更新 SSL 證書后出現 Alfresco 共享登錄錯誤
[英]Alfresco Share Login Error after updating SSL certs
問題描述
我在使用配置域的 Ubuntu 機器上使用 Alfresco 獨立社區版。 SSL 證書將在一周內到期,所以我更新了 nginx.conf 中的新域 crt 和密鑰更新后登錄共享得到以下錯誤但舊域仍然處於活動狀態並且能夠登錄以共享甚至新域證書和密鑰是配置。
Something's wrong with this page...
We may have hit an error or something might have been removed or deleted, so check that the URL is correct.
Alternatively you might not have permission to view the page (it could be on a private site) or there could have been an internal error. Try checking with your IT team.
If you're trying to get to your home page and it's no longer available you should change it by clicking your name on the toolbar
nginx.conf(舊配置)
events {}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
index index.html index.htm;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name old.domain.com;
return 301 https://$host$request_uri;
location / {
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 504 /50x.html;
location = /50x.html {
}
}
}
server{
listen 80;
listen 443 ssl;
server_name new.domain.com;
return 301 https://old.domain.com/share;
}
server {
listen 443 default ssl;
server_name old.domain.com;
access_log on;
ssl on;
ssl_certificate /etc/nginx/ssl/OLD.DOMAIN.COM.crt;
ssl_certificate_key /etc/nginx/ssl/old.domain.key;
location / {
client_max_body_size 4000M;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080;
sub_filter_types text/javascript;
sub_filter_once off;
sub_filter '<img src="http://www.alfresco.com/assets/images/logos/community-5.2-share.png' '<img src="test';
sub_filter '<a href="http://www.alfresco.com/services/support/communityterms/#support' '<a href="test';
}
}
}
nginx 配置(新)
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name new.domain.com;
return 301 https://$host$request_uri;
location / {
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 504 /50x.html;
location = /50x.html {
}
}
}
server {
listen 443 default ssl;
server_name new.domain.com;
access_log on;
ssl on;
ssl_certificate /etc/nginx/ssl/NEW.DOMAIN.COM.crt;
ssl_certificate_key /etc/nginx/ssl/new.domain.com.key;
location / {
client_max_body_size 4000M;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080;
}
}
}
在web中經歷過類似的情況,有人建議更改端口號和代理傳遞等參數,server.xml更改。 可能是我錯了,但我的問題是,在更新新域證書獲取共享登錄錯誤后,設置可以正常工作 1 年。
即使使用新證書更新 nginx.conf,也不要將舊證書存儲或緩存為共享是否可以通過舊域訪問。
任何想法或建議都會有很大幫助謝謝
1 個解決方案
解決方案1
0 已采納 2021-06-25 06:05:59
您的錯誤發生在 Alfresco 本身,與證書無關。 如果您檢查正確的日志 (tomcat/logs/catalina.out),您應該會看到您的問題。
我的猜測是您使用的主機名與配置的不同,並且會觸發 Alfresco Share 中的 CSRF 令牌過濾器。
更改 alfresco-global.properties 中的 share.host 和 alfresco.host 或禁用或修改 share-config-custom.xml 中的 CSRF 令牌過濾器
nginx ingress - 使用完整中間鏈CA證書生成SSL證書時出現意外錯誤:證書無效
[英]nginx ingress - unexpected error generating SSL certificate with full intermediate chain CA certs: Invalid certificate
在HAProxy之后的Nginx集群中,更新SSL證書的推薦方法是什么?
[英]What is the recommended way to update SSL certs in a Nginx cluster behind HAProxy?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.