You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@openmeetings.apache.org by Arndt,
Wolfgang <ar...@lernenfoerdern.de> on 2020/04/02 11:19:00 UTC
Openmeetings Docker behind reverse proxy
Hi,
my Openmeetings docker is working now. So i took the next step:
I use the nginx-letsencrypt ssl proxy (https://hub.docker.com/r/jrcs/letsencrypt-nginx-proxy-companion/) to auto-generate certs. This is working with other containers.
As in the grafana expample from the page above , i start the OM-Docker container with an additional -e "VIRTUAL_PORT=5080"
Now i can connect via the proxy to my OM container, the login page opens but i cannot login.
INFO 04-02 10:59:37.346 o.a.w.p.h.CsrfPreventionRequestCycleListener:779 [nio-5080-exec-6] - Possible CSRF attack, request URL: http://om.xxxxx.de/openmeetings/wicket/bookmarkable/org.apache.openmeetings.web.pages.auth.SignInPage, Origin: https://om.xxxxx.de, action: aborted with error 400 Origin does not correspond to request
Wolfgang
Re: Openmeetings Docker behind reverse proxy
Posted by Maxim Solodovnik <so...@gmail.com>.
This detailed how-to is for version 4.0.x
I have asked multiple times to ask SO question so I can put up-to-date
5.0.x config, but no question :)
please search mailing list https://openmeetings.markmail.org/
server.xml need to be modified
According to nginx: I'm not an expert here :(
On Thu, 2 Apr 2020 at 20:01, Arndt, Wolfgang <ar...@lernenfoerdern.de>
wrote:
> Hi,
>
> when i read this right i have to modify conf/jee-container.xml
>
> in the container.
>
> I cannot find a file like that in there.
>
>
>
> Second: I have to proxy websockets, too.
>
>
>
> I have no idea, how to doi this with
> https://github.com/nginx-proxy/nginx-proxy
>
>
>
> Wolfgang
>
>
>
>
>
>
>
>
>
>
> *Von:* Maxim Solodovnik <so...@gmail.com>
> *Gesendet:* Donnerstag, 2. April 2020 13:51
> *An:* Openmeetings user-list <us...@openmeetings.apache.org>
> *Betreff:* Re: Openmeetings Docker behind reverse proxy
>
>
>
>
> https://stackoverflow.com/questions/51721771/apache-openmeetings-4-0-4-csrf-attack-when-using-apache2-as-proxypass
>
> + search in this ML :)))
>
>
>
> On Thu, 2 Apr 2020 at 18:19, Arndt, Wolfgang <ar...@lernenfoerdern.de>
> wrote:
>
> Hi,
>
> my Openmeetings docker is working now. So i took the next step:
>
>
>
> I use the nginx-letsencrypt ssl proxy (
> https://hub.docker.com/r/jrcs/letsencrypt-nginx-proxy-companion/) to
> auto-generate certs. This is working with other containers.
>
>
>
> As in the grafana expample from the page above , i start the OM-Docker
> container with an additional -e "VIRTUAL_PORT=5080"
>
>
>
> Now i can connect via the proxy to my OM container, the login page opens
> but i cannot login.
>
>
>
>
>
> INFO 04-02 10:59:37.346 o.a.w.p.h.CsrfPreventionRequestCycleListener:779
> [nio-5080-exec-6] - Possible CSRF attack, request URL:
> http://om.xxxxx.de/openmeetings/wicket/bookmarkable/org.apache.openmeetings.web.pages.auth.SignInPage,
> Origin: https://om.xxxxx.de, action: aborted with error 400 Origin does
> not correspond to request
>
>
>
>
>
> Wolfgang
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
--
WBR
Maxim aka solomax
Re: Openmeetings Docker behind reverse proxy
Posted by YUP <yu...@gmail.com>.
Hi,
Please try my config for proxy pass in nginx. My nginx listen port
2443 with ssl, openmeetings runs in docker with standart ports
exposed:
server {
listen 2443 ssl http2;
listen [::]:2443 ssl http2;
server_name localhost;
location /openmeetings {
proxy_pass https://localhost:5443/openmeetings;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
You can also add kurento if you wish:
location /kurento {
# prevents 502 bad gateway error
proxy_buffers 8 32k;
proxy_buffer_size 64k;
# redirect all HTTP traffic to localhost:8088;
proxy_pass http://127.0.0.1:8888/kurento;
# enables WS support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 999999999;
}
On Thu, Apr 2, 2020 at 3:01 PM Arndt, Wolfgang <ar...@lernenfoerdern.de> wrote:
>
> Hi,
>
> when i read this right i have to modify conf/jee-container.xml
>
> in the container.
>
> I cannot find a file like that in there.
>
>
>
> Second: I have to proxy websockets, too.
