On 03/09/19 15:20, Dalrymple, Philip wrote: > OK I tried adding the WebSocket as well but still get the same > results: > > Works direct but the proxy just stays on the login page. > > At the end of the log I get > > syncope-console_1 | 50.59.199.214 - - [03/Sep/2019:13:13:41 +0000] "POST > /syncope-console/login?1-1.0-login-submit HTTP/1.1" 400 1195 > > (a bad request response)
Yes, it seems it is required to disable the CSRF checks to make things working behind reverse proxy. Hence, you should turn csrf=true into csrf=false in /etc/apache-syncope/console.properties. Regards. > I now see the change of admin password, what is the right way to generate a > SSHA256 form, it does not > look like a standard $XX$... password with hash encoding. > > does the bcrypt method support strings of the form $2a$12$0HvCGo2ao0gI3q8.... > for a 12th order bcrypt encode? > > ________________________________________ > From: Francesco Chicchiriccò <ilgro...@apache.org> > Sent: Tuesday, September 3, 2019 8:43 > To: user@syncope.apache.org > Subject: Re: Syncope behind a Apache Reverse proxy. > > Hi Philip, welcome to Syncope. > > See my replies embedded below. > Regards. > > On 03/09/19 14:25, Dalrymple, Philip wrote: >> I am new to Syncope and have a VM server with docker with a Postgres DB and >> an Apache web >> server on the main VM and the syncope, syncope-console, & syncope-enduser as >> images >> on docker. I can access the console (as admin, default password) from >> XXX.example.com:28080/syncope-console >> but the reverse proxy shows the login page and stays there. >> >> I assume that this is not an uncommon configuration, what am I doing wrong. > With Admin Console you should consider that WebSockets come into play, > so instead of > > <Location /syncope-console> > ProxyPreserveHost on > ProxyPass http://XXXXX.mdtsoft.com:28080/syncope-console > ProxyPassReverse http://XXXX.mdtsoft.com:28080/syncope-console > </Location> > > you should configure something as follows: > > <Location /syncope-console> > ProxyPreserveHost on > ProxyPass ws://XXXXX.mdtsoft.com:28080/syncope-console > ProxyPass http://XXXXX.mdtsoft.com:28080/syncope-console > ProxyPassReverse http://XXXX.mdtsoft.com:28080/syncope-console > </Location> > >> Also what is the correct way to change the admin password; admin does not >> appear in the users. > See > http://syncope.apache.org/docs/2.1/reference-guide.html#set-admin-credentials > >> my docker compose file: >> # Licensed to the Apache Software Foundation (ASF) under one >> # or more contributor license agreements. See the NOTICE file >> # distributed with this work for additional information >> # regarding copyright ownership. The ASF licenses this file >> # to you under the Apache License, Version 2.0 (the >> # "License"); you may not use this file except in compliance >> # with the License. You may obtain a copy of the License at >> # >> # http://www.apache.org/licenses/LICENSE-2.0 >> # >> # Unless required by applicable law or agreed to in writing, >> # software distributed under the License is distributed on an >> # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY >> # KIND, either express or implied. See the License for the >> # specific language governing permissions and limitations >> # under the License. >> >> # Full deployment (Core, Console, Enduser) on PostgreSQL with JSONB support >> >> version: '3.3' >> >> services: >> >> syncope: >> image: apache/syncope:2.1.4 >> ports: >> - "18080:8080" >> restart: always >> environment: >> DBMS: pgjsonb >> DB_URL: "jdbc:postgresql://XXXXX.mdtsoft.com:5432/syncope?stringtype= >> unspecified" >> DB_USER: "syncope" >> DB_PASSWORD: "XXXXXXXX" >> DB_POOL_MAX: 10 >> DB_POOL_MIN: 2 >> OPENJPA_REMOTE_COMMIT: sjvm >> >> syncope-console: >> depends_on: >> - syncope >> image: apache/syncope-console:2.1.4 >> ports: >> - "28080:8080" >> restart: always >> environment: >> CORE_SCHEME: http >> CORE_HOST: syncope >> CORE_PORT: 8080 >> >> syncope-enduser: >> depends_on: >> - syncope >> image: apache/syncope-enduser:2.1.4 >> ports: >> - "38080:8080" >> restart: always >> environment: >> CORE_SCHEME: http >> CORE_HOST: syncope >> CORE_PORT: 8080 >> DOMAIN: Master >> >> -------------- >> >> My Apache Configure for reverse proxy is: >> ## proxy setup >> SSLProxyEngine on >> SSLProxyCheckPeerExpire off >> SSLProxyCheckPeerName off >> SSLProxyCheckPeerCN off >> SSLProxyVerify none >> >> >> ## syncope -- it has a number of redirects needed >> <Location /syncope> >> ProxyPreserveHost on >> ProxyPass http://XXXX.mdtsoft.com:18080/syncope >> ProxyPassReverse http://XXXX.mdtsoft.com:18080/syncope >> </Location> >> >> <Location /syncope-console> >> ProxyPreserveHost on >> ProxyPass http://XXXXX.mdtsoft.com:28080/syncope-console >> ProxyPassReverse http://XXXX.mdtsoft.com:28080/syncope-console >> </Location> >> >> <Location /syncope-enduser> >> ProxyPreserveHost on >> ProxyPass http://XXXX.mdtsoft.com:38080/syncope-enduser >> ProxyPassReverse http://XXXX.mdtsoft.com:38080/syncope-enduser >> </Location> >> >> ----------------------------------------------- -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/