USE_SSL enabled, but not able to login to the share page

[melani016]

i have downloaded docker-compose.yml for alfresco 7.0.0
and changed nginx as below in the .yml file. (generated self signed cert and gave the path below)
proxy:
image: alfresco/alfresco-acs-nginx:3.2.0
mem_limit: 128m
environment:
DISABLE_PROMETHEUS: "true"
DISABLE_SYNCSERVICE: "true"
DISABLE_ADW: "true"
USE_SSL: "true"
DOMAIN: "10.188.104.245" # when USE_SSL="true"
depends_on:
- alfresco
ports:
- 443:443
links:
- alfresco
- share
volumes:
- /mypath/ssl:/etc/nginx/ssl/ # when USE_SSL="true"

when i started alfresco using docker-compose up, im not able to login to the share page. getting below error.
ERROR [alfresco.web.site] [http-nio-8080-exec-1] javax.servlet.ServletException: Possible CSRF attack noted when asserting referer header 'https://10.188.104.245/share/page/'. Request: POST /share/page/dologin, FAILED TEST: Assert referer POST /share/page/dologin :: referer: 'https://10.188.104.245/share/page/' vs server & context: http://10.188.104.245:443/ (string) or (regexp)
please help.
already tried below:

1. disable csrf in alfresco-gobal.properties: csrf.filter.enabled=false
2. disable in share-config-custom.xml:
   t3. ried to clear cache
   but nothing worked

[melani016]

i am able to login. but page is redirecting to http after entering credentials. if i modify the url with https, it is opening the dashboard
However after that, solr is giving below error. any extra config is required for solr? if so how to provide .key and .cert files to solr?
solr6_1 | 2021-04-22 06:04:00.023 ERROR (org.alfresco.solr.AlfrescoCoreAdminHandler@30feffc_Worker-8) [ ] o.a.s.t.ShardStatePublisher Unable to publish this node state. A failure condition has been met during the outbound subscription message encoding process. See the stacktrace below for further details.
solr6_1 | java.net.ConnectException: Connection refused (Connection refused)

thank you

[aborroy]

You may try using this project to generate Docker Compose with HTTPs enabled as sample:
https://github.com/alfresco/alfresco-docker-installer

It includes the right configuration for every service.

[melani016]

thank you for the quick reply.
i have followed steps from https://github.com/alfresco/alfresco-docker-installer
given below input
? Which ACS version do you want to use? 6.2
? How may GB RAM are available for Alfresco (12 is minimum required)? 12
? Do you want to use HTTPs for Web Proxy? Yes
? What is the name of your server? testalf.com
? What HTTPs port do you want to use (all the services are using the same port)? 443
? Do you want to use FTP (port 2121)? No
? Do you want to use MariaDB instead of PostgreSQL? No
? Are you using different languages (this is the most common scenario)? Yes
? Do you want to create an internal SMTP server? No
? Do you want to create an internal LDAP server? No
? Select the addons to be installed: Google Docs 3.1.0, JavaScript Console 0.6, Order of the Bee Support Tools 1.0.0.0, Share Site Creators 0.0.7
? Are you using a Windows host to run Docker? No
? Do you want to use a start script? Yes

and started the alfresco
when i try to access "https://testalf.com" in the google chrome, its showing "site cant be reached"
am i missing something

[aborroy]

I guess you have an entry in "/etc/hosts" for 127.0.0.1 testalf.com right?

[melani016]

