You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

Pages: 1

#1 2018-08-06 14:08:44

maxgomes
Member
Registered: 2018-08-06
Posts: 1

NGINX Reverse Proxy no access on ssl

I made a private network that only works in my Virtual Box machine. Only accessible through the gateway (ClearOS) or with the host-only adapter (192.168.56.1) for a few of the machines : nginx (ze proxy), glpi (apache), osclass (apache), osticket (nginx) so I can SSH.

The purpose of all this is making the server's websites available anywhere through nginx.

As of right now, I can access all sites inside the network and on the host with their IP addresses with port 8080 EXCEPT osclass. It seems to have a weird config.php thing going on with a defined web path. This config also does not have pictures and stuff, but I really only wanted the bare bones to start off.

Continuing from there, my NGINX config works from my host and internal client with this config.

/var/www/caro/index.html :

<html>
    <head>
        <title>Hello World!</title>
    </head>
    <body>
        <h1>Success!  The Caro server block is working!</h1>
  <a href="http://caro.moi/glpi">GLPI</a>
  <a href="http://caro.moi/ticket">Ticket</a>
  <a href="http://caro.moi/classified">Classifieds</a>
    </body>
</html>
/etc/nginx/sites-available/caro :

server {
    listen 80;
    listen [::]:80;

    root /var/www/caro;
    index index.php index.html index.htm index.nginx-debian.html;
    server_name caro.moi;

    access_log  /var/log/nginx/caro.access.log combined;
    error_log  /var/log/nginx/caro.error.log;

            location /ticket/ {
                    proxy_pass      http://192.168.0.7:8080/;
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            }

            location /classified/ {
                    proxy_pass      http://192.168.0.6:8080/;
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            }

            location /glpi/ {
                    proxy_pass      http://192.168.0.4:8080/;
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            }

        }
Adding SSL and it now gives a 400 Bad Request.

/etc/nginx/sites-available/caro :

server {
    listen 80;
    listen [::]:80;
    listen 443 ssl;
    listen [::]:443 ssl;
    root /var/www/caro;
    index index.php index.html index.htm index.nginx-debian.html;
    server_name caro.moi;

    ssl on;
    ssl_certificate                 /etc/nginx/ssl/caro.crt;
    ssl_certificate_key             /etc/nginx/ssl/caro.key;

    access_log  /var/log/nginx/caro.access.log combined;
    error_log  /var/log/nginx/caro.error.log;


            location /ticket/ {
                    proxy_pass      http://192.168.0.7:8080/;
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            }

            location /classified/ {
                    proxy_pass      http://192.168.0.6:8080/;
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            }

            location /glpi/ {
                    proxy_pass      http://192.168.0.4:8080/;
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            }
    }
NGINX logs did not give any info as if it was not aware of the connection trying to be made. I made some modifications to the files and was finally able to get something.

/var/log/nginx/ :*

==> /var/log/nginx/access.log <==
192.168.56.102 - - [25/May/2017:08:13:14 -0400] "HEAD / HTTP/1.1" 301 0 "-" "curl/7.47.0"
192.168.0.3 - - [25/May/2017:09:08:13 -0400] "GET / HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36"
192.168.56.1 - - [25/May/2017:09:08:14 -0400] "GET / HTTP/1.1" 301 194 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/58.0.3029.110 Safari/537.36"

==> /var/log/nginx/caro.access.log <==
192.168.56.1 - - [25/May/2017:08:41:19 -0400] "GET /classified/ HTTP/1.1" 404 247 "http://caro.moi/" "Mozilla/5.0 (X11; Linux x86_64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110
Safari/537.36"
192.168.0.3 - - [25/May/2017:08:48:54 -0400] "GET /glpi/ HTTP/1.1" 404 190 "http://caro.moi/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110
Safari/537.36"
192.168.56.1 - - [25/May/2017:08:59:43 -0400] "GET /ticket/ HTTP/1.1" 404 209 "http://caro.moi/" "Mozilla/5.0 (X11; Linux x86_64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110
Safari/537.36"
192.168.56.1 - - [25/May/2017:08:59:47 -0400] "GET /classified/ HTTP/1.1" 404 247 "http://caro.moi/" "Mozilla/5.0 (X11; Linux x86_64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110
Safari/537.36"
192.168.56.1 - - [25/May/2017:08:59:47 -0400] "GET /ticket/ HTTP/1.1" 404 209 "http://caro.moi/" "Mozilla/5.0 (X11; Linux x86_64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110
Safari/537.36"
192.168.56.1 - - [25/May/2017:11:17:20 -0400] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36"
192.168.0.3 - - [25/May/2017:11:17:24 -0400] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36"
192.168.56.1 - - [25/May/2017:11:20:54 -0400] "GET / HTTP/1.1" 400 682 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36"

==> /var/log/nginx/caro.error.log <==
2017/05/25 09:00:52 [debug] 4736#4736: *17 free: 0000564FF72C4750, unused: 128 2017/05/25 09:07:34
[debug] 4736#4736: epoll del event: fd:8 op:2 ev:00000000 2017/05/25
09:07:34 [debug] 4736#4736: epoll del event: fd:9 op:2 ev:00000000
2017/05/25 09:07:34 [debug] 4795#4795: epoll add event: fd:9 op:1
ev:00002001 2017/05/25 09:10:30 [debug] 4795#4795: epoll del event:
fd:9 op:2 ev:00000000 2017/05/25 09:10:30 [debug] 4821#4821: epoll add
event: fd:9 op:1 ev:00002001 2017/05/25 09:19:06 [debug] 4821#4821:
epoll del event: fd:9 op:2 ev:00000000 2017/05/25 09:19:06 [debug]
5122#5122: epoll add event: fd:10 op:1 ev:00002001 2017/05/25 09:26:14

VidMate AnyDesk https://mobdro.onl/

Offline

#2 2020-01-02 18:42:00

adomanim123
Member
Registered: 2020-01-02
Posts: 2

Re: NGINX Reverse Proxy no access on ssl

I have a similar setup and I believe that your config looks correct. Just before restarting Nginx, make sure to run a configtest with the nginx -t command after your changes to make sure that there are no errors.

Offline

#3 2020-03-15 16:50:19

welskein
Member
Registered: 2020-03-15
Posts: 1

Re: NGINX Reverse Proxy no access on ssl

So what if I decided to make proxy_pass to some proxy server.
I spend 3 days trying to make it working. And it works just fine with HTTP.
And totally getting broken when it comes to HTTPS.

I tried a number of options but all of them are giving the same result.
Is there some small hint that might help me find solution for the case?)

Offline

Pages: 1

Board footer

Powered by FluxBB