Hi Dave, Jody,
I set -DGEOSERVER_CSRF_WHITELIST=gs-main.geosolutionsgroup.com Not sure where to configure the X-Forwarded-** headers. > I am not as familiar with Apache HTTP but there's a chance the headers are already there. Yes, you can enable headers logging directly in geoserver https://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#enable-request-logging [image: image.png] [image: image.png] Alessandro On Fri, Sep 30, 2022 at 4:29 AM David Blasby <david.bla...@geocat.net> wrote: > Hi, > > I setup apache (localhost:8111) with this; > > ProxyPass "/dave/" "http://localhost:8080/geoserver/"; > ProxyPassReverse "/dave/" "http://localhost:8080/geoserver/"; > > This means that "localhost:8111/dave/web" takes me to the geoserver > homepage (running on localhost:8080). > > Inside geoserver, I set the proxy base url to "http://localhost:8111/dave > ". > > That's all the configuration I did - I'm not setting any "X-Forwarded-** > headers" (unless apache does that automatically). > > I found - > https://docs.geoserver.org/stable/en/user/configuration/globalsettings.html > > I guess I have to set these somehow... > > Dave > > > > On Thu, Sep 29, 2022 at 11:41 AM Jody Garnett <jody.garn...@gmail.com> > wrote: > >> Alessandro: >> >> David was testing with the Proxy Base URL setting correctly. >> >> I am also trying to set up a test environment with apache with mod_proxy >> as per random blog post instructions ( >> https://www.middlewareinventory.com/blog/docker-reverse-proxy-example/). >> But I don't really know what I am doing so it is unlikely to match your >> setup. >> >> Not sure where to configure the X-Forwarded-** headers. >> >> Did you need to configure >> https://docs.geoserver.org/stable/en/user/security/webadmin/csrf.html >> with GEOSERVER_CSRF_WHITELIST or GEOSERVER_CSRF_DISABLED? >> -- >> Jody Garnett >> >> >> On Thu, 29 Sept 2022 at 07:01, Alessandro Parma < >> alessandro.pa...@geosolutionsgroup.com> wrote: >> >>> Hi David, andrea >>> >>> b) When I proxied geoserver, I couldn't save most configuration options >>>>> (i.e. change the logging profile) >>>>> * it would give me a "Origin does not correspond to request" >>>>> error >>>>> * others recommended setting "-DGEOSERVER_CSRF_DISABLED=true" >>>>> + this worked, but now if I change the logging profile it >>>>> will log me out (but my changes were saved). >>>>> Hum... not sure, I'll inquire with Alessandro on how the proxying is >>>>> set up. >>>> >>>> >>> I understand this is an unrelated problem with your local environment >>> David. I suggest you check your PROXY_BASE_URL settings. >>> >>> In terms of proxy config there is nothing special honestly.. we're using >>> Nginx with an explicitly set PROXY_BASE_URL: >>> >>> [image: image.png] >>> >>> And we are passing the X-Forwarded-** headers from Nginx to GeoServer. >>> That info should be used by GeoServer to understand >>> what protocols and host are used by the user to connect to it. >>> >>> We can have a closer look but before we do that are you sure you cannot >>> reproduce it locally on an HTTPS setup? >>> >>> Thank you, >>> Alessandro >>> >>> On Thu, Sep 29, 2022 at 9:46 AM Andrea Aime < >>> andrea.a...@geosolutionsgroup.com> wrote: >>> >>>> On Thu, Sep 29, 2022 at 1:05 AM David Blasby <david.bla...@geocat.net> >>>> wrote: >>>> >>>>> Andrea, >>>>> >>>>> I tried to reproduce this and found some more issues; >>>>> >>>>> a) I couldn't "cd web/app; mvn jetty:run" >>>>> * I get a nullpointerexception - likely because there's no >>>>> settings in global.xml >>>>> * i used data/release and it worked fine >>>>> >>>> >>>> Uh yeah, this is bad... GeoServer should be able to start off a >>>> completely empty data directory (eventually >>>> with some warning). I thought we had a test to that effect, but I >>>> cannot find it... >>>> >>>> >>>>> b) When I proxied geoserver, I couldn't save most configuration >>>>> options (i.e. change the logging profile) >>>>> * it would give me a "Origin does not correspond to request" >>>>> error >>>>> * others recommended setting "-DGEOSERVER_CSRF_DISABLED=true" >>>>> + this worked, but now if I change the logging profile it >>>>> will log me out (but my