Open KatKofil opened 4 years ago
fmartin-linagora
commented
4 years ago Bonjour,
Pourriez-vous m'envoyer la configuration de votre vhost de la partie admin ? J'ai l'impression que la session n'est par persisté dans le client (browser). Le cookie de session n'est peut etre pas stocké par le brower.
Fred.
KatKofil
commented
4 years ago Bonjour,
Tout d'abord merci de votre réactivité. Voici la vhost admin:
<VirtualHost *:80>
ServerName linshare-admin.local
DocumentRoot /var/www/linshare-ui-admin
<Location /linshare>
ProxyPass http://127.0.0.1:8080/linshare
ProxyPassReverse http://127.0.0.1:8080/linshare
ProxyPassReverseCookiePath /linshare /
# Workaround to remove httpOnly flag (could also be done with Tomcat)
Header edit Set-Cookie "(JSESSIONID=.*); Path.*" "; Path=/"
# For https, you should add Secure flag.
# Header edit Set-Cookie "(JSESSIONID=.*); Path.*" "; Path=/; Secure"
#This header is added to avoid the JSON cache issue on IE.
Header set Cache-Control "max-age=0,no-cache,no-store"
</Location>
ErrorLog /var/log/httpd/linshare-admin-error.log
CustomLog /var/log/httpd/linshare-admin-access.log combined
</Virtualhost>Re, Pouvez-vous capturer le trafic dans firefox (sous format HAR) pour comprendre ce qui se passe ? Fred
KatKofil
commented
4 years ago Re, N'étant pas familier de la procédure voila ce que j'ai trouver pouvant correspondre a la demande, es ce correcte? linshare-admin.local_Archive [20-09-24 13-09-18].har.zip
fmartin-linagora
commented
4 years ago Pouvez-vous commenter la ligne Header edit Set-Cookie.. svp ? puis redémarrer apache.
fmartin-linagora
commented
4 years ago actuellement vous n'avez qu'un cookie relatif à la langue d'affichage mais aucun cookie relatif à la session. Vous devriez avoir un cookie ressemblant à : JSESSIONID=B552DE789F1FF336C259BBCA3DAEF08D
KatKofil
commented
4 years ago Tout est au vert! Et j'ai bien un JSESSIONID! Je vous remercie, une dernière question à propos des vhost la même ligne est présente dans les config coté utilisateurs, dois-je aussi la commentée? Et a propos de la documentation pourquoi cette ligne est présente dans le fichier par défaut ?
fmartin-linagora
commented
4 years ago C'est curieux normalement, cette ligne fonctionne. Il faut que l'on investigue.
KatKofil
commented
4 years ago Bonsoir, Après installation de la v4.0.1 sur une machine identique a l'installation de la v2.3.5 j'ai rencontrer le même problème. Régler par la même solution. Je ne sais pas si cela peut vous aidez dans vos recherche.
dist: CentOS Linux release 7.8.2003 (Core) openjdk: 1.8.0 linshare-core: 2.3.5 linshare-ui-admin: 3.3.3 linshare-ui-user: 2.3.5
Bonjour,
Je viens vers vous pour un problème de première connexion à la page admin après une installation. Et je n'ai pas trouver dans les issue (open/close) la résolution de mon problème. En effet j'ai bien à l'adresse http://linshare-user.local/linshare/ le message de demande de connexion à linshare-ui-admin, Je me rend donc à http://linshare-admin.local et la fenêtre de login apparaît et j'utilise les crédenciales (root@localhost.localdomain/adminlinshare). Pas d'affichage de mauvais crédenciales. Mais la fenêtre de login réapparaît instantanément.
SELinux est configurer en permissive et je n'ai aucune notification de blocage de lecture.
