Wow! This is indeed the solution, together with the nginx config below
(the allow/deny is to deny internet access). Thanks!!
best regards
Frans
location /geoserver/ {
allow x.x.x.x;
deny all;
proxy_pass http://yourgeoserver:8080/geoserver/;
proxy_pass_header Set-Cookie;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
allow x.x.x.x;
deny all;
proxy_pass http://yourgeoserver:8080/geoserver/;
proxy_pass_header Set-Cookie;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
On 03/08/2022 15:58, Christian Mayer wrote:
Hi Frans, hi all,
I had running a GeoServer >2.19 with a nginx in the past. I remember
some problems with unwanted redirects and similar when behind the proxy.
Besides setting the "Proxy Base URL" I had to set the ENV VAR
"GEOSERVER_CSRF_WHITELIST", like
GEOSERVER_CSRF_WHITELIST=my-geoserver.server.de to get the Web-UI and
all services fully functional.
Not sure if it was exactly the same problems you had but maybe you
want to give it a shot and report back here.
Best regards
Chris
On 03.08.22 08:57, Frans Fierens wrote:
Thx Graham.
This is indeed a solution. But not everything is solved: a wfs/wms
GetCapabilities request will rely on the Global proxy-base url. It
seems that the "online resource" option in the wfs/wms service
section is not being used (?)
To illustrate this:
1. GetCapabilities using geoserver v2.18.6:
https://geo.irceline.be/wfs?request=GetCapabilities&service : the
xlinks are correctly pointing to the proxy url
https://geo.irceline.be/wfs. Global proxy-base
url=https://geo.irceline.be, admin pages are accessible.
2. GetCapabilities using geoserver v2.21.0 with empty Global
proxy-base url:
https://geonew.irceline.be/wfs?request=GetCapabilities&service : the
xlinks are pointing to http://georocky/geoserver/wfs and NOT to the
correct proxy url https://geonew.irceline.be/wfs. This will only be
correct when the Global proxy-base url is not empty ... but then the
admin pages are not accessible anymore.
catch 22 ...
best regards,
Frans
On 03/08/2022 02:22, Humphries, Graham wrote:
Hi Frans,
I lodged the original issue about this. What I have done is set the
proxy-base url for the workspace and left the Global proxy-base url
unset. This allows me to access the admin pages.
*From:*Frans Fierens <fier...@irceline.be>
*Sent:* Wednesday, 3 August 2022 2:26 AM
*To:* Andrea Aime <andrea.a...@geosolutionsgroup.com>
*Cc:* geoserver-users@lists.sourceforge.net
*Subject:* Re: [Geoserver-users] problem with Proxy Base URL as from
version 2.19
Thanks Andrea,
I already tried to configure the nginx but without success. It would
be interesting to get more info on the nginx config. There are also
other issues to deal when using this option: you give internet
access to the admin pages (which I would prefer not to do).
best regards,
Frans
On 02/08/2022 18:09, Andrea Aime wrote:
Hi Frans,
maybe it just requires a different set up? These two servers are
using nginx proxying, and a proxy base URL,
but the UI works, as you can see:
https://gs-main.geosolutionsgroup.com/geoserver/web/
<https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgs-main.geosolutionsgroup.com%2Fgeoserver%2Fweb%2F&data=05%7C01%7Cgraham.humphries%40stategrowth.tas.gov.au%7C44b6a4196cde468dde9808da74a3e9a2%7C64ebab8accf44b5ca2d32b4e972d96b2%7C0%7C0%7C637950544616078904%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Y5ciw1cuX%2FCeiIjZI3ISpIGmBi8p3pWbSp4UpZLBt7g%3D&reserved=0>
http://gs-stable.geosolutionsgroup.com/geoserver/web/
<https://aus01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgs-stable.geosolutionsgroup.com%2Fgeoserver%2Fweb%2F&data=05%7C01%7Cgraham.humphries%40stategrowth.tas.gov.au%7C44b6a4196cde468dde9808da74a3e9a2%7C64ebab8accf44b5ca2d32b4e972d96b2%7C0%7C0%7C637950544616078904%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=3h4L6AkboZxuA3v%2FDfIqeUfGG81V9j4YdwSf8lVX2iI%3D&reserved=0>
One is a 2.20.x, the other is a nightly build from the developer
series.
