Я пытаюсь использовать приложение Nextcloud JSXC (работающее под nextcloud.example.com) с Prosody (работающее под xmpp.example.com). Однако сервер БОШ (https://xmpp.example.com:5281/http-bind) продолжает возвращать эту ошибку всякий раз, когда я вставляю ее в свою конфигурацию nextcloud:
Cross domain request was not possible. Either your BOSH server does not send any Access-Control-Allow-Origin header or the content-security-policy (CSP) blocks your request. The safest way is still to use Apache ProxyRequest or Nginx proxy_pass.
В консоли моего браузера (Safari) я получаю это сообщение:
refused to connect to https://xmpp.example.com:5281/http-bind%20[P,L] because it does not appear in the connect-src directive of the Content Security Policy.
И Prosody, и Nextcloud работают на одном сервере с использованием Apache 2.2. Я работал в чате prosody xmpp, чтобы попытаться исправить это, и до сих пор они говорили, что мои файлы конфигурации Apache отключены, вот мое следующее облако:
<VirtualHost *:443>
### YOUR SERVER ADDRESS ###
ServerAdmin admin@nextcloud.example.com
ServerName nextcloud.example.com
### SETTINGS ###
<FilesMatch "\.php$">
SetHandler "proxy:unix:/run/php/php8.1-fpm.nextcloud.sock|fcgi://localhost"
</FilesMatch>
# Intermediate configuration
Header add Strict-Transport-Security: "max-age=15552000;includeSubdomains"
SSLEngine on
SSLCompression off
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLSessionTickets off
ServerSignature off
# Logs
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel alert rewrite:trace6
DocumentRoot /var/www/nextcloud
<Directory /var/www/nextcloud>
Options Indexes FollowSymLinks
AllowOverride None
### include all .htaccess
Include /var/www/nextcloud/.htaccess
Include /var/www/nextcloud/config/.htaccess
Include /mnt/ncdata/.htaccess
###
Require all granted
Satisfy Any
</Directory>
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
<Files ".ht*">
Require all denied
</Files>
# Disable HTTP TRACE method.
TraceEnable off
# Disable HTTP TRACK method.
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACK
RewriteRule .* - [R=405,L]
RewriteRule ^/http-bind$ https://xmpp.example.com:5281/http-bind [P,L]
# Avoid "Sabre\DAV\Exception\BadRequest: expected filesize XXXX got XXXX"
<IfModule mod_reqtimeout.c>
RequestReadTimeout body=0
</IfModule>
### LOCATION OF CERT FILES ###
SSLCertificateChainFile /etc/letsencrypt/live/nextcloud.example.com/chain.pem
SSLCertificateFile /etc/letsencrypt/live/nextcloud.example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/nextcloud.example.com/privkey.pem
SSLOpenSSLConfCmd DHParameters /etc/letsencrypt/live/nextcloud.example.com/dhparam.pem
</VirtualHost>
### EXTRAS ###
SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
SetEnv proxy-sendcl 1
Моя просодия:
<VirtualHost *:80>
ServerName xmpp.example.com
DocumentRoot /var/www/prosody
RewriteEngine on
RewriteRule /http-bind$ https://xmpp.example.com:5281/http-bind [P,L]
</VirtualHost>
И конфигурация Prosody, позволяющая шифровать:
<VirtualHost *:443>
### YOUR SERVER ADDRESS ###
ServerAdmin admin@nextcloud.example.com
ServerName nextcloud.example.com
### SETTINGS ###
<FilesMatch "\.php$">
SetHandler "proxy:unix:/run/php/php8.1-fpm.nextcloud.sock|fcgi://localhost"
</FilesMatch>
# Intermediate configuration
Header add Strict-Transport-Security: "max-age=15552000;includeSubdomains"
SSLEngine on
SSLCompression off
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLSessionTickets off
ServerSignature off
# Logs
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel alert rewrite:trace6
DocumentRoot /var/www/nextcloud
<Directory /var/www/nextcloud>
Options Indexes FollowSymLinks
AllowOverride None
### include all .htaccess
Include /var/www/nextcloud/.htaccess
Include /var/www/nextcloud/config/.htaccess
Include /mnt/ncdata/.htaccess
###
Require all granted
Satisfy Any
</Directory>
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
<Files ".ht*">
Require all denied
</Files>
# Disable HTTP TRACE method.
TraceEnable off
# Disable HTTP TRACK method.
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACK
RewriteRule .* - [R=405,L]
RewriteRule ^/http-bind$ https://xmpp.example.com:5281/http-bind [P,L]
# Avoid "Sabre\DAV\Exception\BadRequest: expected filesize XXXX got XXXX"
<IfModule mod_reqtimeout.c>
RequestReadTimeout body=0
</IfModule>
### LOCATION OF CERT FILES ###
SSLCertificateChainFile /etc/letsencrypt/live/nextcloud.example.com/chain.pem
SSLCertificateFile /etc/letsencrypt/live/nextcloud.example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/nextcloud.example.com/privkey.pem
SSLOpenSSLConfCmd DHParameters /etc/letsencrypt/live/nextcloud.example.com/dhparam.pem
</VirtualHost>
### EXTRAS ###
SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
SetEnv proxy-sendcl 1
cors nextcloud просодия