You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@archiva.apache.org by Adam Brin <ab...@digitalantiquity.org> on 2017/05/31 18:35:53 UTC
help with upgrade -- CSRF / Redback / proxy
Hi,
We proxy our archiva install behind nginx such that https://dev.server.com/archiva/ —> http://localhost:99999/ . I’ve been trying to read the documentation on how to update, but I’m afraid, I’m a bit lost. A few questions:
Where is the redback config stored, is it in apps/archiva/WEB-INF/classes/org/apache/archiva/redback-security.properties ? If so, can this be added to the doc, and also, moved into the conf/ directory? If not, where is it?
when I start archiva and go to the URL, I get the following warning… Referer Header does not match: refererUrl=https://dev.server.com/archiva/, targetUrl=http://dev.tdar.org. Matches: Host=true, Port=false . But, I don’t see how to fix the port issue according to the doc (http://archiva.apache.org/redback/configuration.html#REST_security_settings).
help?
thanks
Re: help with upgrade -- CSRF / Redback / proxy
Posted by Martin Stockhammer <ma...@apache.org>.
Yeah, took me some to find out, how the configuration really works. And I'm sure the next time I'm looking at it I'll scratch my head again 😉
And with the 3.0 version we don't have to look too much into compatibility. As long as there exists an (one way) upgrade path.
Cheers
Martin
Am 1. Juni 2017 07:46:07 MESZ schrieb Olivier Lamy <ol...@apache.org>:
>Maybe we should rewrite the configuration as it's a mix of legacy
>properties xml etc...
>I guess it's not really clear :-)
>Maybe for 3.0.0?
>
>On 1 June 2017 at 15:20, Martin Stockhammer <ma...@apache.org>
>wrote:
>
>> Hi,
>>
>> it is mentioned in the release notes. But not clear enough, I think.
>I
>> will improve the docs.
>>
>> Greetings
>>
>> Martin
>>
>> Am 1. Juni 2017 05:02:14 MESZ schrieb Adam Brin <
>> abrin@digitalantiquity.org>:
>> >Martin,
>> >Thank you, that really helped. It might be nice to identify some of
>> >this
>> >in the upgrade notes for 2.2.3, I definitely missed all of this when
>I
>> >went
>> >to try and figure out what was broken.
>> >
>> >- adam
>> >
>> >On Wed, May 31, 2017 at 1:15 PM, Martin <ma...@apache.org> wrote:
>> >
>> >> Yes, thats the right place to configure it.
>> >>
>> >> redback properties have been moved to archiva.xml
>> >> Inside the
>> >> <redbackRuntimeConfiguration>
>> >> <configurationProperties>
>> >> ...
>> >> </configurationProperties>
>> >> </redbackRuntimeConfiguration>
>> >> Element.
>> >>
>> >> This section is also changed, when you change the Redback Runtime
>> >> properties
>> >> by the WebUI:
>> >> http://archiva.apache.org/docs/2.2.3/adminguide/redback-
>> >> runtime-configuration.html#Runtime_properties
>> >>
>> >> But in this case editing via WebUI only works, if you have a
>browser
>> >behind
>> >> the reverse proxy. So you may want to edit the archiva.xml
>manually
>> >>
>> >> In your case this should be:
>> >> <redbackRuntimeConfiguration>
>> >> ...
>> >> <configurationProperties>
>> >> ...
>> >> <rest>
>> >> <csrffilter>
>> >> <enabled>false</enabled>
>> >> <disableTokenValidation>false</disableTokenValidation>
>> >> <absentorigin>
>> >> <deny>true</deny>
>> >> </absentorigin>
>> >> </csrffilter>
>> >> <baseUrl>http://dev.server.com:99999</baseUrl>
>> >> </rest>
>> >> ...
>> >> </configurationProperties>
>> >> ...
>> >> </redbackRuntimeConfiguration>
>> >>
>> >> Info about configuration files can be found at:
>> >>
>>
>>http://archiva.apache.org/docs/2.2.3/adminguide/configuration-files.html
>> >>
>> >>
>> >> Greetings
>> >>
>> >> Martin
>> >>
>> >>
>> >> Am Mittwoch, 31. Mai 2017, 21:41:02 CEST schrieb Niranjan Babu
>Bommu:
>> >> > I had same problem when I upgarded archiva, issue was fixed by
>> >adding
>> >> > rest.baseUrl in archiva.xml and restart archiva
>> >> >
>> >> > <https://archiva-repository.apache.org/>
>> >> > rest.baseUrl=.https://dev.server.com/archiva
>> >> >
>> >> >
>> >> > On Wed, May 31, 2017 at 2:35 PM, Adam Brin
>> ><ab...@digitalantiquity.org>
>> >> >
>> >> > wrote:
>> >> > > Hi,
>> >> > >
>> >> > > We proxy our archiva install behind nginx such that
>> >> > >
>> >> > > https://dev.server.com/archiva/ —> http://localhost:99999/ .