Unfortunately I don't know exactly how they are set up NGINX
wise, but I can tell you the proxy base URL configured in GeoServer
is simple, e.g.
"https://gs-main.geosolutionsgroup.com/geoserver/
<https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgs-main.geosolutionsgroup.com%2Fgeoserver%2F&data=05%7C01%7Cgraham.humphries%40stategrowth.tas.gov.au%7C44b6a4196cde468dde9808da74a3e9a2%7C64ebab8accf44b5ca2d32b4e972d96b2%7C0%7C0%7C637950544616078904%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=OAIceeGqwA31utgeJ0rg%2Bj6bRYkSIoDvyj97Es0TM8g%3D&reserved=0>"
Cheers
Andrea
On Tue, Aug 2, 2022 at 3:10 PM Frans Fierens
<fier...@irceline.be> wrote:
Hello,
I do have the same problem as posted in:
https://sourceforge.net/p/geoserver/mailman/message/37250476/
<https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsourceforge.net%2Fp%2Fgeoserver%2Fmailman%2Fmessage%2F37250476%2F&data=05%7C01%7Cgraham.humphries%40stategrowth.tas.gov.au%7C44b6a4196cde468dde9808da74a3e9a2%7C64ebab8accf44b5ca2d32b4e972d96b2%7C0%7C0%7C637950544616078904%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=lMSYlFLrdouEL3yOCAX3aGUljHhtm%2Br6oaFm0Hn%2B3Ns%3D&reserved=0>
When geoserver is behind a reverse proxy as nginx and when
"Proxy Base
URL" is not empty in the global setting, it is not possible
to access
the web user interface anymore. I also did some tests, and
this issue
starts at version 2.19.
This is very annoying.
When "Proxy Base URL" is empty, you can login to the webui,
but a wfs or
wms?request=GetCapabilities&service will not be given the
correct xlinks
( xlink:href="https://proxy_url_name/wfs";) but will show
(xlink:href="http://servername:8080/geoserver/wfs (or wms)")
When "Proxy Base URL" is not empty (https://proxy_url_name),
then it is
not possible to login via the webinterface.
Is it possible to solve this?
thanks.
Frans Fierens
_______________________________________________
Geoserver-users mailing list
Please make sure you read the following two resources before
posting to this list:
- Earning your support instead of buying it, but Ian Turton:
http://www.ianturton.com/talks/foss4g.html#/
<https://aus01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.ianturton.com%2Ftalks%2Ffoss4g.html%23%2F&data=05%7C01%7Cgraham.humphries%40stategrowth.tas.gov.au%7C44b6a4196cde468dde9808da74a3e9a2%7C64ebab8accf44b5ca2d32b4e972d96b2%7C0%7C0%7C637950544616078904%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=V8AbocMv5m1a2TDtBej8l7jtkOofoF6UTx7qsr6g7UA%3D&reserved=0>
- The GeoServer user list posting guidelines:
http://geoserver.org/comm/userlist-guidelines.html
<https://aus01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgeoserver.org%2Fcomm%2Fuserlist-guidelines.html&data=05%7C01%7Cgraham.humphries%40stategrowth.tas.gov.au%7C44b6a4196cde468dde9808da74a3e9a2%7C64ebab8accf44b5ca2d32b4e972d96b2%7C0%7C0%7C637950544616235146%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=r4ngjfp0M0jcBsD6NyljXt9%2FWolldgjHmRcDuC9dgLs%3D&reserved=0>
If you want to request a feature or an improvement, also see
this:
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
<https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fgeoserver%2Fgeoserver%2Fwiki%2FSuccessfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer&data=05%7C01%7Cgraham.humphries%40stategrowth.tas.gov.au%7C44b6a4196cde468dde9808da74a3e9a2%7C64ebab8accf44b5ca2d32b4e972d96b2%7C0%7C0%7C637950544616391380%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=A51cbTMA7wzs%2FFgIg%2BGKt%2Br%2BHwf%2B%2FOXh2Tjs6G%2BThhs%3D&reserved=0>
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
<https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fgeoserver-users&data=05%7C01%7Cgraham.humphries%40stategrowth.tas.gov.au%7C44b6a4196cde468dde9808da74a3e9a2%7C64ebab8accf44b5ca2d32b4e972d96b2%7C0%7C0%7C637950544616391380%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=1FLCeedu3oo3zt7C8ze2LodKqQBxl2KZM68aaVkDkY0%3D&reserved=0>
--
Regards,
Andrea Aime
== GeoServer Professional Services from the experts!
