Ok, in order to get apache to properly forward the session cookies to geoserver I needed to;
ProxyPass "/dave/" "http://localhost:8080/geoserver/"; ProxyPassReverse "/dave/" "http://localhost:8080/geoserver/"; ProxyPassReverseCookiePath /geoserver / i.e. a cookie is send from geoserver (with path=/geoserver). Apache proxy will re-create this as a "/" cookie. If it didn't do this the cookie would never be attached to the requests (since the actual browser url is http://localhost:8111/dave/web/ (and doesn't have a /geoserver). I think it would be better to be "ProxyPassReverseCookiePath /geoserver /dave", but the above works. End result - now you can make config changes in GS and you're not logged out. Will look at the welcome page issue - thanks for the help! Dave On Mon, Oct 3, 2022 at 9:22 AM David Blasby <david.bla...@geocat.net> wrote: > Hi, > > I used > -DGEOSERVER_CSRF_WHITELIST=localhost > (NOTE: no port #. If you put a port# in - localhost:8111 - it will give > you errors) > > This puts me in the same situation as before (i.e. when you save a > configuration change it does save but then logs you out). > > Looking at the headers... > > REQUEST: > http://localhost:8111/dave/web/;jsessionid=node01dcqivgqtv42m1wx5opwiziqxr11.node0?0 > > Headers; > X-Forwarded-Host: localhost:8111 > X-Forwarded-For: ::1 > X-Forwarded-Server: localhost > Host: localhost:8080 > > The only thing that looks a bit dodgy is the X-Forwarded-For: header.... > > Looking into it... > > Dave > > On Fri, Sep 30, 2022 at 12:55 AM Alessandro Parma < > alessandro.pa...@geosolutionsgroup.com> wrote: > >> Hi Dave, Jody, >> >> >> I set -DGEOSERVER_CSRF_WHITELIST=gs-main.geosolutionsgroup.com >> >> Not sure where to configure the X-Forwarded-** headers. >>> >> >> I am not as familiar with Apache HTTP but there's a chance the headers >> are already there. Yes, you can enable headers logging directly in geoserver >> >> https://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#enable-request-logging >> >> [image: image.png] >> >> [image: image.png] >> >> Alessandro >> >> On Fri, Sep 30, 2022 at 4:29 AM David Blasby <david.bla...@geocat.net> >> wrote: >> >>> Hi, >>> >>> I setup apache (localhost:8111) with this; >>> >>> ProxyPass "/dave/" "http://localhost:8080/geoserver/"; >>> ProxyPassReverse "/dave/" "http://localhost:8080/geoserver/"; >>> >>> This means that "localhost:8111/dave/web" takes me to the geoserver >>> homepage (running on localhost:8080). >>> >>> Inside geoserver, I set the proxy base url to " >>> http://localhost:8111/dave";. >>> >>> That's all the configuration I did - I'm not setting any "X-Forwarded-** >>> headers" (unless apache does that automatically). >>> >>> I found - >>> https://docs.geoserver.org/stable/en/user/configuration/globalsettings.html >>> >>> I guess I have to set these somehow... >>> >>> Dave >>> >>> >>> >>> On Thu, Sep 29, 2022 at 11:41 AM Jody Garnett <jody.garn...@gmail.com> >>> wrote: >>> >>>> Alessandro: >>>> >>>> David was testing with the Proxy Base URL setting correctly. >>>> >>>> I am also trying to set up a test environment with apache with >>>> mod_proxy as per random blog post instructions ( >>>> https://www.middlewareinventory.com/blog/docker-reverse-proxy-example/). >>>> But I don't really know what I am doing so it is unlikely to match your >>>> setup. >>>> >>>> Not sure where to configure the X-Forwarded-** headers. >>>> >>>> Did you need to configure >>>> https://docs.geoserver.org/stable/en/user/security/webadmin/csrf.html >>>> with GEOSERVER_CSRF_WHITELIST or GEOSERVER_CSRF_DISABLED? >>>> -- >>>> Jody Garnett >>>> >>>> >>>> On Thu, 29 Sept 2022 at 07:01, Alessandro Parma < >>>> alessandro.pa...