changes were saved). >>>>> >>>> >>>> Hum... not sure, I'll inquire with Alessandro on how the proxying is >>>> set up. >>>> >>>> Cheers >>>> Andrea >>>> >>>> == >>>> >>>> GeoServer Professional Services from the experts! >>>> >>>> Visit http://bit.ly/gs-services-us for more information. >>>> == >>>> >>>> Ing. Andrea Aime >>>> @geowolf >>>> Technical Lead >>>> >>>> GeoSolutions Group >>>> phone: +39 0584 962313 >>>> >>>> fax: +39 0584 1660272 >>>> >>>> mob: +39 339 8844549 >>>> >>>> https://www.geosolutionsgroup.com/ >>>> >>>> http://twitter.com/geosolutions_it >>>> >>>> ------------------------------------------------------- >>>> >>>> Con riferimento alla normativa sul trattamento dei dati personali (Reg. >>>> UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si >>>> precisa che ogni circostanza inerente alla presente email (il suo >>>> contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è >>>> riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il >>>> messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra >>>> operazione è illecita. Le sarei comunque grato se potesse darmene notizia. >>>> >>>> This email is intended only for the person or entity to which it is >>>> addressed and may contain information that is privileged, confidential or >>>> otherwise protected from disclosure. We remind that - as provided by >>>> European Regulation 2016/679 “GDPR” - copying, dissemination or use of this >>>> e-mail or the information herein by anyone other than the intended >>>> recipient is prohibited. If you have received this email by mistake, please >>>> notify us immediately by telephone or e-mail >>>> _______________________________________________ >>>> Geoserver-devel mailing list >>>> Geoserver-devel@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/geoserver-devel >>>> >>> >>> >>> -- >>> >>> Regards, Alessandro Parma == GeoServer Professional Services from the >>> experts! Visit http://goo.gl/it488V for more information. == Alessandro >>> Parma DevOps Engineer GeoSolutions S.A.S. Via di Montramito 3/A 55054 >>> Massarosa (LU) Italy phone: +39 340 4752467 fax: +39 0584 1660272 >>> https://www.geosolutionsgroup.com https://twitter.com/geosolutions_it >>> ------------------------------------------------------- Con riferimento >>> alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - >>> Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni >>> circostanza inerente alla presente email (il suo contenuto, gli eventuali >>> allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i >>> destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per >>> errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le >>> sarei comunque grato se potesse darmene notizia. This email is intended >>> only for the person or entity to which it is addressed and may contain >>> information that is privileged, confidential or otherwise protected from >>> disclosure. We remind that - as provided by European Regulation 2016/679 >>> “GDPR” - copying, dissemination or use of this e-mail or the information >>> herein by anyone other than the intended recipient is prohibited. If you >>> have received this email by mistake, please notify us immediately by >>> telephone or e-mail. >>> _______________________________________________ >>> Geoserver-devel mailing list >>> Geoserver-devel@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/geoserver-devel >>> >> _______________________________________________ >> Geoserver-devel mailing list >> Geoserver-devel@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/geoserver-devel >> > -- Regards, Alessandro Parma == GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information. == Alessandro Parma DevOps Engineer GeoSolutions S.A.S. Via di Montramito 3/A 55054 Massarosa (LU) Italy phone: +39 340 4752467 fax: +39 0584 1660272 https://www.geosolutionsgroup.com https://twitter.com/geosolutions_it ------------------------------------------------------- Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia. This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail.
_______________________________________________ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