Après redémarrage de nouvelles ligne sont apparu dans la fichier
/var/log/tomcat/linshare.lognon présente dans le premier run:127.0.0.1 - - [23/Sep/2020:15:57:11 +0200] "GET /linshare/webservice/rest/admin/authentication/authorized HTTP/1.1" 401 1086 "http://linshare-admin.local/" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" 127.0.0.1 - - [23/Sep/2020:15:57:11 +0200] "GET /linshare/webservice/rest/admin/upgrade_tasks HTTP/1.1" 401 1086 "http://linshare-admin.local/" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" 127.0.0.1 - - [23/Sep/2020:15:57:11 +0200] "GET /linshare/webservice/rest/admin/authentication/version HTTP/1.1" 401 1086 "http://linshare-admin.local/" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" 127.0.0.1 - - [23/Sep/2020:16:21:06 +0200] "GET /linshare/webservice/rest/admin/authentication/authorized?ignoreAuthModule=true HTTP/1.1" 401 994 "http://linshare-admin.local/" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" 127.0.0.1 - - [23/Sep/2020:16:25:57 +0200] "GET /linshare/webservice/rest/admin/authentication/authorized?ignoreAuthModule=true HTTP/1.1" 401 994 "http://linshare-admin.local/" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0"
sept. 23, 2020 3:16:35 PM org.apache.catalina.startup.TldConfig execute INFOS: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time. sept. 23, 2020 3:18:38 PM org.apache.catalina.startup.HostConfig deployWAR INFOS: Deployment of web application archive /var/lib/tomcat/webapps/linshare.war has finished in 173 267 ms sept. 23, 2020 3:18:38 PM org.apache.coyote.AbstractProtocol start INFOS: Starting ProtocolHandler ["http-bio-8080"] sept. 23, 2020 3:18:38 PM org.apache.coyote.AbstractProtocol start INFOS: Starting ProtocolHandler ["ajp-bio-8009"] sept. 23, 2020 3:18:38 PM org.apache.catalina.startup.Catalina start INFOS: Server startup in 173915 ms
Sep 23 16:23:41 localhost server: sept. 23, 2020 4:23:41 PM org.apache.catalina.startup.HostConfig deployWAR Sep 23 16:23:41 localhost server: INFOS: Deployment of web application archive /var/lib/tomcat/webapps/linshare.war has finished in 90 189 ms Sep 23 16:23:41 localhost server: sept. 23, 2020 4:23:41 PM org.apache.coyote.AbstractProtocol start Sep 23 16:23:41 localhost server: INFOS: Starting ProtocolHandler ["http-bio-8080"] Sep 23 16:23:41 localhost server: sept. 23, 2020 4:23:41 PM org.apache.coyote.AbstractProtocol start Sep 23 16:23:41 localhost server: INFOS: Starting ProtocolHandler ["ajp-bio-8009"] Sep 23 16:23:41 localhost server: sept. 23, 2020 4:23:41 PM org.apache.catalina.startup.Catalina start Sep 23 16:23:41 localhost server: INFOS: Server startup in 90852 ms
Default to info level output; this is very handy if you eventually use Hibernate as well.
log4j.rootCategory=INFO, LINSHARE
It seems there is a lot of troubles with Centos 7, you must :
* replace "INFO, CONSOLE" by "INFO, LINSHARE"
* replace the env variable by the full path in the config key log4j.appender.LINSHARE.File bellow.
In order to use an external configuration file for log4j, use this key for JAVA_OPS
JAVA_OPTS="${JAVA_OPTS} -Dlog4j.configuration=file:/etc/linshare/log4j.properties"
To modify log levels at runtime you could use REST API or JMX.
an embedded JMX term is available inside LinShare WAR : linshare/WEB-INF/lib/jmxterm-1.0-alpha-4-uber.jar
You can launch it using the following command: java -jar jmxterm-1.0-alpha-4-uber.jar
Example :
First you have to look for the LinShare java process, open a connection, displays all LinShare beans
Then select the wanted JMX bean, display current value and update it.