Visit http://bit.ly/gs-services-us
<https://aus01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fbit.ly%2Fgs-services-us&data=05%7C01%7Cgraham.humphries%40stategrowth.tas.gov.au%7C44b6a4196cde468dde9808da74a3e9a2%7C64ebab8accf44b5ca2d32b4e972d96b2%7C0%7C0%7C637950544616391380%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=e2zjke1CsqZfI9deu9Oiv6U7Z1GQAnqAccDAo9HHwPo%3D&reserved=0>for
more information. == Ing. Andrea Aime @geowolf Technical Lead
GeoSolutions Group phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
https://www.geosolutionsgroup.com/
<https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.geosolutionsgroup.com%2F&data=05%7C01%7Cgraham.humphries%40stategrowth.tas.gov.au%7C44b6a4196cde468dde9808da74a3e9a2%7C64ebab8accf44b5ca2d32b4e972d96b2%7C0%7C0%7C637950544616391380%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=58F1P4vFZU2pedXBUJL8S9IMOqW8k5t7uhhi0CJT638%3D&reserved=0>
http://twitter.com/geosolutions_it
<https://aus01.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftwitter.com%2Fgeosolutions_it&data=05%7C01%7Cgraham.humphries%40stategrowth.tas.gov.au%7C44b6a4196cde468dde9808da74a3e9a2%7C64ebab8accf44b5ca2d32b4e972d96b2%7C0%7C0%7C637950544616391380%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=5IIlGnHHi3qMqhH1dxXZ%2BxJtTRn1V6inNxZ4wMJYfDU%3D&reserved=0>
-------------------------------------------------------
Con riferimento alla normativa sul trattamento dei dati
personali (Reg. UE 2016/679 - Regolamento generale sulla
protezione dei dati “GDPR”), si precisa che ogni circostanza
inerente alla presente email (il suo contenuto, gli eventuali
allegati, etc.) è un dato la cui conoscenza è riservata al/i
solo/i destinatario/i indicati dallo scrivente. Se il messaggio
Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra
operazione è illecita. Le sarei comunque grato se potesse
darmene notizia. This email is intended only for the person or
entity to which it is addressed and may contain information that
is privileged, confidential or otherwise protected from
disclosure. We remind that - as provided by European Regulation
2016/679 “GDPR” - copying, dissemination or use of this e-mail
or the information herein by anyone other than the intended
recipient is prohibited. If you have received this email by
mistake, please notify us immediately by telephone or e-mail
--
Frans Fierens<fier...@irceline.be> <mailto:fier...@irceline.be>
Medewerker van de Vlaamse Milieumaatschappij (VMM,http://www.vmm.be
<https://aus01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.vmm.be%2F&data=05%7C01%7Cgraham.humphries%40stategrowth.tas.gov.au%7C44b6a4196cde468dde9808da74a3e9a2%7C64ebab8accf44b5ca2d32b4e972d96b2%7C0%7C0%7C637950544616391380%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=heqFTVJNkgNWyEMJOf4pHvWL%2FbimWVfdVLLprTqLrwo%3D&reserved=0>)
aangesteld bij de Intergewestelijke Cel voor het Leefmilieu (IRCEL).
