Apache set Access-Control-Allow-Origin from http to https - wordpress

I have a basic bitnami wordpress installation. I followed their guide and setup https and automatic http to https redirection.
However when I tried to load external scripts I get the following error:
Failed to load https://external-script.com/: The 'Access-Control-Allow-Origin'
header has a value 'http://my-site.io' that is not equal to the supplied origin.
Origin 'https://my-site.io' is therefore not allowed access.
Which file should I edit and what should I add?
Thanks

Bitnami Engineer here.
You need to enable CORS in WordPress. To achieve that, you will need to set this line in the installdir/apps/wordpress/conf/httpd-app.conf file
...
<Directory /opt/bitnami/apps/wordpress/htdocs/>
...
Header set Access-Control-Allow-Origin "*"
...
</Directory>
After that, you will need to restart the Apache server to load this configuration.
installdir/ctlscript.sh restart apache
You will also find different ways to enable CORS by following our documentation guide.
Regards,
Jota

Related

Access-Control-Allow-Origin' header contains multiple values 'http://localhost:4200, *', but only one is allowed

I use angular on the front end and .net5 on te backend. I deploy my backend to ubuntu 20.04 server and run it with nginx.
I faced this issue while attempt to login. My get functions works well but login(post) is not.
I searched hours and hours and add add_header Access-Control-Allow-Origin *; to my etc/nginx/sites-available/default file.
But nothing changes. Do you have any idea?
Does your .NET backend allows CORS
e.g
have a look at https://learn.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-6.0
Also while you are modifying NGINX conf make sure to restart the service.
e.g
sudo systemctl restart nginx

Wordpress Varnish vcl Configuration

When I user apache in Varnish vcl config set :
.expected_response = 200;
and everything works correctly but when to install Litespeed I should change this parameter to :
.expected_response = 301;
What's the reason for this issue? Is this configuration right, or causing the other problem?
Basically people using LiteSpeed Web Server may want to use LSCache instead of Varnish. There're many reasons but I am not going to explain here.
You said with Litespeed only expect 301 status. It's possible something in the rewrite rules causing it. Please share the status code with following command.
curl -s -o /dev/null -w "%{http_code}" https://example.com
If it shows 301, then you may want to check your rewrite rules what making it different between Apache and LiteSpeed.
Best

Varnish + Nginx proxy configuration on plesk

I followed the official tuto for the Varnish via Docker configuration on plesk. https://www.plesk.com/blog/product-t...cker-container
i have a VPS Ubuntu with plesk and many domains.
I followed all steps :
I created a domain test.monserveur.com
I use the Docker image million12/varnish
On the Docker container setting, the mapping redirect the 80 port to the 32780
On plesk for the hosting parameters, the option “SSL/TLS support” and “Permanent SEO-safe 301 redirect from HTTP to HTTPS” are deactivated
I deactived also the security mod for this domain
On the proxy rules of the docker container (/etc/varnish/default.vcl), i put fo the .host test.monserveur.com and .port 7080
On the function sub vcl_deliver, i put :
if (obj.hits > 0) {
set resp.http.X-Cache = "HIT";
} else {
set resp.http.X-Cache = "MISS";
}
I still have a 503 page with a MISS on the header for the page on test.monserveur.com
I can't understand where is the problem. I tried to put on the .host the serveur IP and with a link to another domain of the server. I think it's a problem with a setting but i don't know where.
Thanks in advance
A 503 error response from Varnish means that your Docker container is not configured properly. You should check whether the container and Varnish within the container are running properly. Additionally, the configuration file must have valid syntax and the correct port and IP address of the server have to be set in the configuration file.
Without knowing what you've entered, I cannot give you a better advice! If you follow the tutorial completely, it will work. I've created over 10 working instances while I wrote the text!
PS: Please use the official Plesk forum with more information (also add your configuration file) if you still cannot solve your problem - https://talk.plesk.com/
Have success!