$> jvms
$> open
$> domain LinshareJMXBeans
$> bean LinshareJMXBeans:name=LinshareLoggers
$> info
$> run level org.linagora.linshare
$> run level org.linagora.linshare INFO
Define all the appenders
log4j.appender.LINSHARE=org.apache.log4j.DailyRollingFileAppender log4j.appender.LINSHARE.File=/var/log/tomcat/linshare.log log4j.appender.LINSHARE.Append=true log4j.appender.LINSHARE.Encoding=UTF-8
Roll-over the log once per day
log4j.appender.LINSHARE.DatePattern='.'yyyy-MM-dd'.log' log4j.appender.LINSHARE.layout = org.apache.log4j.PatternLayout
log4j.appender.LINSHARE.layout.ConversionPattern = %d [%t] %-5p %c- %m%n
log4j.appender.LINSHARE.layout.ConversionPattern=[%p]:%t:%d{yyyyMMdd.HHmmss}:%c:%M:%m%n
CONSOLE is set to be a ConsoleAppender.
log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
CONSOLE uses PatternLayout.
log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout log4j.appender.CONSOLE.layout.ConversionPattern=[%p]:%t:%d{yyyyMMdd.HHmmss}:%c:%M:%m%n
Disable info message "[INFO]:AbstractContextSource:afterPropertiesSet:Property 'userDn' not set - anonymous context will be used for read-write operations"
log4j.category.org.springframework.ldap.core.support.AbstractContextSource=warn
Disable warn message : [WARN] org.hibernate.engine.StatefulPersistenceContext.ProxyWarnLog:narrowProxy:
Narrowing proxy to class org.linagora.linshare.core.domain.entities.LdapUserProvider - this operation breaks ==
v1
log4j.category.org.hibernate.engine.StatefulPersistenceContext.ProxyWarnLog=ERROR
v2
log4j.category.org.hibernate.engine.internal.StatefulPersistenceContext=ERROR
advance debug configuration
Authentication stack
log4j.category.org.springframework.security=info
ldap query (only bind)
log4j.category.org.springframework.security.ldap=info
Hibernate, queries and transactions.
log4j.logger.org.springframework.transaction=DEBUG
log4j.logger.org.springframework.orm.hibernate3.HibernateTransactionManager=DEBUG
log4j.logger.org.hibernate.SQL=debug
Logs the JDBC parameters passed to a query
log4j.logger.org.hibernate.type=trace
advanced debug configuration
log4j.logger.org.jclouds=debug
LDAP bindings debug (for users or groups)
log4j.category.org.linagora.linshare.ldap=trace
Show query with MongoRepository and Spring Data.
log4j.category.org.springframework.data.mongodb.core.MongoTemplate=DEBUG
log4j.category.org.linagora.linshare=DEBUG log4j.category.org.jclouds=info
In order to use an external configuration file for linshare, use this key for JAVA_OPS
JAVA_OPTS="${JAVA_OPTS} -Djava.awt.headless=true -Xms512m -Xmx2048m"
JAVA_OPTS="${JAVA_OPTS} -Dlinshare.config.path=file:/etc/linshare/"
JAVA_OPTS="${JAVA_OPTS} -Dlog4j.configuration=file:/etc/linshare/log4j.properties"
JAVA_OPTS="${JAVA_OPTS} -Dspring.profiles.active=default,jcloud,batches"
On Centos, use only one JAVA_OPTS statement. Do not use the previous syntax, it may not work.
If you want to change the location of tmp directory
JAVA_OPTS="${JAVA_OPTS} -Djava.io.tmpdir=/tmp/"
Or you can use environment variable : SPRING_PROFILES_ACTIVE or -Dspring.profiles.active property
to configure which profile you want to use.
You must enable at least one authentication profile among authentication profiles,
Available authentication profiles :
* default : default authentication process.
