archiva-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Olivier Lamy <ol...@apache.org>
Subject Re: Error 403 when proxying with Nginx
Date Sat, 12 Aug 2017 10:55:30 GMT
Hi
Which Archiva version are you using?
Do you have anything in Archiva logs?
In your archiva.xml you should have some elements such

<rest>

<csrffilter>

<disableTokenValidation>false</disableTokenValidation>

<absentorigin>

<deny>true</deny>

</absentorigin>

<enabled>true</enabled>

</csrffilter>

<baseUrl></baseUrl>

</rest>

See the details here:
http://archiva.apache.org/redback/configuration.html#REST_security_settings

HTH
Olivier


On 12 August 2017 at 18:55, Martin Pola <martin@kottnet.net> wrote:

> Hello,
>
> I am trying to access Archiva through HTTPS, and from what I have
> understood the easiest way to accomplish that is by having another,
> HTTPS-enabled, web server acting as a proxy.
>
> My Archiva instance listens on 127.0.0.1:8080 and my Nginx server block
> looks like this:
>    server
>    {
>        listen [...]:443 ssl;
>        server_name [...]
>        underscores_in_headers on;
>
>        ssl on;
>        ssl_certificate /etc/letsencrypt/live/[...]/fullchain.pem;
>        ssl_certificate_key /etc/letsencrypt/live/[...]/privkey.pem;
>
>        location /
>        {
>            include proxy_params;
>            proxy_pass http://127.0.0.1:8080;
>        }
>    }
>
> The included file `proxy_params` contains these lines:
>    proxy_set_header Host $http_host;
>    proxy_set_header X-Real-IP $remote_addr;
>    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>    proxy_set_header X-Forwarded-Proto $scheme;
>
> When I try to visit the proxy, Archiva doesn't load. Having opened the
> web browser's developer toolkit, the error appears to have been caused
> by a GET request to
>    /restServices/archivaServices/commonServices/getAllI18nResources
> which the server responded to with error 403 Forbidden. If I try to
> visit Archiva directly, through http://127.0.0.1:8080, the equivalent
> GET request does not return any error. From what I can tell, the same
> request headers seem to be sent, and the same response headers are
> received.
>
> What could be causing the issue, and how should I proceed to resolve it?
>
> Kind regards,
> Martin Pola
>



-- 
Olivier Lamy
http://twitter.com/olamy | http://linkedin.com/in/olamy

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message