Hello,
Issue 1: Mixed Content: The page at ‘https://xwiki.mydomain.local/bin/view/Main/#Attachments ’ was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint ‘http://xwiki.mydomain.local/bin/view/Main/#Attachments ’. This request has been blocked; the content must be served over HTTPS.
it occurs on attachment deletion, comment deletion, attachment upload, object deletion. maybe somewhere else.
Issue 2: REST Nigtmare. Rest API returns
<pageSummary>
<link href="http://xwiki.mydomain.local/rest/wikis/xwiki/spaces/Main/spaces/SPACENAME/spaces/SPACENAME2" ; rel="http://www.xwiki.org/rel/space"/> ;
…
<xwikiRelativeUrl>
https://xwiki.mydomain.local/bin/view/Main/SPACENAME/SPACENAME2/page1
</xwikiRelativeUrl>
<xwikiAbsoluteUrl>
https://xwiki.mydomain.local/bin/view/Main/SPACENAME/SPACENAME2/page2
</xwikiAbsoluteUrl>
</pageSummary>
How can I get rid of HTTP completely ? I suppose there is something to do with Tomcat, but everything is set as per documentation.
Nginx:
server {
listen 80;
server_name xwiki.mydomain.local;
rewrite ^ https://$server_name$request_uri? permanent;
access_log /var/log/nginx/xwiki-access.log;
error_log /var/log/nginx/xwiki-error.log;
}
server {
listen 443 ssl;
server_name xwiki.mydomain.local;
client_max_body_size 4500m;
ssl_certificate /etc/nginx/ssl/xwiki.mydomain.local.crt;
ssl_certificate_key /etc/nginx/ssl/xwiki.mydomain.local.key;
access_log /var/log/nginx/xwiki-access.log;
error_log /var/log/nginx/xwiki-error.log;
location / {
proxy_pass_request_headers on;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_pass http://127.0.0.1:8080 ;
proxy_read_timeout 600s;
}
}
XWIKI:
xwiki.url.protocol=https is set.
Tomcat:
<Engine name=“Catalina” defaultHost=“localhost”>
<Valve className=“org.apache.catalina.valves.RemoteIpValve”
internalProxies=“127.0.[0-1].1”
remoteIpHeader=“x-forwarded-for”
requestAttributesEnabled=“true”
protocolHeader=“x-forwarded-proto”
protocolHeaderHttpsValue=“https”/>
Hm… I’ve just realized that in my case Tomcat will never get requests from 127.0.0.1
In my case localhost_access_log shows “remote” ip 10.11.0.10 which is host IP in the docker network…
Possibly I have to change Tomcat valve configuration to
internalProxies=“10.11.0.10”
=\
1 Like
chrisby
September 24, 2022, 10:23am
3
Hey,
thank you for providing your settings and solution. I found it very helpful for setting up my own XWiki instance via Docker. I used this knowledge to automate the entire XWiki setup process and get rid of those details. Now all that’s required is running a script from my repository to deploy a LetsEncrypt certificate. Maybe it will be helpful for someone who is struggling with the same issues.
Best regards
Chris
Hey chrisby
I try to see you repository and it’s not found hehe
How you deal with that error?
Hi. I have since deleted my repository. However, I found a more convenient way to install XWiki via Docker using another reverse proxy called ‘traefik’. Below is my ‘docker-compose.yml’, which I use for a quick setup, using a domain and server with public IP. Just replace the and run “docker-compose up -d”. You may want to update the image tags to the latest versions first, but it should still work. See my website for more information.
version: "3.3"
volumes:
traefik:
xwiki:
postgres:
services:
traefik:
image: "traefik:v2.10.4"
container_name: "traefik"
restart: unless-stopped
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
# - "--certificatesresolvers.myresolver.acme.email=<email>" # optional
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
# Uncomment for test mode. This allows detailed logging and creation of a fake certificate.
# - "--log.level=DEBUG"
# - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
ports:
- "443:443"
volumes:
- "traefik:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
xwiki:
image: "xwiki:15.7.0-postgres-tomcat"
container_name: xwiki-web
restart: unless-stopped
depends_on:
- db
environment:
- DB_USER=xwiki
- DB_PASSWORD=<DB_USER_PASSWORD>
- DB_HOST=xwiki-postgres-db
volumes:
- xwiki:/usr/local/xwiki
labels:
- "traefik.enable=true"
- "traefik.http.routers.xwiki.rule=Host(`<subdomain>`)"
- "traefik.http.routers.xwiki.entrypoints=websecure"
- "traefik.http.routers.xwiki.tls.certresolver=myresolver"
db:
image: "postgres:13.9"
container_name: xwiki-postgres-db
restart: unless-stopped
volumes:
- postgres:/var/lib/postgresql/data
environment:
- POSTGRES_ROOT_PASSWORD=<DB_ROOT_PASSWORD>
- POSTGRES_PASSWORD=<DB_USER_PASSWORD>
- POSTGRES_USER=xwiki
- POSTGRES_DB=xwiki
- POSTGRES_INITDB_ARGS="--encoding=UTF8"
1 Like