* sso : Enable headers injection for SSO. This profile includes default profile capabilities
Available file data store profiles :
* jcloud : Using jcloud as file data store : Amazon S3, Swift, Ceph, filesystem.
* gridfs : Using gridfs (mongodb) as file data store.
Recommended profile for production is jcloud with Swift.
Additional profiles :
* batches : if this profile is enable (by default it should be), it will enable all Quartz jobs (cron tasks).
**** MAIL CONFIGURATION TO SEND MAIL INFORMATION TO USER
mail.smtp.host=smtp.yourdomain.com mail.smtp.port=25
use 25 default port for plain text mode
use 587 default port if you use starttls mode
use 465 default port if you use ssl mode
mail.smtp.user=user mail.smtp.password=password mail.smtp.auth.needed=false mail.smtp.charset=UTF-8
StartTls mode (Set to true to enable it)
mail.smtp.starttls.enable=false
SSL Mode (If you enable SSL Mode it will override startTls mode)
mail.smtp.ssl.enable=false
**** DATABASE
PostgreSQL
linshare.db.username=linshare linshare.db.password=password linshare.db.driver.class=org.postgresql.Driver linshare.db.url=jdbc:postgresql://localhost:5432/linshare linshare.db.dialect=org.hibernate.dialect.PostgreSQLDialect
show sql command in console (true in debug mode)
linshare.db.show_sql=false
format sql command in console (true in debug mode)
linshare.db.format_sql=false
generate statistics with hibernate
linshare.db.gen_stats=false
can be create, create-drop, update, validate, choose validate for production
linshare.db.hbm2ddl.auto=validate
Pool
linshare.db.pool.maxidle=30
linshare.db.pool.maxactive=100
linshare.db.pool.maxwait=10000
the eviction thread runs every 30 minutes
linshare.db.pool.timebetweenevictionrunsmillis=180000
**** GENERAL PROPERTIES
######## Storage options ########
Global storage options
available storage mode :
* filesystem : storing documents on file system for local storage.
* swift-keystone : storing documents into swift without region support (generic)
Limitation : maximum size file size is 5GB
* openstack-swift : storing documents into openstack swift with region support.(regionId will be mandatory)
Limitation : maximum size file size is 5GB
* s3 : storing documents into Amazon S3.
Limitation : maximum size file size is 5GB
linshare.documents.storage.mode=filesystem linshare.documents.storage.bucket=e0531829-8a75-49f8-bb30-4539574d66c7
Temporary directory : local work directory to encrypt/decrypt data
linshare.encipherment.tmp.dir=/var/lib/linshare/tmp
File system storage options - default backend
linshare.documents.storage.filesystem.directory=/var/lib/linshare/filesystemstorage
######## Extended storage options ########
Object storage options
deprecated property, if set user.name and user.domain will be ignored.
linshare.documents.storage.identity=
NB : For OpenStack Swift, format is different
linshare.documents.storage.identity=tenant_name:user_name
linshare.documents.storage.user.domain= linshare.documents.storage.user.name= linshare.documents.storage.credential=
LinShare supports keystone2 and keystone3 for swift.
linshare.documents.storage.keystone.version=2
Project name is required for keystone 3 (useless for keystone s2)
linshare.documents.storage.project.name=
keystone endpoint, ex :
- https://auth.cloud.ovh.net/v2.0/
- https://auth.cloud.ovh.net/v3
linshare.documents.storage.endpoint=
required if you are using Swift with region (openstack-swift)
linshare.documents.storage.regionId=
Mongo storage options
linshare.mongo.connect.timeout=30000
linshare.mongo.socket.timeout=30000
Write concern
MAJORITY: waits on a majority of servers for the write operation.
JOURNALED: Write operations wait for the server to group commit to the journal file on disk.
