Re: [HELP needed] Apache reverse proxy -> Openmeetings 6 (Tomcat)

Sat, 08 Jan 2022 08:50:25 -0800 

please check this article:
https://stackoverflow.com/questions/51721771/apache-openmeetings-4-0-4-csrf-attack-when-using-apache2-as-proxypass/51783235#51783235

On Sat, 8 Jan 2022 at 21:58, jox joe <jox...@gmail.com> wrote:
>
> OM 6
> Apache Tomcat/9.0.43
> Ubuntu 18.4 server
> Apache Web Server 2.4.29
> traditional install based on Alvaro's PDFs
> I used JKS for SSL.
>
> I did this after a long internet research:
> ***************
> @@@@server.xml:
>
>     <Connector port="5080" protocol="HTTP/1.1"
>                connectionTimeout="20000"
>                redirectPort="5443" />
>
>     <Connector port="5443" protocol="HTTP/1.1"
>                maxThreads="150" SSLEnabled="false" name="secure" value="true" 
>    >
>     </Connector>
>
>
> <Valve className="org.apache.catalina.valves.RemoteIpValve"
>            remoteIpHeader="x-forwarded-for"
>            remoteIpProxiesHeader="x-forwarded-by"
>            protocolHeader="x-forwarded-proto"
>     />
>
> *****************
> @@@@default-ssl.config
> Apache web server Apache/2.4.29 (Ubuntu)
>
> ## Custom fragment
> RewriteEngine On
> RewriteCond %{HTTP:Connection} Upgrade [NC]
> RewriteCond %{HTTP:Upgrade} websocket [NC]
> RewriteRule /(.*) ws://localhost:5443/$1 [P,L]
> RedirectMatch ^/$ http://localhost/openmeetings
> ProxyPreserveHost On
>
> <Location /openmeetings>
>   Require all granted
>   ProxyPass http://localhost:5443/openmeetings
>   ProxyPassReverse http://localhost:5443/openmeetings
>   RewriteEngine On
>   RewriteRule ^/(.*) http://localhost:5443/$1 [P]
> </Location>
> ******************
> @@@@RESULT:
>
> Openmeetings.log
>
> DEBUG 01-08 14:06:53.813 o.a.o.w.a.WebSession:223 [nio-5443-exec-4]
>  - checkHashes, secure: 'null', invitation: 'null'
> DEBUG 01-08 14:06:53.813 o.a.o.w.a.WebSession:225 [nio-5443-exec-4]
>  - checkHashes, has soap in session ? 'false'
> INFO 01-08 14:06:54.707 o.a.w.p.h.CsrfPreventionRequestCycleListener
>  :591 [nio-5443-exec-5] - Possible CSRF attack, request URL:
>
> I can see the login pop-up window but I can't login.
> Network test is not working.
>
> NOTE:
> SSL certificate installed only on Apache webserver.
> Between Apache webserver and OM-Tomcat no SSL is needed.
>
> @@@@QUESTION 1:
> What should I do to make it work?
>
> QUESTION 2:
> How can I change the Tomcat port
> from 5443 to 443. I tried but no succes;
> it worked with OM 5.
>
> Thank you for your help.
>


-- 
Best regards,
Maxim

Reply via email to