I am using Alfresco standalone community edition on Ubuntu Machine which is working with configured domain. SSL certs are going to expire in a week so I update the new domain crt and keys in nginx.conf After updating while login to share getting below error but old domain is still active and able to login to share even new domain certs and keys are configured.
Something's wrong with this page...
We may have hit an error or something might have been removed or deleted, so check that the URL is correct.
Alternatively you might not have permission to view the page (it could be on a private site) or there could have been an internal error. Try checking with your IT team.
If you're trying to get to your home page and it's no longer available you should change it by clicking your name on the toolbar
nginx.conf(old conf)
events {}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
index index.html index.htm;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name old.domain.com;
return 301 https://$host$request_uri;
location / {
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 504 /50x.html;
location = /50x.html {
}
}
}
server{
listen 80;
listen 443 ssl;
server_name new.domain.com;
return 301 https://old.domain.com/share;
}
server {
listen 443 default ssl;
server_name old.domain.com;
access_log on;
ssl on;
ssl_certificate /etc/nginx/ssl/OLD.DOMAIN.COM.crt;
ssl_certificate_key /etc/nginx/ssl/old.domain.key;
location / {
client_max_body_size 4000M;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080;
sub_filter_types text/javascript;
sub_filter_once off;
sub_filter '<img src="http://www.alfresco.com/assets/images/logos/community-5.2-share.png' '<img src="test';
sub_filter '<a href="http://www.alfresco.com/services/support/communityterms/#support' '<a href="test';
}
}
}
nginx config(new)
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name new.domain.com;
return 301 https://$host$request_uri;
location / {
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 504 /50x.html;
location = /50x.html {
}
}
}
server {
listen 443 default ssl;
server_name new.domain.com;
access_log on;
ssl on;
ssl_certificate /etc/nginx/ssl/NEW.DOMAIN.COM.crt;
ssl_certificate_key /etc/nginx/ssl/new.domain.com.key;
location / {
client_max_body_size 4000M;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080;
}
}
}
Gone through the similar cases in web some are suggesting to change the parameters like port number and proxy pass, server.xml changes. May be i am wrong But my question is the setup working fine for 1 year after updating new domain certs getting share login errors.
Don't whether the old certs are stored or cached as share is accessible through old domain even updating nginx.conf with new certs.
Any ideas or suggestions would be a great help Thanks
Your error happens in Alfresco itself and has nothing to do with certificates. If you check the correct log (tomcat/logs/catalina.out) you should see your issue.
My guess is that you use a different hostname than configured and that fires the CSRF Token Filter in Alfresco Share.
Either change the share.host and alfresco.host in alfresco-global.properties or disable or modify the CSRF Token Filter in share-config-custom.xml