You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@archiva.apache.org by Martin Stockhammer <ma...@apache.org> on 2017/06/01 06:07:30 UTC

Re: help with upgrade -- CSRF / Redback / proxy

Yeah, took me some to find out, how the configuration really works. And I'm sure the next time I'm looking at it I'll scratch my head again 😉

And with the 3.0 version we don't have to look too much into compatibility. As long as there exists an (one way) upgrade path.

Cheers

Martin


Am 1. Juni 2017 07:46:07 MESZ schrieb Olivier Lamy <ol...@apache.org>:
>Maybe we should rewrite the configuration as it's a mix of legacy
>properties xml etc...
>I guess it's not really clear :-)
>Maybe for 3.0.0?
>
>On 1 June 2017 at 15:20, Martin Stockhammer <ma...@apache.org>
>wrote:
>
>> Hi,
>>
>> it is mentioned in the release notes. But not clear enough, I think.
>I
>> will improve the docs.
>>
>> Greetings
>>
>> Martin
>>
>> Am 1. Juni 2017 05:02:14 MESZ schrieb Adam Brin <
>> abrin@digitalantiquity.org>:
>> >Martin,
>> >Thank you, that really helped.  It might be nice to identify some of
>> >this
>> >in the upgrade notes for 2.2.3, I definitely missed all of this when
>I
>> >went
>> >to try and figure out what was broken.
>> >
>> >- adam
>> >
>> >On Wed, May 31, 2017 at 1:15 PM, Martin <ma...@apache.org> wrote:
>> >
>> >> Yes, thats the right place to configure it.
>> >>
>> >> redback properties have been moved to  archiva.xml
>> >> Inside the
>> >> <redbackRuntimeConfiguration>
>> >> <configurationProperties>
>> >> ...
>> >> </configurationProperties>
>> >> </redbackRuntimeConfiguration>
>> >> Element.
>> >>
>> >> This section is also changed, when you change the Redback Runtime
>> >> properties
>> >> by the WebUI:
>> >> http://archiva.apache.org/docs/2.2.3/adminguide/redback-
>> >> runtime-configuration.html#Runtime_properties
>> >>
>> >> But in this case editing via WebUI only works, if you have a
>browser
>> >behind
>> >> the reverse proxy. So you may want to edit the archiva.xml
>manually
>> >>
>> >> In your case this should be:
>> >> <redbackRuntimeConfiguration>
>> >> ...
>> >> <configurationProperties>
>> >> ...
>> >>       <rest>
>> >>         <csrffilter>
>> >>           <enabled>false</enabled>
>> >>           <disableTokenValidation>false</disableTokenValidation>
>> >>           <absentorigin>
>> >>             <deny>true</deny>
>> >>           </absentorigin>
>> >>         </csrffilter>
>> >>         <baseUrl>http://dev.server.com:99999</baseUrl>
>> >>       </rest>
>> >> ...
>> >> </configurationProperties>
>> >> ...
>> >> </redbackRuntimeConfiguration>
>> >>
>> >> Info about configuration files can be found at:
>> >>
>>
>>http://archiva.apache.org/docs/2.2.3/adminguide/configuration-files.html
>> >>
>> >>
>> >> Greetings
>> >>
>> >> Martin
>> >>
>> >>
>> >> Am Mittwoch, 31. Mai 2017, 21:41:02 CEST schrieb Niranjan Babu
>Bommu:
>> >> > I had same problem when I upgarded archiva, issue was fixed by
>> >adding
>> >> > rest.baseUrl in archiva.xml and restart archiva
>> >> >
>> >> > <https://archiva-repository.apache.org/>
>> >> > rest.baseUrl=.https://dev.server.com/archiva
>> >> >
>> >> >
>> >> > On Wed, May 31, 2017 at 2:35 PM, Adam Brin
>> ><ab...@digitalantiquity.org>
>> >> >
>> >> > wrote:
>> >> > > Hi,
>> >> > >
>> >> > >  We proxy our archiva install behind nginx such that
>> >> > >
>> >> > > https://dev.server.com/archiva/ —> http://localhost:99999/ .
>I’ve
>> >been
>> >> > > trying to read the documentation on how to update, but I’m
>> >afraid, I’m
>> >> a
>> >> > > bit lost.  A few questions:
>> >> > >
>> >> > > Where is the redback config stored, is it in
>> >> apps/archiva/WEB-INF/classes/
>> >> > > org/apache/archiva/redback-security.properties ?   If so, can
>> >this be
>> >> > > added to the doc, and also, moved into the conf/ directory? If
>> >not,
>> >> where
>> >> > > is it?
>> >> > > when I start archiva and go to the URL, I get the following
>> >warning…
>> >> > > Referer Header does not match: refererUrl=https://dev.server.
>> >> com/archiva/,
>> >> > > targetUrl=http://dev.tdar.org. Matches: Host=true, Port=false
>.
>> >But, I
>> >> > > don’t see how to fix the port issue according to the doc (
>> >> > > http://archiva.apache.org/redback/configuration.html#
>> >> > > REST_security_settings).
>> >> > >
>> >> > > help?
>> >> > >
>> >> > > thanks
>> >>
>> >>
>> >>
>> >
>> >
>> >--
>> >_________________________________________________________
>> >Adam Brin
>> >Director of Technology, Digital Antiquity
>> >480.965.1278
>>
>> --
>> Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
>
>
>
>
>-- 
>Olivier Lamy
>http://twitter.com/olamy | http://linkedin.com/in/olamy

-- 
Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.