Alfresco webdav behind apache under jkmount

I'm trying to configure the access to an alfresco webdav directory.
Alfreso is in local ip 192.168.1.25. If I mount (with mount.davfs http:// 192.168.1.25 :8080) , it works ok.
If I configure jkmount in the apache server (in another local ip, 192.168.1.111), when I mount it (with mount.davfs http:// public /alfresco), it doesn't work. The mount error is:
mount.davfs: connection timed out two times;
trying one last time
mount.davfs: server temporarily unreachable;
mounting anyway
However, if I mount the URL with firefox, chrome, or Windows net share, it works ok.
I've tried different jkmount options, rewrites, etc., and with firefox and others it works ok, but it fails using mount (and I must use mount or any other command line tool).
Cadaver also fails.
Regards,
Thanks Heiko,
I've set up the virtual host with (Alfresco Server is in another server):
ProxyPass /alfresco ajp://192.168.1.25:8009/alfresco
ProxyPassReverse /alfresco ajp://192.168.1.25:8009/alfresco
<Location /alfresco/webdav/ >
<Limit OPTIONS PROPFIND GET REPORT MKACTIVITY PROPPATCH PUT CHECKOUT MKCOL MOVE COPY DELETE LOCK UNLOCK MERGE>
Order Deny,Allow
Allow from all
Satisfy Any
</Limit>
</Location>
And the problem persists: I mount it with firefox (and chrome, etc.) ok, but it fails with mount.davfs or cadaver. It doesn't work with curl too.
In alfresco-global.properties, this lines are commented:
# URL Generation Parameters (The ${localname} token is replaced by the local server name)
#-------------
#alfresco.context=alfresco
#alfresco.host=${localname}
#alfresco.port=8080
#alfresco.protocol=http
#
#share.context=share
#share.host=${localname}
#share.port=8080
#share.protocol=http
Are they necessary?
Is there any other apache directive for this?
I also tried to offer the directory via apache with:
ProxyPassMatch ^/alfresco/(.*)$ "http://192.168.1.25:8080/alfresco/$1"
ProxyPassReverse /alfresco/ "http://192.168.1.25:8080/alfresco/"
and
JkMount /alfresco/* alfresco configuring jk workers.properties with:
worker.list=alfresco
worker.alfresco.type=ajp13
worker.alfresco.host= 192.168.1. 25
worker.alfresco.port=8009
worker.alfresco.lbfactor=1
worker.alfresco.socket_keepalive=1
worker.alfresco.socket_timeout=300
And the results are the same: It works in navigators but not in linux console.
I've set apache logs in debug mode for this virtual hosts, and when I mount it with firefox, it writes the right info (ajp conections, etc) but when I try to mount from linux terminal, the logs are empty. This is like the conection doesn't work, but only from console...
Thanks for your help, I keep looking for solutions...
Did you set up virtual host like described here?
Also you may need to set ProxyPreserveHost Directive or something similar depending on your apache mod (mod_http_ajp or mod_jk)

RhodeCode proxied by IIS 7

I installed RhodeCode 1.2.2 at a Windows 2008R2 (64Bit) box.
I had setup a IIS 7 as a Proxy Server (Application Request Routing + URL Rewrite) for RhodeCode running at 127.0.0.1:5000.
The Repository is reachable via "https://subdomain.domain.de".
At the repository summary, the Clone url points to:
https://[username]#127.0.0.1:5000/SomeProject
At the client side, I can clone the repository when replacing the
"127.0.0.1:5000" with "subdomain.domain.de".
For sure I would like that RhodeCode displays the Proxy url
("subdomain.domain.de") instead of the 127.XXX...
I search the web up and down and the only thing I found, was that
Apache has a "ProxyPreserveHost On" setting, which does the trick. However
I didn't found anything like that for IIS.
Is there somewhere a setting within the "production.ini" where I can
define the proxy url?
Or does someone found the well hidden setting within the IIS?
Any help is much appreciated :-)
thanks for your answer! I already use the ARR and setup the reverse proxy, I can access RhodeCode via the proxy. However, it looks like that the HTTP_HOST value is not forwarded to paster.
Within the IIS, I setup the following server variables and set them within the reverse proxy rule:
<set name="HTTP_HOST" value="[subdomain.domain.de]" />
<set name="HTTP_X_FORWARDED_SERVER" value="[subdomain.domain.de]" />
<set name="HTTP_X_ORIGINAL_HOST" value="[subdomain.domain.de]" />
<set name="HTTP_X_HTTP_HOST" value="[subdomain.domain.de]" />
<set name="HTTP_X_URL_SCHEME" value="https" />
but that have no affect at all.
At the linked previously answer, he suggested to copy these variable values back to the HTTP_HOST (within tomcat, should be paster in my case). That looks a bit overkilled to me, in comparsion to a simple "ProxyPreserveHost On" within apache. I have the feeling that I missed something here.
Cheers,
Sörnt
Itvan is correct, that will work.
Uncommenting the clone_uri will leave the default clone_uri. You can force the clone_uri to use your domain by having that line:
clone_uri = {scheme}://{user}{pass}[subdomain.domain.de]{path}
PS: Works on version 1.3.6
I'm working on out reverse proxying over https for rhodecode with apache on centos6 right now.
For Apache, the configuration noted by marcin of rhodecode fame is:
<VirtualHost *:80>
ServerName hg.myserver.com
ServerAlias hg.myserver.com
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
#important !
#Directive to properly generate url (clone url) for pylons
ProxyPreserveHost On
#rhodecode instance
ProxyPass / http://127.0.0.1:5000/
ProxyPassReverse / http://127.0.0.1:5000/
#to enable https use line below
#SetEnvIf X-Url-Scheme https HTTPS=1
</VirtualHost>
For the IIS equivilent of ProxyPreserveHost, see Application Request Routing, which was provided in a previously answer by a MSFT MVP.
The http server is actually python paste's httpserver, so referring to the python paste documentation for httpserver (egg#Paste:http is familiar right), there is no proxy configuration. You will have to reverse proxy in IIS (source)
I am unsure why marcin has opted to advise setting up the reverse proxy versus utilizing paste's httpserver support for https; but having IIS field the requests, and binding paste's httpserver to 127.0.0.1 is likely best choice.
I've just installed RhodeCode 1.3.3 and got into this issue. You can edit this line in configuration file to make it work:
## overwrite schema of clone url
## available vars:
## scheme - http/https
## user - current user
## pass - password
## netloc - network location
## path - usually repo_name
#clone_uri = {scheme}://{user}{pass}{netloc}{path}
clone_uri = {scheme}://{user}{pass}yourdomain.com{path}

Resources