--
Intergewestelijke Cel voor het Leefmilieu (IRCEL)
Gaucheretstraat 92-94
1030 Brussel
http://www.irceline.be
<https://aus01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.irceline.be%2F&data=05%7C01%7Cgraham.humphries%40stategrowth.tas.gov.au%7C44b6a4196cde468dde9808da74a3e9a2%7C64ebab8accf44b5ca2d32b4e972d96b2%7C0%7C0%7C637950544616391380%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=A97jxYizBdYC%2F%2Fk9YK6BThhGgibMqI43zRNgVYrwlGA%3D&reserved=0>
http://twitter.com/SMOG_BE
<https://aus01.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftwitter.com%2FSMOG_BE&data=05%7C01%7Cgraham.humphries%40stategrowth.tas.gov.au%7C44b6a4196cde468dde9808da74a3e9a2%7C64ebab8accf44b5ca2d32b4e972d96b2%7C0%7C0%7C637950544616391380%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=BYMwOtrAmIx9EChhpk42MqnUya0wNZdg1TwVuxWRYUM%3D&reserved=0>
https://www.facebook.com/ircel.celine
<https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2Fircel.celine&data=05%7C01%7Cgraham.humphries%40stategrowth.tas.gov.au%7C44b6a4196cde468dde9808da74a3e9a2%7C64ebab8accf44b5ca2d32b4e972d96b2%7C0%7C0%7C637950544616391380%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=1ADJes272Crpk50aSOHroivzBkVusnOzR08vO2UFNY4%3D&reserved=0>
Tel 00 32(0)2 227 56 71
GSM 00 32(0)494 62 91 40
Skype Frans_JMC.Fierens
------------------------------------------------------------------------
CONFIDENTIALITY NOTICE AND DISCLAIMER
The information in this transmission may be confidential and/or
protected by legal professional privilege, and is intended only for
the person or persons to whom it is addressed. If you are not such a
person, you are warned that any disclosure, copying or dissemination
of the information is unauthorised. If you have received the
transmission in error, please immediately contact this office by
telephone, fax or email, to inform us of the error and to enable
arrangements to be made for the destruction of the transmission, or
its return at our cost. No liability is accepted for any
unauthorised use of the information contained in this transmission.
--
Frans Fierens<fier...@irceline.be>
Medewerker van de Vlaamse Milieumaatschappij (VMM,http://www.vmm.be) aangesteld
bij de Intergewestelijke Cel voor het Leefmilieu (IRCEL).
--
Intergewestelijke Cel voor het Leefmilieu (IRCEL)
Gaucheretstraat 92-94
1030 Brussel
http://www.irceline.be
http://twitter.com/SMOG_BE
https://www.facebook.com/ircel.celine
Tel 00 32(0)2 227 56 71
GSM 00 32(0)494 62 91 40
Skype Frans_JMC.Fierens
_______________________________________________
Geoserver-users mailing list
Please make sure you read the following two resources before posting to this
list:
- Earning your support instead of buying it, but Ian
Turton:http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting
guidelines:http://geoserver.org/comm/userlist-guidelines.html
If you want to request a feature or an improvement, also see
this:https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
_______________________________________________
Geoserver-users mailing list
Please make sure you read the following two resources before posting to this
list:
- Earning your support instead of buying it, but Ian
Turton:http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting
guidelines:http://geoserver.org/comm/userlist-guidelines.html
If you want to request a feature or an improvement, also see
this:https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
--
Frans Fierens<fier...@irceline.be>
Medewerker van de Vlaamse Milieumaatschappij (VMM,http://www.vmm.be) aangesteld
bij de Intergewestelijke Cel voor het Leefmilieu (IRCEL).
--
Intergewestelijke Cel voor het Leefmilieu (IRCEL)
Gaucheretstraat 92-94
1030 Brussel
http://www.irceline.be
http://twitter.com/SMOG_BE
https://www.facebook.com/ircel.celine
Tel 00 32(0)2 227 56 71
GSM 00 32(0)494 62 91 40
Skype Frans_JMC.Fierens
_______________________________________________
Geoserver-users mailing list
Please make sure you read the following two resources before posting to this
list:
- Earning your support instead of buying it, but Ian Turton:
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines:
http://geoserver.org/comm/userlist-guidelines.html
If you want to request a feature or an improvement, also see this:
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