>I’ve
>> >been
>> >> > > trying to read the documentation on how to update, but I’m
>> >afraid, I’m
>> >> a
>> >> > > bit lost. A few questions:
>> >> > >
>> >> > > Where is the redback config stored, is it in
>> >> apps/archiva/WEB-INF/classes/
>> >> > > org/apache/archiva/redback-security.properties ? If so, can
>> >this be
>> >> > > added to the doc, and also, moved into the conf/ directory? If
>> >not,
>> >> where
>> >> > > is it?
>> >> > > when I start archiva and go to the URL, I get the following
>> >warning…
>> >> > > Referer Header does not match: refererUrl=https://dev.server.
>> >> com/archiva/,
>> >> > > targetUrl=http://dev.tdar.org. Matches: Host=true, Port=false
>.
>> >But, I
>> >> > > don’t see how to fix the port issue according to the doc (
>> >> > > http://archiva.apache.org/redback/configuration.html#
>> >> > > REST_security_settings).
>> >> > >
>> >> > > help?
>> >> > >
>> >> > > thanks
>> >>
>> >>
>> >>
>> >
>> >
>> >--
>> >_________________________________________________________
>> >Adam Brin
>> >Director of Technology, Digital Antiquity
>> >480.965.1278
>>
>> --
>> Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
>
>
>
>
>--
>Olivier Lamy
>http://twitter.com/olamy | http://linkedin.com/in/olamy
--
Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
Re: help with upgrade -- CSRF / Redback / proxy
Posted by Olivier Lamy <ol...@apache.org>.
Maybe we should rewrite the configuration as it's a mix of legacy
properties xml etc...
I guess it's not really clear :-)
Maybe for 3.0.0?
On 1 June 2017 at 15:20, Martin Stockhammer <ma...@apache.org> wrote:
> Hi,
>
> it is mentioned in the release notes. But not clear enough, I think. I
> will improve the docs.
>
> Greetings
>
> Martin
>
> Am 1. Juni 2017 05:02:14 MESZ schrieb Adam Brin <
> abrin@digitalantiquity.org>:
> >Martin,
> >Thank you, that really helped. It might be nice to identify some of
> >this
> >in the upgrade notes for 2.2.3, I definitely missed all of this when I
> >went
> >to try and figure out what was broken.
> >
> >- adam
> >
> >On Wed, May 31, 2017 at 1:15 PM, Martin <ma...@apache.org> wrote:
> >
> >> Yes, thats the right place to configure it.
> >>
> >> redback properties have been moved to archiva.xml
> >> Inside the
> >> <redbackRuntimeConfiguration>
> >> <configurationProperties>
> >> ...
> >> </configurationProperties>
> >> </redbackRuntimeConfiguration>
> >> Element.
> >>
> >> This section is also changed, when you change the Redback Runtime
> >> properties
> >> by the WebUI:
> >> http://archiva.apache.org/docs/2.2.3/adminguide/redback-
> >> runtime-configuration.html#Runtime_properties
> >>
> >> But in this case editing via WebUI only works, if you have a browser
> >behind
> >> the reverse proxy. So you may want to edit the archiva.xml manually
> >>
> >> In your case this should be:
> >> <redbackRuntimeConfiguration>
> >> ...
> >> <configurationProperties>
> >> ...
> >> <rest>
> >> <csrffilter>
> >> <enabled>false</enabled>
> >> <disableTokenValidation>false</disableTokenValidation>
> >> <absentorigin>
> >> <deny>true</deny>
> >> </absentorigin>
> >> </csrffilter>
> >> <baseUrl>http://dev.server.com:99999</baseUrl>
> >> </rest>
> >> ...
> >> </configurationProperties>
> >> ...