>
>
>
> I have no idea, how to doi this with https://github.com/nginx-proxy/nginx-proxy
>
>
>
> Wolfgang
>
>
>
>
>
>
>
>
>
>
> Von: Maxim Solodovnik <so...@gmail.com>
> Gesendet: Donnerstag, 2. April 2020 13:51
> An: Openmeetings user-list <us...@openmeetings.apache.org>
> Betreff: Re: Openmeetings Docker behind reverse proxy
>
>
>
> https://stackoverflow.com/questions/51721771/apache-openmeetings-4-0-4-csrf-attack-when-using-apache2-as-proxypass
>
> + search in this ML :)))
>
>
>
> On Thu, 2 Apr 2020 at 18:19, Arndt, Wolfgang <ar...@lernenfoerdern.de> wrote:
>
> Hi,
>
> my Openmeetings docker is working now. So i took the next step:
>
>
>
> I use the nginx-letsencrypt ssl proxy (https://hub.docker.com/r/jrcs/letsencrypt-nginx-proxy-companion/) to auto-generate certs. This is working with other containers.
>
>
>
> As in the grafana expample from the page above , i start the OM-Docker container with an additional -e "VIRTUAL_PORT=5080"
>
>
>
> Now i can connect via the proxy to my OM container, the login page opens but i cannot login.
>
>
>
>
>
> INFO 04-02 10:59:37.346 o.a.w.p.h.CsrfPreventionRequestCycleListener:779 [nio-5080-exec-6] - Possible CSRF attack, request URL: http://om.xxxxx.de/openmeetings/wicket/bookmarkable/org.apache.openmeetings.web.pages.auth.SignInPage, Origin: https://om.xxxxx.de, action: aborted with error 400 Origin does not correspond to request
>
>
>
>
>
> Wolfgang
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
AW: Openmeetings Docker behind reverse proxy
Posted by Arndt,
Wolfgang <ar...@lernenfoerdern.de>.
Hi,
when i read this right i have to modify conf/jee-container.xml
in the container.
I cannot find a file like that in there.
Second: I have to proxy websockets, too.
I have no idea, how to doi this with https://github.com/nginx-proxy/nginx-proxy
Wolfgang
Von: Maxim Solodovnik <so...@gmail.com>
Gesendet: Donnerstag, 2. April 2020 13:51
An: Openmeetings user-list <us...@openmeetings.apache.org>
Betreff: Re: Openmeetings Docker behind reverse proxy
https://stackoverflow.com/questions/51721771/apache-openmeetings-4-0-4-csrf-attack-when-using-apache2-as-proxypass
+ search in this ML :)))
On Thu, 2 Apr 2020 at 18:19, Arndt, Wolfgang <ar...@lernenfoerdern.de> wrote:
Hi,
my Openmeetings docker is working now. So i took the next step:
I use the nginx-letsencrypt ssl proxy (https://hub.docker.com/r/jrcs/letsencrypt-nginx-proxy-companion/) to auto-generate certs. This is working with other containers.
As in the grafana expample from the page above , i start the OM-Docker container with an additional -e "VIRTUAL_PORT=5080"
Now i can connect via the proxy to my OM container, the login page opens but i cannot login.
INFO 04-02 10:59:37.346 o.a.w.p.h.CsrfPreventionRequestCycleListener:779 [nio-5080-exec-6] - Possible CSRF attack, request URL: http://om.xxxxx.de/openmeetings/wicket/bookmarkable/org.apache.openmeetings.web.pages.auth.SignInPage, Origin: https://om.xxxxx.de, action: aborted with error 400 Origin does not correspond to request
Wolfgang
--
WBR
Maxim aka solomax
Re: Openmeetings Docker behind reverse proxy
Posted by Maxim Solodovnik <so...@gmail.com>.
https://stackoverflow.com/questions/51721771/apache-openmeetings-4-0-4-csrf-attack-when-using-apache2-as-proxypass
+ search in this ML :)))
On Thu, 2 Apr 2020 at 18:19, Arndt, Wolfgang <ar...@lernenfoerdern.de>
wrote:
> Hi,
>
> my Openmeetings docker is working now. So i took the next step:
>
>
>
> I use the nginx-letsencrypt ssl proxy (
> https://hub.docker.com/r/jrcs/letsencrypt-nginx-proxy-companion/) to
> auto-generate certs. This is working with other containers.
>
>
>
> As in the grafana expample from the page above , i start the OM-Docker
> container with an additional -e "VIRTUAL_PORT=5080"
>
>
>
> Now i can connect via the proxy to my OM container, the login page opens
> but i cannot login.
>
>
>
>
>
> INFO 04-02 10:59:37.346 o.a.w.p.h.CsrfPreventionRequestCycleListener:779
> [nio-5080-exec-6] - Possible CSRF attack, request URL:
> http://om.xxxxx.de/openmeetings/wicket/bookmarkable/org.apache.openmeetings.web.pages.auth.SignInPage,
> Origin: https://om.xxxxx.de, action: aborted with error 400 Origin does
> not correspond to request
>
>
>
>
>
> Wolfgang
>
--
WBR
Maxim aka solomax