Thanks!! that actually worked! The certificate is still invalid, but
I can reach the login window and do work with it right now behind my
test router.
There is probably a setting inside the config file that tells the
certificate generator to also kick in.
I am not certain where that is yet.
On 2024/11/11 06:48:52 Groza Danut wrote:
> Hi Nathan,
>
> That host-headers-allowed property in the security. properties file
> specifies the address at which Ofbiz should be accesible. As you can see
> currently it is only accessible from localhost or the official ofbiz
> domains.
>
> As you want to access ofbiz from another computer you will need to
add the
> address of the server on which ofbiz is running to that list. The address
> is the one you use in the browser to access ofbiz. I believe in your case
> it should be that ip printed in the error mesage.
>
> Not sure about the certificate problem. Out of the box Ofbiz should
> generate it's own self signed certificate, so you don't need to do
anything
> there, except to ignore the warning when the browser is telling you that
> the certificate is not trusted.
> Groza Danut
>
> On Mon, 11 Nov 2024, 08:11 Nathan Reddancer, wrote:
>
> > Cheers everyone.
> >
> > I've added users already while learning the online tutorials, but now
> > that I can now reach the server from other computers behind the router,
> > but I am getting an error page with the ofbiz logo that says:
> >
> > "Error Messageorg.apache.ofbiz.webapp.control.RequestHandlerException:
> > Domain 192.xxx.x.xx not accepted to prevent host header injection. You
> > need to set host-headers-allowed property in security.properties file."
> >
> > The only area I see that has the term Host-Headers in it is in the
line:
> > "
> > host-headers-allowed=localhost,127.0.0.1,demo-trunk.ofbiz.apache.org,
> > demo-stable.ofbiz.apache.org,demo-next.ofbiz.apache.org
> > "
> >
> > Am I supposed to edit that line of text there to allow the my browsers
> > from other computers behind my router see it?
> >
> > Or do i just need to update the certificate somehow? The certificate
> > that is generated says it was dated:
> >
> > "Validity Period:
> > Issued On Friday, May 30, 2014 at 3:43:19 AM
> > Expires On Monday, May 27, 2024 at 3:43:19 AM "
> >
> > (ahem cough.) ok so yeah, quite obviously out of date lol. I read a
> > mailing list posting from a few years ago that there is a certificate
> > generator already built into the software (?)
> >
> > Once I can climb this final newbie hurdle, then I should be able to
> > reach the user/ login screen. I also promise to do my best to keep
> > updating the patches as I learn how to do that.
> >
> > Thanks so much for this software and for all the help.
> >
> >
>
