CORS configuration on ngninx

43 views
Skip to first unread message

Uwe Jung

unread,
Jan 17, 2018, 4:58:26 PM1/17/18
to AtoM Users
Hello,

I'm about to build a standard AtoM 2.4 installation on Ubuntu Server 16.04.
Until now most things work fine. Thanks.

The problem started when I tried to query a second Elasticsearch index using jQuery/ajax within a added Javascript. The script is based inside an extended arArchivesCanadaPlugin. The index stores coordinates from places on historic maps. The feature should be used together with OpenLayers 4.x.

Now I've got an Javascript error [CORS header 'Access-Control-Allow-Origin' missing].
Searching for answers I learned the the nginx configuration need an aditional line add_header 'Access-Control-Allow-Origin' '*';
I already tried some patches found on the net, but without succes. After modification nginx don't restart.
Please, can anybody provide me with an idea how to resolve this prob?

Thanks

Uwe Jung

Uwe Jung

unread,
Jan 18, 2018, 9:31:37 AM1/18/18
to AtoM Users
Hello,

After some hours of try&error I solved the problem in adding http.cors.enabled:true to /etc/elasticsearch/elasticsearch/elasticsearch.yml . (https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-http.html)
Please advise if this workaround will provoke any security issues.


Greetings

Uwe Jung 

Dan Gillean

unread,
Jan 18, 2018, 11:00:24 AM1/18/18
to ICA-AtoM Users
Hi Uwe, 

I'm glad to hear you've found a potential solution to your configuration issue! 

This particular setup is not something our team has tried, so we won't really be able to advise you on security - though for general advice, I suggest reviewing the following: 
Let us know how it goes! And if your site is (or will be) publicly available, consider sharing a link so we can check it out, and add it to our example User list!

Cheers, 

Dan Gillean, MAS, MLIS
AtoM Program Manager
Artefactual Systems, Inc.
604-527-2056
@accesstomemory

--
You received this message because you are subscribed to the Google Groups "AtoM Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ica-atom-users+unsubscribe@googlegroups.com.
To post to this group, send email to ica-atom-users@googlegroups.com.
Visit this group at https://groups.google.com/group/ica-atom-users.
 To view this discussion on the web visit https://groups.google.com/d/msgid/ica-atom-users/48c1c055-b3e6-4c5e-b4da-6b8d71b36736%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Message has been deleted

Dan Gillean

unread,
Mar 6, 2018, 5:07:20 PM3/6/18
to ICA-AtoM Users
Hi Uwe, 

Thank you for updating the thread and letting us know how you resolved the issue! Glad to see you've figured this out. 

Cheers, 

Dan Gillean, MAS, MLIS
AtoM Program Manager
Artefactual Systems, Inc.
604-527-2056
@accesstomemory

On Tue, Mar 6, 2018 at 12:45 PM, Uwe Jung <jung...@gmail.com> wrote:
Hello again,

I believe that you are still waiting for an answer. Actually I had the time to read the papers and specially the first link was very helpful. So I became aware of the fact that port 9200 always (!) need to be hided from the public. The solution was then a php script which handles the Elasticsearch queries from jQuery behind the firewall.

Greetings


Uwe Jung
To unsubscribe from this group and stop receiving emails from it, send an email to ica-atom-user...@googlegroups.com.
To post to this group, send email to ica-ato...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "AtoM Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ica-atom-users+unsubscribe@googlegroups.com.
To post to this group, send email to ica-atom-users@googlegroups.com.
Visit this group at https://groups.google.com/group/ica-atom-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/ica-atom-users/6a8caba1-3f6d-4265-81f5-bd3f3275c8c9%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages