archiva-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Brin <ab...@digitalantiquity.org>
Subject Re: help with upgrade -- CSRF / Redback / proxy
Date Thu, 01 Jun 2017 03:02:14 GMT
Martin,
  Thank you, that really helped.  It might be nice to identify some of this
in the upgrade notes for 2.2.3, I definitely missed all of this when I went
to try and figure out what was broken.

- adam

On Wed, May 31, 2017 at 1:15 PM, Martin <martin_s@apache.org> wrote:

> Yes, thats the right place to configure it.
>
> redback properties have been moved to  archiva.xml
> Inside the
> <redbackRuntimeConfiguration>
> <configurationProperties>
> ...
> </configurationProperties>
> </redbackRuntimeConfiguration>
> Element.
>
> This section is also changed, when you change the Redback Runtime
> properties
> by the WebUI:
> http://archiva.apache.org/docs/2.2.3/adminguide/redback-
> runtime-configuration.html#Runtime_properties
>
> But in this case editing via WebUI only works, if you have a browser behind
> the reverse proxy. So you may want to edit the archiva.xml manually
>
> In your case this should be:
> <redbackRuntimeConfiguration>
> ...
> <configurationProperties>
> ...
>       <rest>
>         <csrffilter>
>           <enabled>false</enabled>
>           <disableTokenValidation>false</disableTokenValidation>
>           <absentorigin>
>             <deny>true</deny>
>           </absentorigin>
>         </csrffilter>
>         <baseUrl>http://dev.server.com:99999</baseUrl>
>       </rest>
> ...
> </configurationProperties>
> ...
> </redbackRuntimeConfiguration>
>
> Info about configuration files can be found at:
> http://archiva.apache.org/docs/2.2.3/adminguide/configuration-files.html
>
>
> Greetings
>
> Martin
>
>
> Am Mittwoch, 31. Mai 2017, 21:41:02 CEST schrieb Niranjan Babu Bommu:
> > I had same problem when I upgarded archiva, issue was fixed by adding
> > rest.baseUrl in archiva.xml and restart archiva
> >
> > <https://archiva-repository.apache.org/>
> > rest.baseUrl=.https://dev.server.com/archiva
> >
> >
> > On Wed, May 31, 2017 at 2:35 PM, Adam Brin <abrin@digitalantiquity.org>
> >
> > wrote:
> > > Hi,
> > >
> > >  We proxy our archiva install behind nginx such that
> > >
> > > https://dev.server.com/archiva/ —> http://localhost:99999/ . I’ve been
> > > trying to read the documentation on how to update, but I’m afraid, I’m
> a
> > > bit lost.  A few questions:
> > >
> > > Where is the redback config stored, is it in
> apps/archiva/WEB-INF/classes/
> > > org/apache/archiva/redback-security.properties ?   If so, can this be
> > > added to the doc, and also, moved into the conf/ directory? If not,
> where
> > > is it?
> > > when I start archiva and go to the URL, I get the following warning…
> > > Referer Header does not match: refererUrl=https://dev.server.
> com/archiva/,
> > > targetUrl=http://dev.tdar.org. Matches: Host=true, Port=false . But, I
> > > don’t see how to fix the port issue according to the doc (
> > > http://archiva.apache.org/redback/configuration.html#
> > > REST_security_settings).
> > >
> > > help?
> > >
> > > thanks
>
>
>


-- 
_________________________________________________________
Adam Brin
Director of Technology, Digital Antiquity
480.965.1278

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message