> >> </redbackRuntimeConfiguration>
> >>
> >> Info about configuration files can be found at:
> >>
> >http://archiva.apache.org/docs/2.2.3/adminguide/configuration-files.html
> >>
> >>
> >> Greetings
> >>
> >> Martin
> >>
> >>
> >> Am Mittwoch, 31. Mai 2017, 21:41:02 CEST schrieb Niranjan Babu Bommu:
> >> > I had same problem when I upgarded archiva, issue was fixed by
> >adding
> >> > rest.baseUrl in archiva.xml and restart archiva
> >> >
> >> > <https://archiva-repository.apache.org/>
> >> > rest.baseUrl=.https://dev.server.com/archiva
> >> >
> >> >
> >> > On Wed, May 31, 2017 at 2:35 PM, Adam Brin
> ><ab...@digitalantiquity.org>
> >> >
> >> > wrote:
> >> > > Hi,
> >> > >
> >> > > We proxy our archiva install behind nginx such that
> >> > >
> >> > > https://dev.server.com/archiva/ —> http://localhost:99999/ . I’ve
> >been
> >> > > trying to read the documentation on how to update, but I’m
> >afraid, I’m
> >> a
> >> > > bit lost. A few questions:
> >> > >
> >> > > Where is the redback config stored, is it in
> >> apps/archiva/WEB-INF/classes/
> >> > > org/apache/archiva/redback-security.properties ? If so, can
> >this be
> >> > > added to the doc, and also, moved into the conf/ directory? If
> >not,
> >> where
> >> > > is it?
> >> > > when I start archiva and go to the URL, I get the following
> >warning…
> >> > > Referer Header does not match: refererUrl=https://dev.server.
> >> com/archiva/,
> >> > > targetUrl=http://dev.tdar.org. Matches: Host=true, Port=false .
> >But, I
> >> > > don’t see how to fix the port issue according to the doc (
> >> > > http://archiva.apache.org/redback/configuration.html#
> >> > > REST_security_settings).
> >> > >
> >> > > help?
> >> > >
> >> > > thanks
> >>
> >>
> >>
> >
> >
> >--
> >_________________________________________________________
> >Adam Brin
> >Director of Technology, Digital Antiquity
> >480.965.1278
>
> --
> Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
--
Olivier Lamy
http://twitter.com/olamy | http://linkedin.com/in/olamy
Re: help with upgrade -- CSRF / Redback / proxy
Posted by Martin Stockhammer <ma...@apache.org>.
Hi,
it is mentioned in the release notes. But not clear enough, I think. I will improve the docs.
Greetings
Martin
Am 1. Juni 2017 05:02:14 MESZ schrieb Adam Brin <ab...@digitalantiquity.org>:
>Martin,
>Thank you, that really helped. It might be nice to identify some of
>this
>in the upgrade notes for 2.2.3, I definitely missed all of this when I
>went
>to try and figure out what was broken.
>
>- adam
>
>On Wed, May 31, 2017 at 1:15 PM, Martin <ma...@apache.org> wrote:
>
>> Yes, thats the right place to configure it.
>>
>> redback properties have been moved to archiva.xml
>> Inside the
>> <redbackRuntimeConfiguration>
>> <configurationProperties>
>> ...
>> </configurationProperties>
>> </redbackRuntimeConfiguration>
>> Element.
>>
>> This section is also changed, when you change the Redback Runtime
>> properties
>> by the WebUI:
>> http://archiva.apache.org/docs/2.2.3/adminguide/redback-
>> runtime-configuration.html#Runtime_properties
>>
>> But in this case editing via WebUI only works, if you have a browser
>behind
>> the reverse proxy. So you may want to edit the archiva.xml manually
>>
>> In your case this should be:
>> <redbackRuntimeConfiguration>
>> ...
>> <configurationProperties>
>> ...
>> <rest>
>> <csrffilter>
>> <enabled>false</enabled>
>> <disableTokenValidation>false</disableTokenValidation>
>> <absentorigin>
>> <deny>true</deny>
>> </absentorigin>
>> </csrffilter>
>> <baseUrl>http://dev.server.com:99999</baseUrl>
>> </rest>
>> ...
>> </configurationProperties>
>> ...
