Upgrading Pimcore from 3.1 to 4.2 - upgrade

How can I upgrade Pimcore via admin panel?
Getting this message when upgrading:
Status: 502 | Bad Gateway
URL: /admin/update/index/job-parallel
Params:
-> type: download
-> revision: 3805
-> url: https://update.pimcore.org/v2/getFiles.php?for=3805&offset=0&limit=50
Message:
502 Bad Gateway
502 Bad Gateway
nginx/1.10.1
Debug log is empty.

It looks like the Pimcore server has gone away during the update.
You should try to upgrade again, the server does at the moment reply with a 200 Okay status code.
Make sure you backup your system before upgrading. There are no known update issues that I'm aware of that could affect your update.

Related

Keycloak is stripping the port from my redirect_uri in the Location header. Why?

I have the following allowed redirect uri set for my client: exp://192.168.2.212:19000
After a code exchange using the following URL:
GET /auth/realms/xxxxx/protocol/openid-connect/auth?code_challenge=m71Cl...D4hw&redirect_uri=exp%3A%2F%2F192.168.2.212%3A19000&client_id=3B03...
X-Forwarded-For: 178.84.x.x
X-Forwarded-Host: oidc.production.my.domain.com
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Forwarded-Server: 09918a799a23
X-Real-Ip: 178.84.x.x
I get a HTTP/1.1 302 Found with the following Location field:
Location: exp://192.168.2.212?state=T0pvzPyHF6&session_state=b1cf16ad-b.....
The port is missing. My (Expo) client in android emulator then barfs about not being able to connect to 192.168.2.212 port 80. Naturally.
I am using the docker hub images 11.0.0
How can I prevent this? Is it a bug?
(The iOS version of my app uses a different redirect_uri (exp://127.0.0.1:19000), but although Keycloak strips the port there as well and it receives a Location: exp://127.0.0.1?state=T0p... it does connect to port 19000 and works fine for some reason.)
EDIT: Note that authentication works fine on iOS, and I run exactly the same Keycloak settings in iOS as Android (It's a React Native application).
Keycloak logs no error, and the following debug message:
13:24:33,365 DEBUG [org.keycloak.events] (default task-47) type=LOGIN, realmId=neemop, clientId=3B03FD35, userId=28619cd3-c51d-4756-9d06-fb47********, ipAddress=178.84.x.x, auth_method=openid-connect, auth_type=code, response_type=code, redirect_uri=exp://192.168.2.212:19000, consent=no_consent_required, code_id=a0faa4d4-6826-4c2f-9243-*******, response_mode=query, username=ron.arts#mydomain.com, authSessionParentId=a0faa4d4-6826-4c2f-9243-*******, authSessionTabId=-Pn******
shows the redirect_uri is parsed correctly. It's just that in the actual HTTP response the Location: header omits the port. Which imho should not happen.
Seems like a bug: https://issues.redhat.com/browse/KEYCLOAK-9405?_sscc=t
Tested on 12.0.4 and it still occurs. It appears to be an issue with any non-http(s) protocol
another bug has been submitted to keycloak team:
https://issues.redhat.com/browse/KEYCLOAK-17141
a fix is available in keycloak version >= 13.0.0

TYPO3 9.5.3 - Log errors showing multiple attempts to access non-existing routes

In a TYPO3 9.5.3 demo installation I see multiple errors in the log looking this:
Core: Exception handler (WEB): Uncaught TYPO3 Exception: #1518472189: The requested page does not exist
... and attempts to access sites (which don't exist) like this:
typo3_src-9.5.3:
Requested URL: http://demo.domain/ultxswkov.html
typo3_src-9.5.1:
Requested URL: http://demo.domain/hpwymspohv.html
Requested URL: http://demo.domain/txlkcgnaet.html
Requested URL: http://demo.domain/contact.php
Requested URL: http://demo.domain/kontakt.html
Requested URL: http://demo.domain/kontakt.htm
Requested URL: http://demo.domain/kontakt
Requested URL: http://demo.domain/contact-us.html
Requested URL: http://demo.domain/contacts.htm
Requested URL: http://demo.domain/contacts.html
...
In all my v.8 installations I never had such log errors. I assume somebody tries to access thoses sites? (For this specific domain I don't have a ssl certificate yet) What's the best practice to do now?
It seems that error 404 was not logged in TYPO3 8.x into sys_log. Atleast with default configuration. You can check the apache error log to see what happend in the past (with TYPO3 8.x). You should see many similar 404 errors there.
Every website in the internet has evil bots as visitors, so its nothing special with TYPO3 9.x.
The question "no additional security precaution needed?" is hard to answer. As long as your installation is secure, there is no problem.
Security Guidelines: https://docs.typo3.org/typo3cms/CoreApiReference/Security/Index.html

