Reputation: 343
One of our Alfresco 5.2 Community instances has recently started getting 500 internal server errors. The JavaScript Console in Chrome & Safari shows the below message:
loading.gif:1
GET https://dummyURL.net/share/page/undefinedcomponents/images/lightbox/loading.gif 500 (Internal Server Error)
e
a @ lightbox_bc0f7ca3f12…2ad82dace7cae3.js:1
load
(anonymous) @ lightbox_bc0f7ca3f12…2ad82dace7cae3.js:1
(anonymous) @ lightbox_bc0f7ca3f12…2ad82dace7cae3.js:1
I also see a bunch of CORS-related errors like below:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-sbLba2EWG/CqNqV0hSLOf+VTwjgqU+JUKEszzaqWntU='), or a nonce ('nonce-...') is required to enable inline execution.
and
dojo.js:15 Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".
at new Function (<anonymous>)
at dojo.js:15:3521
at dojo.js:15:21290
Catalina.out has the below error stack:
SEVERE: Servlet.service() for servlet [Spring Surf Dispatcher Servlet] in context with path [/share] threw exception [Could not resolve view with name 'undefinedcomponents/images/lightbox/close.gif' in servlet with name 'Spring Surf Dispatcher Servlet'] with root cause
javax.servlet.ServletException: Could not resolve view with name 'undefinedcomponents/images/lightbox/close.gif' in servlet with name 'Spring Surf Dispatcher Servlet'
at org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1198)
at org.springframework.web.servlet.DispatcherServlet.processDispatchResult(DispatcherServlet.java:1001)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:945)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:867)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:951)
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:842)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:624)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:827)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at com.atolcd.alfresco.AuditFilter.doFilter(AuditFilter.java:200)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.springframework.extensions.webscripts.servlet.SecurityHeadersFilter.doFilter(SecurityHeadersFilter.java:177)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.springframework.extensions.webscripts.servlet.CSRFFilter.doFilter(CSRFFilter.java:322)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.alfresco.web.site.servlet.SSOAuthenticationFilter.doFilter(SSOAuthenticationFilter.java:474)
at org.alfresco.web.site.servlet.SSOAuthenticationFilter.doFilter(SSOAuthenticationFilter.java:443)
at org.springframework.extensions.webscripts.servlet.BeanProxyFilter.doFilter(BeanProxyFilter.java:80)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.alfresco.web.site.servlet.MTAuthenticationFilter.doFilter(MTAuthenticationFilter.java:81)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
at org.apache.coyote.ajp.AjpAprProcessor.process(AjpAprProcessor.java:188)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2549)
at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2538)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
I have tried restoring the DB and ContentStore from backup, and I have tried reinstalling the Share WAR file. Nothing helped.
I suspect the error is stemming from the "undefinedcomponents" bit that shows in the GET URL for the loading.gif file. But I am not able to figure out why it says "undefinedcomponents" here.
Any ideas appreciated.
Upvotes: 0
Views: 16
Reputation: 343
I figured out that the issue was with my Apache2 reverse proxy settings. I had to update my /etc/apache2/sites-enabled/alfresco-ssl.conf file to look like the one below.
# Virtual Host configuration for primary domain
<VirtualHost *:443>
# Basic server configuration
ServerName primary.customer-domain.net:443
# Logging configuration
ErrorLog ${APACHE_LOG_DIR}/ssl_primary_error.log
TransferLog ${APACHE_LOG_DIR}/ssl_primary_access.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/ssl_primary_request_log.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
# SSL Configuration
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
# SSL Certificate files
SSLCertificateFile /etc/apache2/certs/STAR_customer_domain_net.crt
SSLCertificateKeyFile /etc/apache2/certs/STAR_customer_domain_net.key
SSLCertificateChainFile /etc/apache2/certs/STAR_customer_domain_net.ca-bundle
# Redirect root to Share
RedirectMatch ^/$ https://primary.customer-domain.net/share/
# Proxy Configuration
SSLProxyEngine On
SSLProxyCheckPeerCN off
ProxyVia On
ProxyRequests Off
ProxyPreserveHost On
# Share application specific configuration
<Location /share>
# Remove any existing CSP headers
Header unset Content-Security-Policy
# Add permissive CSP headers for Share to function properly
Header add Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;"
# CORS Headers
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
# Forward protocol information
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
</Location>
# AJP Proxy configuration for Alfresco and Share
ProxyPass /alfresco ajp://localhost:8009/alfresco
ProxyPassReverse /alfresco ajp://localhost:8009/alfresco
ProxyPass /share ajp://localhost:8009/share
ProxyPassReverse /share ajp://localhost:8009/share
</VirtualHost>
# Virtual Host configuration for secondary domain
<VirtualHost *:443>
# Basic server configuration
ServerName secondary.customer-domain.net:443
# Logging configuration
ErrorLog ${APACHE_LOG_DIR}/ssl_secondary_error.log
TransferLog ${APACHE_LOG_DIR}/ssl_secondary_access.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/ssl_secondary_request_log.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
# SSL Configuration
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
# SSL Certificate files
SSLCertificateFile /etc/apache2/certs/STAR_customer_domain_net.crt
SSLCertificateKeyFile /etc/apache2/certs/STAR_customer_domain_net.key
SSLCertificateChainFile /etc/apache2/certs/STAR_customer_domain_net.ca-bundle
# Redirect root to Share
RedirectMatch ^/$ https://secondary.customer-domain.net/share/
# Proxy Configuration
SSLProxyEngine On
SSLProxyCheckPeerCN off
ProxyVia On
ProxyRequests Off
ProxyPreserveHost On
# Share application specific configuration
<Location /share>
# Remove any existing CSP headers
Header unset Content-Security-Policy
# Add permissive CSP headers for Share to function properly
Header add Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;"
# CORS Headers
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
# Forward protocol information
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
</Location>
# AJP Proxy configuration for Alfresco and Share
ProxyPass /alfresco ajp://localhost:8009/alfresco
ProxyPassReverse /alfresco ajp://localhost:8009/alfresco
ProxyPass /share ajp://localhost:8009/share
ProxyPassReverse /share ajp://localhost:8009/share
</VirtualHost>
Upvotes: 0