You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

#1 2018-08-03 16:44:41

vishalraj
Member
Registered: 2018-08-03
Posts: 1

NGINX Reverse Proxy no access on ssl

I made a private network that only works in my Virtual Box machine. Only accessible through the gateway (ClearOS) or with the host-only adapter (192.168.56.1) for a few of the machines : nginx (ze proxy), glpi (apache), osclass (apache), osticket (nginx) so I can SSH.

The purpose of all this is making the server's websites available anywhere through nginx.

As of right now, I can access all sites inside the network and on the host with their IP addresses with port 8080 EXCEPT osclass. It seems to have a weird config.php thing going on with a defined web path. This config also does not have pictures and stuff, but I really only wanted the bare bones to start off.

Continuing from there, my NGINX config works from my host and internal client with this config.

/var/www/caro/index.html :

<html>
    <head>
        <title>Hello World!</title>
    </head>
    <body>
        <h1>Success!  The Caro server block is working!</h1>
  <a href="http://caro.moi/glpi">GLPI</a>
  <a href="http://caro.moi/ticket">Ticket</a>
  <a href="http://caro.moi/classified">Classifieds</a>
    </body>
</html>
/etc/nginx/sites-available/caro :

server {
    listen 80;
    listen [::]:80;

    root /var/www/caro;
    index index.php index.html index.htm index.nginx-debian.html;
    server_name caro.moi;

    access_log  /var/log/nginx/caro.access.log combined;
    error_log  /var/log/nginx/caro.error.log;

            location /ticket/ {
                    proxy_pass      http://192.168.0.7:8080/;
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            }

            location /classified/ {
                    proxy_pass      http://192.168.0.6:8080/;
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            }

            location /glpi/ {
                    proxy_pass      http://192.168.0.4:8080/;
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            }

        }
Adding SSL and it now gives a 400 Bad Request.

/etc/nginx/sites-available/caro :

server {
    listen 80;
    listen [::]:80;
    listen 443 ssl;
    listen [::]:443 ssl;
    root /var/www/caro;
    index index.php index.html index.htm index.nginx-debian.html;
    server_name caro.moi;

    ssl on;
    ssl_certificate                 /etc/nginx/ssl/caro.crt;
    ssl_certificate_key             /etc/nginx/ssl/caro.key;

    access_log  /var/log/nginx/caro.access.log combined;
    error_log  /var/log/nginx/caro.error.log;


            location /ticket/ {
                    proxy_pass      http://192.168.0.7:8080/;
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            }

            location /classified/ {
                    proxy_pass      http://192.168.0.6:8080/;
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            }

            location /glpi/ {
                    proxy_pass      http://192.168.0.4:8080/;
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            }
    }
NGINX logs did not give any info as if it was not aware of the connection trying to be made. I made some modifications to the files and was finally able to get something.

/var/log/nginx/ :*

==> /var/log/nginx/access.log <==
192.168.56.102 - - [25/May/2017:08:13:14 -0400] "HEAD / HTTP/1.1" 301 0 "-" "curl/7.47.0"
192.168.0.3 - - [25/May/2017:09:08:13 -0400] "GET / HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36"
192.168.56.1 - - [25/May/2017:09:08:14 -0400] "GET / HTTP/1.1" 301 194 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/58.0.3029.110 Safari/537.36"

==> /var/log/nginx/caro.access.log <==
192.168.56.1 - - [25/May/2017:08:41:19 -0400] "GET /classified/ HTTP/1.1" 404 247 "http://caro.moi/" "Mozilla/5.0 (X11; Linux x86_64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110
Safari/537.36"
192.168.0.3 - - [25/May/2017:08:48:54 -0400] "GET /glpi/ HTTP/1.1" 404 190 "http://caro.moi/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110
Safari/537.36"
192.168.56.1 - - [25/May/2017:08:59:43 -0400] "GET /ticket/ HTTP/1.1" 404 209 "http://caro.moi/" "Mozilla/5.0 (X11; Linux x86_64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110
Safari/537.36"
192.168.56.1 - - [25/May/2017:08:59:47 -0400] "GET /classified/ HTTP/1.1" 404 247 "http://caro.moi/" "Mozilla/5.0 (X11; Linux x86_64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110
Safari/537.36"
192.168.56.1 - - [25/May/2017:08:59:47 -0400] "GET /ticket/ HTTP/1.1" 404 209 "http://caro.moi/" "Mozilla/5.0 (X11; Linux x86_64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110
Safari/537.36"
192.168.56.1 - - [25/May/2017:11:17:20 -0400] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36"
192.168.0.3 - - [25/May/2017:11:17:24 -0400] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36"
192.168.56.1 - - [25/May/2017:11:20:54 -0400] "GET / HTTP/1.1" 400 682 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36"

==> /var/log/nginx/caro.error.log <==
2017/05/25 09:00:52 [debug] 4736#4736: *17 free: 0000564FF72C4750, unused: 128 2017/05/25 09:07:34
[debug] 4736#4736: epoll del event: fd:8 op:2 ev:00000000 2017/05/25
09:07:34 [debug] 4736#4736: epoll del event: fd:9 op:2 ev:00000000
2017/05/25 09:07:34 [debug] 4795#4795: epoll add event: fd:9 op:1
ev:00002001 2017/05/25 09:10:30 [debug] 4795#4795: epoll del event:
fd:9 op:2 ev:00000000 2017/05/25 09:10:30 [debug] 4821#4821: epoll add
event: fd:9 op:1 ev:00002001 2017/05/25 09:19:06 [debug] 4821#4821:
epoll del event: fd:9 op:2 ev:00000000 2017/05/25 09:19:06 [debug]
5122#5122: epoll add event: fd:10 op:1 ev:00002001 2017/05/25 09:26:14
[debug] 5122#5122: epoll del event: fd:10 op:2 ev:00000000 2017/05/25
09:26:14 [debug] 5271#5271: epoll add event: fd:10 op:1 ev:00002001
Another config that I tried

server {
    listen *:80;
    server_name caro.moi;
            location / {                                                                                                                                                            $
                    rewrite ^ https://$host$request_uri? permanent;
            }
    }

server {
    listen *:443 ssl;
    server_name caro.moi;

[.... same ....]
Made the log go :

  ==> /var/log/nginx/access.log <==
  192.168.56.1 - - [25/May/2017:09:44:53 -0400] "GET / HTTP/1.1" 301 194 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like
  Gecko) Chrome/58.0.3029.110 Safari/537.36"
  192.168.0.3 - - [25/May/2017:09:45:18 -0400] "GET / HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36
  (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36"
But still no access.

Ask what you need more and I'll get add it. I'm stomped and don't know what to try. I've gone through many walkthroughs but none seem to get it working as it should! Some of the tutorials I followed :

Last edited by vishalraj (2018-08-03 20:09:39)

Offline

#2 2018-11-29 13:13:43

zoziano
Member
Registered: 2018-10-08
Posts: 12

Re: NGINX Reverse Proxy no access on ssl

This answer worked for me: Subway Surfers Psiphon Hill Climb Racing

Last edited by zoziano (2018-11-30 16:32:13)

Offline

Board footer

Powered by FluxBB