I am using docker compose for xwiki/10/mysql-tomcat. I would like to setup nginx to handle SSL for listening to 443 port, then proxy pass to 8080, which is what xwiki is listening to.
By following https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Installation/InstallationWAR/InstallationTomcat/#HNginxproxyingforTomcatapplications , I run into issues when trying to create a page using template. Create page without template is fine.
The error message on browser console is:
Access to XMLHttpRequest at āhttp://localhost/rest/jobstatus/refactoring/create/1545271795343-382?media=json ā (redirected from āhttps://localhost/bin/preview/Sandbox/3213211312/WebHome ā) from origin āhttps://localhost ā has been blocked by CORS policy: Response to preflight request doesnāt pass access control check: Redirect is not allowed for a preflight request.
My Nginx config is:
server {
listen 80;
server_name localhost;
return 301 https://$host$request_uri;
}
#Proxy https to 8080 port inside docker container
server {
listen 443;
ssl on;
ssl_certificate /etc/nginx/ssl/abc.crt;
ssl_certificate_key /etc/nginx/ssl/abc.key;
ssl_trusted_certificate /etc/nginx/ssl/abc/TrustedRoot.crt;
server_name localhost;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Scheme $scheme;
if (!-f $request_filename) {
proxy_pass http://127.0.0.1:8080; break;
}
}
location ~ /.well-known{
allow all; }
}
Iāve already made the changes on server.xml and set xwiki.url.protocol=https on xwiki.cfg. Please help.
felher
January 1, 2019, 2:51pm
2
Hi,
I canāt offer any solution, but this might be related to or even be the same issue as Page hangs on save (Save 0%...). However, save is successful
MB-gam
January 2, 2019, 8:22am
3
My nginx config (sites-enabled) was this:
upstream tomcat {
server 127.0.0.1:8080 fail_timeout=0;
keepalive 64;
}
#HTTP
server {
listen 80; #if this is not a default server, remove ādefault_serverā
listen [::]:80 ipv6only=on;
server_name wiki.XXX.de;
#redirect non-SSL to SSL
location / {
rewrite ^ https://wiki.XXX.de permanent;
}
}
https server
server {
listen 443 ssl http2; # we enable HTTP/2 here (previously SPDY)
server_name wiki.XXX.de ; # this domain must match Common Name (CN) in the SSL certificate
#ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
#ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_certificate /etc/nginx/ssl/STAR_XXX_de.pem;
ssl_certificate_key /etc/nginx/ssl/STAR_XXX_de.pem;
# If your application is not compatible with IE <= 10, this will redirect visitors to a page advising a browser update
# This works because IE 11 does not present itself as MSIE anymore
if ($http_user_agent ~ "MSIE" ) {
return 303 https://browser-update.org/update.html;
}
location / {
try_files $uri /xwiki;
}
location /xwiki {
client_max_body_size 20M;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_request_headers on;
proxy_set_header Connection ākeep-aliveā;
proxy_store off;
proxy_headers_hash_max_size 512;
proxy_pass http://127.0.0.1:8080/xwiki;
}
}
Thanks all. Will try it out and reply back!
Hi @MB-gam Have you tried creating page with template? Are you able to click save & view without error?
HI @felher yes it certainly look like the same issues. Iām trying to setup nginx in front of the docker container. Looks like the wiki.home is not being used somewhere in the xwiki source code. it still refers to wrong url.
MB-gam
January 22, 2019, 10:15am
7
Yepp, if it is only text it works.
If i take pictures with copy&paste in it i get a error message, but all is savedā¦
This issue seems similar to Page hangs on save (Save 0%...). However, save is successful - #25 by tmortagne (setup issue with the application server and not exactly XWiki itself).
MB-gam
April 26, 2019, 9:48am
9
How you have fixed it? what configuration did you do?
No I didnāt find a way to fix it. We just tell the users to tolerate this ā¦
Iām running similar setup.
To fix multiple issues related to āserving unsecure content over HTTPSā, āBlocked by CORSā, etc
I had to modify server.xml. Documentation says itās going to be:
<Engine name="Catalina" defaultHost="localhost">
<Valve className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="127\.0\.[0-1]\.1"
remoteIpHeader="x-forwarded-for"
requestAttributesEnabled="true"
protocolHeader="x-forwarded-proto"
protocolHeaderHttpsValue="https"/>
but in case you use docker, nginx proxy wonāt be 127.0.0.1, so I just remove internalProxies line:
<Engine name="Catalina" defaultHost="localhost">
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="x-forwarded-for"
requestAttributesEnabled="true"
protocolHeader="x-forwarded-proto"
protocolHeaderHttpsValue="https"/>
1 Like
Thank you, @unadequate . It worked. Fixed the error āFailed to lock the pageā.
My xwiki configuration: Xwiki (on Tomcat9) behind Nginx reverse proxy with SSLs.