ACKNOWLEDGED: Write operations that use this write concern will wait for acknowledgement,
using the default write concern configured on the server.
linshare.mongo.write.concern=MAJORITY
Standard URI connection scheme
mongodb://[username:password@]host1[:port1][,host2[:port2],...[,hostN[:portN]]][/[database][?options]]
linshare.mongo.client.uri=mongodb://linshare:linshare@127.0.0.1:27017/linshare
linshare.mongo.client.uri=mongodb://127.0.0.1:27017/linshare
GridFS storage options
Using MongoDb to store very small files (thumbnails, mail attachments, ...)
linshare.mongo.gridfs.smallfiles.client.uri=mongodb://linshare:linshare@127.0.0.1:27017/linshare-files
linshare.mongo.gridfs.smallfiles.client.uri=mongodb://127.0.0.1:27017/linshare-files
Extended GridFS storage options
Store all files in MongoDB GridFS. Not recommended.
linshare.mongo.gridfs.bigfiles.client.uri=mongodb://linshare:linshare@127.0.0.1:27017/linshare-bigfiles
linshare.mongo.gridfs.bigfiles.client.uri=mongodb://127.0.0.1:27017/linshare-bigfiles
######## Storage options - end ########
**** BATCH AND CRON
Syntax :
Field Mandatory Allowed Values Allowed Special Characters
1. Second yes 0-59 , - * /
2. Minutes yes 0-59 , - * /
3. Hours yes 0-23 , - * /
4. Day of month yes 1-31 , - * ? / L W
5. Month yes 1-2 or JAN-DEC , - * /
6. Day of week yes 1-7 or SUN-SAT , - * ? / L
7. Year no empty, 1970-2099 , - * /
#
Legend : ? : no specific value
: L : last
: W : weekday
#
Batches are launched every days at 0a.m
This cron is responsible of :
- Deleting expired Guest and Internal Users
- Purge all data related to a removed domain.
job.users.cron.expression=0 0 0 ?
Batches are launched every days at 6a.m
This cron is responsible for sending a notification for undownloaded
shared documents.
job.shares.undownloaded.notification.cron.expression=0 0 6 ?
This key is the number of days between the
expiration of a user and his destruction
job.users.delay.before.purge=7
Batches are launched every days at 0a.m
This cron is responsible of :
- deleting expired ShareEntries
- deleting expired AnonymousShareEntries
- deleting expired AnonymousUrl
- deleting "empty" ShareEntryGroup
- deleting expired DocumentEntries if it is activated. See job.document.cleaner.activation.
- deleting physically unused files (removing files from the file system, the object storage, ...)
aka the File Garbage Collector.
job.shares.cron.expression=0 30 0 ?
There is a fail safe preventing to delete expired personal space documents, aka DocumentEntries.
Even if the functionality is enabled and the batch/job triggered, YOU MUST allowed to delete them.
job.document.cleaner.activation=false
Batches are launched every days at 0a.m
This cron is responsible of :
- checking and update MIME type of Documents with check flag on
job.mimetype.cron.expression=0 30 0 ?
Batches are launched every weeks at 0a.m
This cron is responsible of :
- update dailyStatistics and quota
job.updateDailyStatQuota.cron.expression= 0 0 0 ?
Batches are launched every 4 hours
This cron is responsible of :
- synchronizing LdapGroups with Workgroups
job.ldapgroups.cron.expression=0 0 0/4 ?
webservice
data exceeding the memory threshold will be written to the directory (in bytes)
webservice.attachment-memory-threshold=4000000 webservice.attachment-directory=/tmp/
**** VIRUS SCANNER
uncomment those properties if you want to enable clamav virus scanner feature
virusscanner.clamav.host=localhost
virusscanner.clamav.port=3310
Every file which size is over than the value below (in bytes) will skip the virus scanner.
virusscanner.limit.filesize=50000000
**** SSO
LemonLDAP::NG / SiteMinder HTTP request authenticator
sso.header.user=Auth-User
comma separated list of ip address to be trusted :
sso.header.allowfrom.enable=true sso.header.allowfrom=127.0.0.1
**** Domain
If true, we can search an user during authentication process using his uid or his mail (as a login).