>> </redbackRuntimeConfiguration>
>>
>> Info about configuration files can be found at:
>>
>http://archiva.apache.org/docs/2.2.3/adminguide/configuration-files.html
>>
>>
>> Greetings
>>
>> Martin
>>
>>
>> Am Mittwoch, 31. Mai 2017, 21:41:02 CEST schrieb Niranjan Babu Bommu:
>> > I had same problem when I upgarded archiva, issue was fixed by
>adding
>> > rest.baseUrl in archiva.xml and restart archiva
>> >
>> > <https://archiva-repository.apache.org/>
>> > rest.baseUrl=.https://dev.server.com/archiva
>> >
>> >
>> > On Wed, May 31, 2017 at 2:35 PM, Adam Brin
><ab...@digitalantiquity.org>
>> >
>> > wrote:
>> > > Hi,
>> > >
>> > > We proxy our archiva install behind nginx such that
>> > >
>> > > https://dev.server.com/archiva/ —> http://localhost:99999/ . I’ve
>been
>> > > trying to read the documentation on how to update, but I’m
>afraid, I’m
>> a
>> > > bit lost. A few questions:
>> > >
>> > > Where is the redback config stored, is it in
>> apps/archiva/WEB-INF/classes/
>> > > org/apache/archiva/redback-security.properties ? If so, can
>this be
>> > > added to the doc, and also, moved into the conf/ directory? If
>not,
>> where
>> > > is it?
>> > > when I start archiva and go to the URL, I get the following
>warning…
>> > > Referer Header does not match: refererUrl=https://dev.server.
>> com/archiva/,
>> > > targetUrl=http://dev.tdar.org. Matches: Host=true, Port=false .
>But, I
>> > > don’t see how to fix the port issue according to the doc (
>> > > http://archiva.apache.org/redback/configuration.html#
>> > > REST_security_settings).
>> > >
>> > > help?
>> > >
>> > > thanks
>>
>>
>>
>
>
>--
>_________________________________________________________
>Adam Brin
>Director of Technology, Digital Antiquity
>480.965.1278
--
Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
Re: help with upgrade -- CSRF / Redback / proxy
Posted by Adam Brin <ab...@digitalantiquity.org>.
Martin,
Thank you, that really helped. It might be nice to identify some of this
in the upgrade notes for 2.2.3, I definitely missed all of this when I went
to try and figure out what was broken.
- adam
On Wed, May 31, 2017 at 1:15 PM, Martin <ma...@apache.org> wrote:
> Yes, thats the right place to configure it.
>
> redback properties have been moved to archiva.xml
> Inside the
> <redbackRuntimeConfiguration>
> <configurationProperties>
> ...
> </configurationProperties>
> </redbackRuntimeConfiguration>
> Element.
>
> This section is also changed, when you change the Redback Runtime
> properties
> by the WebUI:
> http://archiva.apache.org/docs/2.2.3/adminguide/redback-
> runtime-configuration.html#Runtime_properties
>
> But in this case editing via WebUI only works, if you have a browser behind
> the reverse proxy. So you may want to edit the archiva.xml manually
>
> In your case this should be:
> <redbackRuntimeConfiguration>
> ...
> <configurationProperties>
> ...
> <rest>
> <csrffilter>
> <enabled>false</enabled>
> <disableTokenValidation>false</disableTokenValidation>
> <absentorigin>
> <deny>true</deny>
> </absentorigin>
> </csrffilter>
> <baseUrl>http://dev.server.com:99999</baseUrl>
> </rest>
> ...
> </configurationProperties>
> ...
> </redbackRuntimeConfiguration>
>
> Info about configuration files can be found at:
> http://archiva.apache.org/docs/2.2.3/adminguide/configuration-files.html
>
>
> Greetings
>
> Martin
>
>
> Am Mittwoch, 31. Mai 2017, 21:41:02 CEST schrieb Niranjan Babu Bommu:
> > I had same problem when I upgarded archiva, issue was fixed by adding
> > rest.baseUrl in archiva.xml and restart archiva
> >
> > <https://archiva-repository.apache.org/>
> > rest.baseUrl=.https://dev.server.com/archiva
> >
> >
> > On Wed, May 31, 2017 at 2:35 PM, Adam Brin <ab...@digitalantiquity.org>
> >
> > wrote:
> > > Hi,
> > >
> > > We proxy our archiva install behind nginx such that
> > >
> > > https://dev.server.com/archiva/ —> http://localhost:99999/ . I’ve been
> > > trying to read the documentation on how to update, but I’m afraid, I’m
> a
> > > bit lost. A few questions:
> > >
> > > Where is the redback config stored, is it in
> apps/archiva/WEB-INF/classes/
> > > org/apache/archiva/redback-security.properties ? If so, can this be
> > > added to the doc, and also, moved into the conf/ directory? If not,
> where
> > > is it?
> > > when I start archiva and go to the URL, I get the following warning…
> > > Referer Header does not match: refererUrl=https://dev.server.
