[opencms-dev] SSL proxy and problem with internal links

Knezik Jan jan.knezik at vsb.cz
Tue Apr 10 08:31:16 CEST 2018 

Hi Filip,

we have experienced the same problem and we have already solved it. You have to do following steps (working with OpenCMS 10.5.3):


* update Tomcat configuration settings - add proxyPort="443" scheme="https". Here is an example (we are running Tomcat physically on port 9443):


<Connector port="9443" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" URIEncodings="UTF-8" proxyPort="443" scheme="https">


* set property workplace-server to https value and secure server property for particular domains in opencms-system.xml file:


<sites>

<workplace-server>https://editor.mydomain.cz</workplace-server>

            <site server="http://mysite.mydomain.cz" uri="/sites/mysite/" title="MySite" position="5.0" webserver="true">

                    <secure server="https://mysite.mydomain.cz" exclusive="false" error="false"/>

            </site>

</sites>


Best regards,

Jan Knezik?


________________________________
Od: opencms-dev-bounces at opencms.org <opencms-dev-bounces at opencms.org> za uživatele Filip.Kratochvil at ibacz.eu <Filip.Kratochvil at ibacz.eu>
Odesláno: 9. dubna 2018 13:37
Komu: The OpenCms mailing list
Předmět: [opencms-dev] SSL proxy and problem with internal links

Hi guys,

we have a problem with internal links in a following system configuration:

One of our customer uses loadbalancer (proxy) in front of Apache. This server terminates all SSL requests, so all requests to the OpenCms are NON-SSL (there is no SSL configuration in Apache/Tomcat/OpenCms configuration files).

But it seems to be a problem for OpenCms workplace. If you configure wokplace server with NON-SSL http protocol (e. g. http://admin.example.com/) it looks OK at the first sight, but when editor adds some interneal links, they are resolved as external links. It looks like OpenCms makes comparsion between "workplace configuration" and "editor's context" a there is a difference in http (configuration) and https (context) protocol. But it's not possible to configure OpenCms with SSL https protocol, because requests to the OpenCms are NON-SSL in reality. When we tried it we weren't able to access workplace.

Maybe OpenCms shouldn't be so strict and compare only workplace domain (except http/s protocol).

Have someone same problem and did you solve it?

Thank you in advance.

S pozdravem / Kind regards

Filip Kratochvil
IBA CZ, s.r.o.

________________________________
Disclaimer:

The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it.
It may contain confidential or legally privileged information.
If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful.
If you have received this communication in error, please notify us immediately by forwarding this email to ict at ibacz.eu and then delete it from your system.
IBA Group is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://webmail.opencms.org/pipermail/opencms-dev/attachments/20180410/47eff9ce/attachment.htm>

More information about the opencms-dev mailing list