By default, false, only the mail is used.
Be careful if you have multiples directories, login must be unique !!!
linshare.multidomain.enable=false
** Async task management
ThreadPoolTaskExecutor for AsyncTask like uploads.
linshare.ThreadPoolTaskExecutor.corePoolSize=50
linshare.ThreadPoolTaskExecutor.maxPoolSize=100
enable file size validation on rest API (thread entries, documents and flow).
linshare.rest.files.size.validation=true
mail attachment size limit
mail.attchment.limit.size=393216
**** LinThumbnail configuration
linshare.linthumbnail.dropwizard.server=http://0.0.0.0:8090/linthumbnail?mimeType=%1$s
key to disable thumbnail generation
linshare.documents.thumbnail.pdf.enable=true linshare.documents.thumbnail.enable=false
linshare.warn.owner.about.guest.expiration.days.before=7
JWT support values
Default token validity in second : 300 (5 minutes)
jwt.expiration=300
jwt.issuer=LinShare
Ever token (generated by LinShare or others) won't last more than 5 minutes.
jwt.token.max.lifetime=300
jwt.global.key.private.path=/etc/linshare/id_rsa
jwt.global.key.public.path=/etc/linshare/id_rsa.pub
**** Production Mode
linshare.mode.production=true
Service-specific configuration file for tomcat. This will be sourced by
the SysV init script after the global configuration file
/etc/tomcat/tomcat.conf, thus allowing values to be overridden in
a per-service manner.
#
NEVER change the init script itself. To change values for all services make
your changes in /etc/tomcat/tomcat.conf
#
To change values for a specific service make your edits here.
To create a new service create a link from /etc/init.d/ to
/etc/init.d/tomcat (do not copy the init script) and make a copy of the
/etc/sysconfig/tomcat file to /etc/sysconfig/ and change
the property values so the two services won't conflict. Register the new
service in the system as usual (see chkconfig and similars).
#
Where your java installation lives
JAVA_HOME="/usr/lib/jvm/java"
Where your tomcat installation lives
CATALINA_BASE="/usr/share/tomcat"
CATALINA_HOME="/usr/share/tomcat"
JASPER_HOME="/usr/share/tomcat"
CATALINA_TMPDIR="/var/cache/tomcat/temp"
You can pass some parameters to java here if you wish to
JAVA_OPTS="-Xminf0.1 -Xmaxf0.3"
Use JAVA_OPTS to set java.library.path for libtcnative.so
JAVA_OPTS="-Djava.library.path=/usr/lib64"
You can change your tomcat locale here
LANG="en_US"
Run tomcat under the Java Security Manager
SECURITY_MANAGER="false"
SHUTDOWN_WAIT has been deprecated. To change the shutdown wait time, set
TimeoutStopSec in tomcat.service.
If you wish to further customize your tomcat environment,
put your own definitions here
(i.e. LD_LIBRARY_PATH for some jdbc drivers)
JAVA_OPTS="-Djava.awt.headless=true -Xms512m -Xmx2048m -Dlinshare.config.path=file:/etc/linshare/ -Dlog4j.configuration=file:/etc/linshare/log4j.properties -Dspring.profiles.active=default,gridfs,batches"
TYPE DATABASE USER ADDRESS METHOD
"local" is for Unix domain socket connections only
local all postgres peer local linshare linshare md5 host linshare linshare 127.0.0.1/32 md5 host linshare linshare ::1/128 md5
local all all peer
IPv4 local connections:
host all all 127.0.0.1/32 ident
IPv6 local connections:
host all all ::1/128 ident
Allow replication connections from localhost, by a user with the
replication privilege.
local replication postgres peer
host replication postgres 127.0.0.1/32 ident
host replication postgres ::1/128 ident