@geosolutionsgroup.com> wrote: >>>> >>>>> Hi David, andrea >>>>> >>>>> b) When I proxied geoserver, I couldn't save most configuration >>>>>>> options (i.e. change the logging profile) >>>>>>> * it would give me a "Origin does not correspond to request" >>>>>>> error >>>>>>> * others recommended setting "-DGEOSERVER_CSRF_DISABLED=true" >>>>>>> + this worked, but now if I change the logging profile it >>>>>>> will log me out (but my changes were saved). >>>>>>> Hum... not sure, I'll inquire with Alessandro on how the proxying is >>>>>>> set up. >>>>>> >>>>>> >>>>> I understand this is an unrelated problem with your local environment >>>>> David. I suggest you check your PROXY_BASE_URL settings. >>>>> >>>>> In terms of proxy config there is nothing special honestly.. we're >>>>> using Nginx with an explicitly set PROXY_BASE_URL: >>>>> >>>>> [image: image.png] >>>>> >>>>> And we are passing the X-Forwarded-** headers from Nginx to GeoServer. >>>>> That info should be used by GeoServer to understand >>>>> what protocols and host are used by the user to connect to it. >>>>> >>>>> We can have a closer look but before we do that are you sure you >>>>> cannot reproduce it locally on an HTTPS setup? >>>>> >>>>> Thank you, >>>>> Alessandro >>>>> >>>>> On Thu, Sep 29, 2022 at 9:46 AM Andrea Aime < >>>>> andrea.a...@geosolutionsgroup.com> wrote: >>>>> >>>>>> On Thu, Sep 29, 2022 at 1:05 AM David Blasby <david.bla...@geocat.net> >>>>>> wrote: >>>>>> >>>>>>> Andrea, >>>>>>> >>>>>>> I tried to reproduce this and found some more issues; >>>>>>> >>>>>>> a) I couldn't "cd web/app; mvn jetty:run" >>>>>>> * I get a nullpointerexception - likely because there's no >>>>>>> settings in global.xml >>>>>>> * i used data/release and it worked fine >>>>>>> >>>>>> >>>>>> Uh yeah, this is bad... GeoServer should be able to start off a >>>>>> completely empty data directory (eventually >>>>>> with some warning). I thought we had a test to that effect, but I >>>>>> cannot find it... >>>>>> >>>>>> >>>>>>> b) When I proxied geoserver, I couldn't save most configuration >>>>>>> options (i.e. change the logging profile) >>>>>>> * it would give me a "Origin does not correspond to request" >>>>>>> error >>>>>>> * others recommended setting "-DGEOSERVER_CSRF_DISABLED=true" >>>>>>> + this worked, but now if I change the logging profile it >>>>>>> will log me out (but my changes were saved). >>>>>>> >>>>>> >>>>>> Hum... not sure, I'll inquire with Alessandro on how the proxying is >>>>>> set up. >>>>>> >>>>>> Cheers >>>>>> Andrea >>>>>> >>>>>> == >>>>>> >>>>>> GeoServer Professional Services from the experts! >>>>>> >>>>>> Visit http://bit.ly/gs-services-us for more information. >>>>>> == >>>>>> >>>>>> Ing. Andrea Aime >>>>>> @geowolf >>>>>> Technical Lead >>>>>> >>>>>> GeoSolutions Group >>>>>> phone: +39 0584 962313 >>>>>> >>>>>> fax: +39 0584 1660272 >>>>>> >>>>>> mob: +39 339 8844549 >>>>>> >>>>>> https://www.geosolutionsgroup.com/ >>>>>> >>>>>> http://twitter.com/geosolutions_it >>>>>> >>>>>> ------------------------------------------------------- >>>>>> >>>>>> Con riferimento alla normativa sul trattamento dei dati personali >>>>>> (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati >>>>>> “GDPR”), >>>>>> si precisa che ogni circostanza inerente alla presente email (il suo >>>>>> contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è >>>>>> riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il >>>>>> messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra >>>>>> operazione è illecita. Le sarei comunque grato se potesse darmene >>>>>> notizia. >>>>>> >>>>>> This email is intended only for the person or entity to which it is >>>>>> addressed and may contain information that is privileged, confidential or >>>>>> otherwise protected from disclosure. We remind that - as provided by >>>>>> European Regulation 2016/679 “GDPR” - copying, dissemination or use of >>>>>> this >>>>>> e-mail or the information herein by anyone other than the intended >>>>>> recipient is prohibited. If you have received this email by mistake, >>>>>> please >>>>>> notify us immediately by telephone or e-mail >>>>>> _______________________________________________ >>>>>> Geoserver-devel mailing list >>>>>> Geoserver-devel@lists.sourceforge.net >>>>>> https://lists.sourceforge.net/lists/listinfo/geoserver-devel >>>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> Regards, Alessandro Parma == GeoServer Professional Services from the >>>>> experts! Visit http://goo.gl/it488V for more information. == >>>>> Alessandro Parma DevOps Engineer GeoSolutions S.A.S. Via di Montramito 3/A >>>>> 55054 Massarosa (LU) Italy phone: +39 340 4752467 fax: +39 0584 1660272 >>>>> https://www.geosolutionsgroup.com https://twitter.com/geosolutions_it >>>>> ------------------------------------------------------- Con riferimento >>>>> alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - >>>>> Regolamento generale sulla protezione dei dati “GDPR”), si precisa che >>>>> ogni >>>>> circostanza inerente alla presente email (il suo contenuto, gli eventuali >>>>> allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i >>>>> destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per >>>>> errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le >>>>> sarei comunque grato se potesse darmene notizia. This email is intended >>>>> only for the person or entity to which it is addressed and may contain >>>>> information that is privileged, confidential or otherwise protected from >>>>> disclosure. We remind that - as provided by European Regulation 2016/679 >>>>> “GDPR” - copying, dissemination or use of this e-mail or the information >>>>> herein by anyone other than the intended recipient is prohibited. If you >>>>> have received this email by mistake, please notify us immediately by >>>>> telephone or e-mail. >>>>> _______________________________________________ >>>>> Geoserver-devel mailing list >>>>> Geoserver-devel@lists.sourceforge.net >>>>> https://lists.sourceforge.net/lists/listinfo/geoserver-devel >>>>> >>>> _______________________________________________ >>>> Geoserver-devel mailing list >>>> Geoserver-devel@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/geoserver-devel >>>> >>> >> >> -- >> >> Regards, Alessandro Parma == GeoServer Professional Services from the >> experts! Visit http://goo.gl/it488V for more information. == Alessandro >> Parma DevOps Engineer GeoSolutions S.A.S. Via di Montramito 3/A 55054 >> Massarosa (LU) Italy phone: +39 340 4752467 fax: +39 0584 1660272 >> https://www.geosolutionsgroup.com https://twitter.com/geosolutions_it >> ------------------------------------------------------- Con riferimento >> alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - >> Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni >> circostanza inerente alla presente email (il suo contenuto, gli eventuali >> allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i >> destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per >> errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le >> sarei comunque grato se potesse darmene notizia. This email is intended >> only for the person or entity to which it is addressed and may contain >> information that is privileged, confidential or otherwise protected from >> disclosure. We remind that - as provided by European Regulation 2016/679 >> “GDPR” - copying, dissemination or use of this e-mail or the information >> herein by anyone other than the intended recipient is prohibited. If you >> have received this email by mistake, please notify us immediately by >> telephone or e-mail. >> >
_______________________________________________ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
