403 Forbidden through Reverse Proxy

[Gerhold B. Kooper]

Good day,

Please help as I have been struggling with this issue for weeks and can't locate the issue even though I followed the documentation at docs.opencast.org.

I have a clean AllinOne installation which is accessible from within LAN on port 8080, but get a 403 Forbidden error when trying to access through reverse proxy, both with Nginx and Apache. Other information in error are 

- SERVLET: org.ops4j.pax.web.service.spi.model.ServletModel-75

- Powered by Jetty:// 9.4.28.v20200408

I installed using package on Ubuntu 18.04.

I really hope someone could assist soon as we are also on a bit of pressure to move our videos off from Panopto.

Regards

[Lars Kiesow]

Just a random guess: Did you configure HTTPS and provide your reverse
proxy with valid TLS certificates? Other than that, take a look at the
Opencast logs in /var/log/opencast. They usually tell you what's wrong.
–Lars

[Gerhold B. Kooper]

Thank you Lars for your response.

I installed the LetsEncrypt certificate first with Nginx and then with Apache but getting the same error.

The certificate installation is successful.

I checked and am still checking the opencast lof file and change log level event uptil TRACE but I am not getting what is wrong.

What I find strange is that the problem is only using the reverse proxy by straight access on port 8080 is fine. 

I checked through the various configuration file but don't really have enough understanding to pinpoint the issue and the urgency pressure is not helping and also having to deal with various other learning issues.

Please help. 

--
To unsubscribe from this group and stop receiving emails from it, send an email to users+un...@opencast.org.

--

Gerhold B. Kooper
Alternative email: ger...@yahoo.com

[Lambertz, Björn]

Did you respect the apache config as shown in docu:

 

https://docs.opencast.org/r/9.x/admin/configuration/https/apache-httpd/#minimal-set-up

 

 

  # Make sure Opencast knows about HTTPS being used

  RequestHeader set X-Forwarded-SSL "on"

  RequestHeader set X-Forwarded-Proto "https"

 

  # Make sure to serve cookies only via secure connections.

  Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure

 

Kind regards, Björn

[Dietmar Zenker]

Hi,

are you using SELinux? If so, pls. refer to:

https://stackoverflow.com/questions/23948527/13-permission-denied-while-connecting-to-upstreamnginx

Greetings,

Dietmar

[Gerhold B. Kooper]

Hello Dietmar,

No, I do not have any firewall enabled on the machine running or in between. It's an AllinOne installation and also having the Apache and Nginx installed on the same machine. 

[Gerhold B. Kooper]

Hello Björn,

Yes, I tried those setting also with no luck.

The only settings I found in the forums that showed the interface but still with some issues is the following configuration:

------------------------

ProxyRequests Off

ProxyPass / http://localhost:8080/

ProxyPassReverse / https://learningstream.unam.edu.na/

ProxyHTMLEnable On

ProxyHTMLExtended On

ProxyHTMLURLMap https://learningstream.unam.edu.na/ /

---------------------------

The problem however this that it does not load all items such as the icons and some links not working.

According to the person who posted, the ProxyHTMLExtended doesn't seem to work.

[Dietmar Zenker]

Hi Gerhold,

SELinux is NOT a firewall (https://en.wikipedia.org/wiki/SELinux). Pls. check if it is installed and enabled with sestatus.

Greetings,

Dietmar

[Gerhold B. Kooper]

Hello Dietmar

I don't have SELinux installed.