archiva-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin <marti...@apache.org>
Subject Re: help with upgrade -- CSRF / Redback / proxy
Date Wed, 31 May 2017 20:15:02 GMT
Yes, thats the right place to configure it. 

redback properties have been moved to  archiva.xml
Inside the 
<redbackRuntimeConfiguration>
<configurationProperties>
...
</configurationProperties>
</redbackRuntimeConfiguration>
Element.

This section is also changed, when you change the Redback Runtime properties 
by the WebUI:
http://archiva.apache.org/docs/2.2.3/adminguide/redback-runtime-configuration.html#Runtime_properties

But in this case editing via WebUI only works, if you have a browser behind 
the reverse proxy. So you may want to edit the archiva.xml manually

In your case this should be:
<redbackRuntimeConfiguration>
...
<configurationProperties>
...
      <rest>
        <csrffilter>
          <enabled>false</enabled>
          <disableTokenValidation>false</disableTokenValidation>
          <absentorigin>
            <deny>true</deny>
          </absentorigin>
        </csrffilter>
        <baseUrl>http://dev.server.com:99999</baseUrl>
      </rest>
...
</configurationProperties>
...
</redbackRuntimeConfiguration>

Info about configuration files can be found at:
http://archiva.apache.org/docs/2.2.3/adminguide/configuration-files.html


Greetings

Martin


Am Mittwoch, 31. Mai 2017, 21:41:02 CEST schrieb Niranjan Babu Bommu:
> I had same problem when I upgarded archiva, issue was fixed by adding
> rest.baseUrl in archiva.xml and restart archiva
> 
> <https://archiva-repository.apache.org/>
> rest.baseUrl=.https://dev.server.com/archiva
> 
> 
> On Wed, May 31, 2017 at 2:35 PM, Adam Brin <abrin@digitalantiquity.org>
> 
> wrote:
> > Hi,
> > 
> >  We proxy our archiva install behind nginx such that
> > 
> > https://dev.server.com/archiva/ —> http://localhost:99999/ . I’ve been
> > trying to read the documentation on how to update, but I’m afraid, I’m a
> > bit lost.  A few questions:
> > 
> > Where is the redback config stored, is it in apps/archiva/WEB-INF/classes/
> > org/apache/archiva/redback-security.properties ?   If so, can this be
> > added to the doc, and also, moved into the conf/ directory? If not, where
> > is it?
> > when I start archiva and go to the URL, I get the following warning…
> > Referer Header does not match: refererUrl=https://dev.server.com/archiva/,
> > targetUrl=http://dev.tdar.org. Matches: Host=true, Port=false . But, I
> > don’t see how to fix the port issue according to the doc (
> > http://archiva.apache.org/redback/configuration.html#
> > REST_security_settings).
> > 
> > help?
> > 
> > thanks



Mime
View raw message