yes, i modified /etc/hosts/ already. still getting error. please find the error details below
i checked docker logs for container dockercompose_alfresco
and found below error
2021-04-23 12:17:53,411 ERROR [web.context.ContextLoader] [localhost-startStop-1] Context initialization failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.beans.factory.config.CustomEditorConfigurer#0' defined in class path resource [alfresco/core-services-context.xml]: Cannot resolve reference to bean 'customPropertyEditorRegistrar' while setting bean property 'propertyEditorRegistrars' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'customPropertyEditorRegistrar' defined in class path resource [alfresco/core-services-context.xml]: Cannot resolve reference to bean 'NamespaceService' while setting bean property 'namespaceService'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'dictionaryDAO' defined in class path resource [alfresco/core-services-context.xml]: Cannot resolve reference to bean 'tenantService' while setting bean property 'tenantService'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'tenantService' defined in URL [jar:file:/usr/local/tomcat/webapps/alfresco/WEB-INF/lib/alfresco-repository-7.134.1.jar!/alfresco/mt/mt-context.xml]: Cannot resolve reference to bean 'tenantAdminDAO' while setting bean property 'tenantAdminDAO'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'tenantAdminDAO' defined in class path resource [alfresco/dao/dao-context.xml]: Cannot resolve reference to bean 'repoSqlSessionTemplate' while setting bean property 'sqlSessionTemplate'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'repoSqlSessionTemplate' defined in class path resource [alfresco/ibatis/ibatis-context.xml]: Cannot resolve reference to bean 'repoSqlSessionFactory' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'repoSqlSessionFactory' defined in class path resource [alfresco/ibatis/ibatis-context.xml]: Cannot resolve reference to bean 'dialectResourceLoader' while setting bean property 'resourceLoader'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'dialectResourceLoader' defined in class path resource [alfresco/ibatis/ibatis-context.xml]: Cannot create inner bean 'org.springframework.beans.factory.config.PropertyPathFactoryBean#7ccdbd0d' of type [org.springframework.beans.factory.config.PropertyPathFactoryBean] while setting bean property 'dialectClass'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.beans.factory.config.PropertyPathFactoryBean#7ccdbd0d' defined in class path resource [alfresco/ibatis/ibatis-context.xml]: Initialization of bean failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'dialect': FactoryBean threw exception on object creation; nested exception is org.springframework.jdbc.CannotGetJdbcConnectionException: Failed to obtain JDBC Connection; nested exception is org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (The connection attempt failed.)

and also, i had to comment below command in alfresco/Dockerfile because it gave error. does this cause any issue?
#RUN yum -y update &&
# yum -y install wget &&
# yum clean all &&
# set -x
# && wget https://artifacts.alfresco.com/nexus/service/local/repositories/releases/content/org/alfresco/api-
explorer/${API_EXPLORER_TAG}/api-explorer-${API_EXPLORER_TAG}.war
# -O /usr/local/tomcat/webapps/api-explorer.war

Error i got for above yum command is
One of the configured repositories failed (Unknown),
and yum doesn't have enough cached data to continue. At this point the only
safe thing yum can do is fail. There are a few ways to work "fix" this: ...
Cannot find a valid baseurl for repo: base/7/x86_64
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=container error was
12: Timeout on http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=container: (28, 'Resolving timed out after 30538 milliseconds')
ERROR: Service 'alfresco' failed to build: The command '/bin/sh -c yum -y update && yum -y install wget && yum clean all && set -x && wget https://artifacts.alfresco.com/nexus/service/local/repositories/releases/content/org/alfresco/api-explorer/${API_EXPLORER_TAG}/api-explorer-${API_EXPLORER_TAG}.war -O /usr/local/tomcat/webapps/api-explorer.war' returned a non-zero code: 1

note: i am behind corporate proxy

[melani016]

Now solved the issue by setting the proxy, but still not able access https://testalf.com from browser.
i have set /etc/hosts as below
127.0.0.1 testalf.com
anything else am i missing?
i am able to connect to https://IPadd:443/alfresco, but not share https://IPaddr:443/share. however i need to access using domain name
tried importing config/localhost.cert into the browser. still not working
ping testalf.com is working but not from browser

[melani016]

i added the url to proxy exceptions list, working now. thank you

[srbonham]

You can still use the alfresco-acs-nginx:3.2.0 image, but you just need to make sure you update Share's tomcat.

You would need to create a Dockerfile for share with the following RUN command

FROM quay.io/alfresco/alfresco-share:7.0.0

ARG TOMCAT_DIR=/usr/local/tomcat

USER root

RUN sed -i '/Connector port="8080"/a scheme="https" secure="true"' /usr/local/tomcat/conf/server.xml &&
sed -i "/Connector port="8080"/a proxyName="${SERVER_NAME}" proxyPort="443"" /usr/local/tomcat/conf/server.xml