我正在尝试为真实的生产环境配置我的eXist-db应用程序。这意味着使用域名而不是localhost
或IP地址。当我通过纯IP访问服务器时,一切正常。当我通过域名访问它时,我只能登录每页。我登录后,一旦我尝试在应用程序页面上访问另一个链接(或当前的一个!),我就会退出。
我的控制器:
xquery version "3.0";
import module namespace login="http://exist-db.org/xquery/login" at "resource:org/exist/xquery/modules/persistentlogin/login.xql";
declare variable $exist:path external;
declare variable $exist:resource external;
declare variable $exist:controller external;
declare variable $exist:prefix external;
declare variable $exist:root external;
declare variable $local:login_domain := 'domain-x';
let $set-user := login:set-user($local:login_domain, (), false())
(: Here we are grabbing all names of user's groups. :)
let $user := request:get-attribute('domain-x.user')
let $groups := if ($user) then string-join(sm:get-user-groups($user), ', ') else 'NoGroup'
return
if ($exist:path eq '/'or $exist:resource eq 'index.html') then
<dispatch xmlns='http://exist.sourceforge.net/NS/exist'>
<forward url='{$exist:controller}/index.html'/>
<view>
<forward url="{$exist:controller}/modules/view.xql"/>
</view>
<error-handler>
<forward url="{$exist:controller}/error-page.html" method="get"/>
<forward url="{$exist:controller}/modules/view.xql"/>
</error-handler>
</dispatch>
else if (
($exist:path eq '/create-ebooks-search.html') or
($exist:path eq '/create-ebooks-list.html') or
($exist:path eq '/metadata-tool.html') or
($exist:path eq '/testing.html') or
($exist:path eq '/create-ejournals-list.html')
)
then
if (contains($groups, 'editors')) then
<dispatch xmlns="http://exist.sourceforge.net/NS/exist">
<!-- All sites are placed in the 'secure' directory,
links to them are as if they were in the root of the app,
hence the forwarding. -->
<forward url='{$exist:controller}/secure/{$exist:resource}'/>
<view>
<forward url="{$exist:controller}/modules/view.xql">
<set-attribute name="hasAccess" value="true"/><!-- Only for reference -->
<set-attribute name="$exist:prefix" value="{$exist:prefix}/secure"/>
<set-attribute name="$exist:controller" value="{$exist:controller}"/>
<!-- This is very important, without this or similar header, authentication
does not work properly—login and logout does not work as expected,
on some sites is is detected by the template, on some it is not.
It is possible to use other headers, works as well:
private, no-store, max-age=0, no-cache, must-revalidate are useful.
It is necessary to use it for the forward action of the view. -->
<set-header name="Cache-Control" value="no-cache"/>
</forward>
</view>
<error-handler>
<forward url="{$exist:controller}/error-page.html" method="get"/>
<forward url="{$exist:controller}/modules/view.xql"/>
</error-handler>
</dispatch>
...
更新
似乎它可能与cookie有关。如果我尝试登录通过IP地址访问的页面,则会在网站上的页面中存储并传递一个名为org.exist.login
的cookie。如果我尝试登录通过域名访问的页面,则缺少cookie。
更新II
我通过Redbird代理我的配置:
var proxy = require('redbird')({
port:80,
ssl: {
port: 443
}
});
proxy.register('my-app.domain.com', 'http://xx.xx.xxx.xxx:8081/exist/apps/my-app', {
ssl: {
key: '../SSL-certs/dev-key.pem',
cert: '../SSL-certs/dev-cert.pem',
}
});
(我无法使用this question中描述的letsencrypt。)
答案 0 :(得分:1)
我认为这确实是一个Redbird问题,并且与Redbird是否将主机名传递给eXist并允许eXist的具有此主机名的set-cookie标头返回给客户端有关。为了比较,请参阅如何配置history.state.gov的nginx - https://github.com/HistoryAtState/hsg-project/blob/master/deploy/1861/etc/nginx/vhosts/1861.hsg.conf#L22-L24:
proxy_pass_header Set-Cookie;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
请参阅此文章,介绍仅使用IP与使用域时Cookie的运行方式不同:How do browser cookie domains work?。
由于我没有使用Redbird,我无法提供准确的指导,但如果您无法找到Redbird与这些nginx指令的对应物,我建议您将问题发布为关于Redbird的一个。