstractWebScript.createStatusException(AbstractWebScript.java:1139) at org.springframework.extensions.webscripts.DeclarativeWebScript.execute(DeclarativeWebScript.java:171) at org.alfresco.repo.web.scripts.RepositoryContainer$3.execute(RepositoryContainer.java:519) at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:450) at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecute(RepositoryContainer.java:595) at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecuteAs(RepositoryContainer.java:664) at org.alfresco.repo.web.scripts.RepositoryContainer.executeScriptInternal(RepositoryContainer.java:435) at org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:315) at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:399) at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:210) at org.springframework.extensions.webscripts.servlet.WebScriptServlet.service(WebScriptServlet.java:132) at org.alfresco.repo.web.scripts.AlfrescoWebScriptServlet.service(AlfrescoWebScriptServlet.java:43) at javax.servlet.http.HttpServlet.service(HttpServlet.java:742) at jdk.internal.reflect.GeneratedMethodAccessor561.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279) at java.base/java.security.AccessController.doPrivileged(Native Method) at java.base/javax.security.auth.Subject.doAsPrivileged(Subject.java:550) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:170) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:225) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145) at java.base/java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at jdk.internal.reflect.GeneratedMethodAccessor558.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279) at java.base/java.security.AccessController.doPrivileged(Native Method) at java.base/javax.security.auth.Subject.doAsPrivileged(Subject.java:550) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145) at java.base/java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) at org.alfresco.module.aosmodule.service.ContextRootFilter.doFilter(ContextRootFilter.java:93) at jdk.internal.reflect.GeneratedMethodAccessor558.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279) at java.base/java.security.AccessController.doPrivileged(Native Method) at java.base/javax.security.auth.Subject.doAsPrivileged(Subject.java:550) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145) at java.base/java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:68) at jdk.internal.reflect.GeneratedMethodAccessor558.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279) at java.base/java.security.AccessController.doPrivileged(Native Method) at java.base/javax.security.auth.Subject.doAsPrivileged(Subject.java:550) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145) at java.base/java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) at org.alfresco.web.app.servlet.ClearSecurityContextFilter.doFilter(ClearSecurityContextFilter.java:53) at jdk.internal.reflect.GeneratedMethodAccessor558.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279) at java.base/java.security.AccessController.doPrivileged(Native Method) at java.base/javax.security.auth.Subject.doAsPrivileged(Subject.java:550) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145) at java.base/java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:800) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:806) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.base/java.lang.Thread.run(Thread.java:834) Caused by: org.alfresco.repo.search.impl.lucene.LuceneQueryParserException: 08200162 Request failed 500 /solr/alfresco/afts?wt=json&locale=pt_BR&stats=true&rows=0&stats.field=content.size&stats.facet=%40%7Bhttp%3A%2F%2Fwww.alfresco.org%2Fmodel%2Fcontent%2F1.0%7Dcreator.__ at org.alfresco.repo.search.impl.solr.AbstractSolrQueryHTTPClient.postQuery(AbstractSolrQueryHTTPClient.java:108) at org.alfresco.repo.search.impl.solr.SolrQueryHTTPClient.postSolrQuery(SolrQueryHTTPClient.java:1115) at org.alfresco.repo.search.impl.solr.SolrQueryHTTPClient.postSolrQuery(SolrQueryHTTPClient.java:1108) at org.alfresco.repo.search.impl.solr.SolrQueryHTTPClient.executeStatsQuery(SolrQueryHTTPClient.java:313) at org.alfresco.repo.search.impl.solr.SolrQueryHTTPClient.executeStatsQuery(SolrQueryHTTPClient.java:1) at org.alfresco.repo.search.impl.solr.SolrQueryLanguage.executeStatsQuery(SolrQueryLanguage.java:62) at org.alfresco.repo.search.impl.solr.SolrStatsService.query(SolrStatsService.java:61) at jdk.internal.reflect.GeneratedMethodAccessor670.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566) at org.alfresco.repo.management.subsystems.SubsystemProxyFactory$1.invoke(SubsystemProxyFactory.java:79) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212) at com.sun.proxy.$Proxy253.query(Unknown Source) at org.alfresco.repo.web.scripts.solr.StatsGet.executeImpl(StatsGet.java:126) at org.springframework.extensions.webscripts.DeclarativeWebScript.execute(DeclarativeWebScript.java:64) ... 107 more
1. Witch tomcat server.xml sould contein "RemoteIpValve": repo or share?
2. The same question is about "Connectors for reverse proxy (nginx)" ?
3. Does it requaired parameter aos.sitePathOverwrite=/alfresco/aos ?
Hi renato_fritola,
Could you solve this problem?
I have the same situation.
You can share?
With best regards.
Zé Brasil
Hi loftux,
The Alfresco Content Services mobile app does not communicate with sites that have the ssl protocol.
I installed Let's Encrypt on a website.
Sites with http connects normally
When trying to connect through the application, the following error message occurs:
Save Account
Couldn't save account. Check your account settings with your IT Team
Retry with diagnostic
Done
Clicking on Retry with diagnosis.
Go through the steps with the exception of Checking repository connection
Any configuration to be done?
Thank you.
José Roberto.
Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.
Related links:
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.