OpenMapTiles auth not working

When I try to log in via GitHub or google I get the following messages
, and OpenMapTiles refuses to let me login.
Content Security Policy: The page's settings blocked the loading of a resource at self ("default-src").
iframe.html:1
Content Security Policy: The page's settings blocked the loading of a resource at self ("default-src"). Source: .vimvixen-console-frame {
margin: 0;
Received message: !_{"h":"I0_1529357937694"} from https://openmaptiles.firebaseapp.com
client.js:181:7
Received message: trunc
!_{"s":"/I0_1529357937694::_g_restyleMe","f":"I0_1529357937694","r":"I0_1529357937694","t":"33540592","c":2,"a":[{"setHideOnLeave":false}],"g":false} from https://openmaptiles.firebaseapp.com
client.js:181:7
Received message: !_{"s":"__cb","f":"I0_1529357937694","r":"I0_1529357937694","t":"33540592","c":null,"a":[4,[null]],"g":false} from https://openmaptiles.firebaseapp.com
client.js:181:7
Received message: !_{"s":"__cb","f":"I0_1529357937694","r":"I0_1529357937694","t":"33540592","c":null,"a":[3,[true]],"g":false} from https://openmaptiles.firebaseapp.com
client.js:181:7
Received message: !_{"s":"/I0_1529357937694::authEvent","f":"I0_1529357937694","r":"I0_1529357937694","t":"33540592","c":3,"a":[{"type":"authEvent","authEvent":{"type":"signInViaRedirect","eventId":null,"urlResponse":null,"sessionId":null,"postBody":null,"error":{"code":"auth/network-request-failed","message":"A network error (such as timeout, interrupted connection or unreachable host) has occurred."}}}],"g":false} from https://openmaptiles.firebaseapp.com
client.js:181:7
Anyone got any ideas?
This looks like a problem unrelated to the OpenMapTiles project.
Based on the error, it seems to me some of your extensions is colliding with the login iframe.
There is something about vimvixen in the console. Try disabling it (or other extensions).
It's because the application is down - it's using : http://openmaptiles.firebaseapp.com/ which is not running.
I guess this project is dead, or sleeping.

TYPO3 Backend with reverseProxyIP and ssl

My server configuration is a TYPO3 installation Vs. 6.2.31 combined with a reverse proxy. The system is running fine with http.
When we try to switch to https we geht this Error Message in the backend:
"Connection Problem
Sorry, but an error occurred while connecting to the server. Please check your network connection."
And the page tree is not loading.
When switching back to http all is working one again.
Our settings:
[SYS][reverseProxyIP] = (IP of our reverse Proxy)
[SYS][reverseProxyHeaderMultiValue] = last
[SYS][reverseProxySSL] = *
What i tried:
deactivate all extensions apart from the system extensions
no entry in syslog (error reporting is on development)
no entries in the server logs
lockSSL in install tool 3 results in never ending 302 redirects
lockSSL with option 2 results in this error message:
Fatal error: Uncaught exception 'RuntimeException' with message 'TYPO3 Backend not accessed via SSL: TYPO3 Backend is configured to only be accessible through SSL. Change the URL in your browser and try again.' in /srv/httpd/sites/fland_ww1/typo3_src-6.2.31/typo3/sysext/core/Classes/Core/Bootstrap.php:897 Stack trace: #0 /srv/httpd/sites/fland_ww1/typo3_src-6.2.31/typo3/init.php(54): TYPO3\CMS\Core\Core\Bootstrap->checkSslBackendAndRedirectIfNeeded() #1 /srv/httpd/sites/fland_ww1/typo3_src-6.2.31/typo3/index.php(21): require('/srv/httpd/site...') #2 {main} thrown in /srv/httpd/sites/fland_ww1/typo3_src-6.2.31/typo3/sysext/core/Classes/Core/Bootstrap.php on line 897
It seems that some requests e.g. for the page tree are made without ssl - ajax calls i presume - but i dont have a clue how to debug it.
Andy ideas?
Thanks!
I have the same version at a customer and with a load balancer / proxy.
The only difference is [SYS][reverseProxyHeaderMultiValue] = first.
Also, [BE][lockSSL] = 1 is set.
Maybe it helps?
This thread is quite old, but because many people do read until now i will try an answer. We could solve the problem (and once again in a different installation) with the following settings:
[SYS][reverseProxyIP] = (IP of our reverse Proxy)
[SYS][reverseProxyHeaderMultiValue] = firt
[SYS][reverseProxySSL] = *
AND - that is important - changes in the server config too:
RequestHeader set X-Forwarded-Proto "https"
SetEnv proxy-nokeepalive 1
SetEnv proxy-initial-not-pooled 1
I assume it was the first:
RequestHeader set X-Forwarded-Proto "https"
So in the end the problem was in the server config.

Eclipse 3.5.1 update error (HTTP 503)

I'm trying to update Eclipse 3.5.1 (on Gentoo Linux) from the Galileo Discovery Site and I get this error message:
Network connection problems encountered during search.
Unable to access "http://download.eclipse.org/releases/galileo".
Error accessing site stream. [Server returned HTTP response code: 503 for URL: http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd]
Server returned HTTP response code: 503 for URL: http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd
Error accessing site stream. [Server returned HTTP response code: 503 for URL: http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd]
Server returned HTTP response code: 503 for URL: http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd
It seems the 503 error code is intended to stop software from constantly downloading this file from w3.org. But how do I persuade Eclipse to stop requesting it?
After several updates of Eclipse, the supporting software and libraries this now works.
The correct way to update from the Galileo site is via "Help/Install New Software" or "Help/Update".
The route via "Help/Software Updates/Find and Install/Search for new..." fails because the update-site format has changed.