> com/archiva/,
> > > targetUrl=http://dev.tdar.org. Matches: Host=true, Port=false . But, I
> > > don’t see how to fix the port issue according to the doc (
> > > http://archiva.apache.org/redback/configuration.html#
> > > REST_security_settings).
> > >
> > > help?
> > >
> > > thanks
>
>
>
--
_________________________________________________________
Adam Brin
Director of Technology, Digital Antiquity
480.965.1278
Re: help with upgrade -- CSRF / Redback / proxy
Posted by Martin <ma...@apache.org>.
Yes, thats the right place to configure it.
redback properties have been moved to archiva.xml
Inside the
<redbackRuntimeConfiguration>
<configurationProperties>
...
</configurationProperties>
</redbackRuntimeConfiguration>
Element.
This section is also changed, when you change the Redback Runtime properties
by the WebUI:
http://archiva.apache.org/docs/2.2.3/adminguide/redback-runtime-configuration.html#Runtime_properties
But in this case editing via WebUI only works, if you have a browser behind
the reverse proxy. So you may want to edit the archiva.xml manually
In your case this should be:
<redbackRuntimeConfiguration>
...
<configurationProperties>
...
<rest>
<csrffilter>
<enabled>false</enabled>
<disableTokenValidation>false</disableTokenValidation>
<absentorigin>
<deny>true</deny>
</absentorigin>
</csrffilter>
<baseUrl>http://dev.server.com:99999</baseUrl>
</rest>
...
</configurationProperties>
...
</redbackRuntimeConfiguration>
Info about configuration files can be found at:
http://archiva.apache.org/docs/2.2.3/adminguide/configuration-files.html
Greetings
Martin
Am Mittwoch, 31. Mai 2017, 21:41:02 CEST schrieb Niranjan Babu Bommu:
> I had same problem when I upgarded archiva, issue was fixed by adding
> rest.baseUrl in archiva.xml and restart archiva
>
> <https://archiva-repository.apache.org/>
> rest.baseUrl=.https://dev.server.com/archiva
>
>
> On Wed, May 31, 2017 at 2:35 PM, Adam Brin <ab...@digitalantiquity.org>
>
> wrote:
> > Hi,
> >
> > We proxy our archiva install behind nginx such that
> >
> > https://dev.server.com/archiva/ —> http://localhost:99999/ . I’ve been
> > trying to read the documentation on how to update, but I’m afraid, I’m a
> > bit lost. A few questions:
> >
> > Where is the redback config stored, is it in apps/archiva/WEB-INF/classes/
> > org/apache/archiva/redback-security.properties ? If so, can this be
> > added to the doc, and also, moved into the conf/ directory? If not, where
> > is it?
> > when I start archiva and go to the URL, I get the following warning…
> > Referer Header does not match: refererUrl=https://dev.server.com/archiva/,
> > targetUrl=http://dev.tdar.org. Matches: Host=true, Port=false . But, I
> > don’t see how to fix the port issue according to the doc (
> > http://archiva.apache.org/redback/configuration.html#
> > REST_security_settings).
> >
> > help?
> >
> > thanks
Re: help with upgrade -- CSRF / Redback / proxy
Posted by Niranjan Babu Bommu <ni...@gmail.com>.
I had same problem when I upgarded archiva, issue was fixed by adding
rest.baseUrl in archiva.xml and restart archiva
<https://archiva-repository.apache.org/>
rest.baseUrl=.https://dev.server.com/archiva
On Wed, May 31, 2017 at 2:35 PM, Adam Brin <ab...@digitalantiquity.org>
wrote:
> Hi,
> We proxy our archiva install behind nginx such that
> https://dev.server.com/archiva/ —> http://localhost:99999/ . I’ve been
> trying to read the documentation on how to update, but I’m afraid, I’m a
> bit lost. A few questions:
>
> Where is the redback config stored, is it in apps/archiva/WEB-INF/classes/
> org/apache/archiva/redback-security.properties ? If so, can this be
> added to the doc, and also, moved into the conf/ directory? If not, where
> is it?
> when I start archiva and go to the URL, I get the following warning…
> Referer Header does not match: refererUrl=https://dev.server.com/archiva/,
> targetUrl=http://dev.tdar.org. Matches: Host=true, Port=false . But, I
> don’t see how to fix the port issue according to the doc (
> http://archiva.apache.org/redback/configuration.html#
> REST_security_settings).
>
> help?
>
> thanks
>
>
--
*Thanks*
*Niranjan*