VIP only connects external 443 to 8080 at the cas servers We have the same config with our production cas 5.1.x servers and CSS is displaying fine.
On Friday, November 3, 2023 at 6:19:18 PM UTC-4 Ray Bon wrote: > I see /css/** in my startup but not /themes/**. That could be because we > have no custom theme. > Could it be a problem with a rewrite rule in VIP? > > Ray > > On Fri, 2023-11-03 at 07:24 -0700, atilling wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > There is nothing on the VIP that specifies any security for any URI. > > > The developer console shows that cas.css is redirecting to cas.css, > > [image: Screenshot 2023-11-03 at 10.22.53 AM.png] > > During startup I'm seeing: > > INFO [org.springframework.security.web.DefaultSecurityFilterChain] - <Will > not secure Ant [pattern='/css/**']> > > > > On Thursday, November 2, 2023 at 3:22:24 PM UTC-4 Ray Bon wrote: > > Is it possible that vip...themes is protected/secured and needs login to > access? > Check your developer console to see where the redirects are going. > Check cas logs to see which URIs are unprotected (shows on startup). > > Ray > > On Thu, 2023-11-02 at 09:24 -0700, atilling wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > > Offloading SSL to F5 BigIP > In cas.properties we have: > server.port=8080 > server.ssl.enabled=false > > if we go to https://node.domain.tld:8080/cas/login the page displays fine > and the CSS is loaded > > if we go to https://vip.domain.tld/cas/login the page displays but the > CSS is not loaded > > https://node.domain.tld:8080/cas/login/themes/cc_main/css/cas.css loads > fine > > https://vip.domain.tld/cas/login/themes/cc_main/css/cas.css throws the > error ERR_TOO_MANY_REDIRECTS > > Tried adding > server.tomcat.remoteip.port-header=x-forwarded-port > server.tomcat.remoteip.protocol-header=x-forwarded-proto > server.tomcat.remoteip.remote-ip-header=x-forwarded-for > > And there was no change. > > > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a85dd3b6-a7a3-4c7b-84a6-be944276fbe0n%40apereo.org.
