I had the same issue with HAProxy in front and Mapserver on Apache in the back. 1. http->http (returns http-urls) 2. https->http (returns http-urls) 3. https->https (returns https-urls)
Even if I tell the backend that the client request protocol was https on port 443 (forwardfor,forwardport,forwardprotocol). It would be nice if Mapserver could utilize information from forwardport/forwardprotocol, so we could do ssl-offloading instead of ssl-passthrough - if we wanted to. My solution was to serve a dummy-certificate on the backend, and configure alt. 1 and 2. -Bjørn Ove Trygve Aspenes: > Hi there > > I have put up a mapserver behind nginx with ssl and a curl like this > > curl -s > "https://mapserver/cgi-bin/mapserv?map=/data/mapserver/map-files/mapserver-8505ad3e-f9e3-4de3-a080-8253443ac954-20210908T120432Z.map&service=WMS&request=GetCapabilities"; > | grep OnlineResource > > Gives me like: > > <OnlineResource xmlns:xlink="http://www.w3.org/1999/xlink"; > xlink:href="https://mapserver/cgi-bin/mapserv?map=/data/mapserver/map-files/mapserver-8505ad3e-f9e3-4de3-a080-8253443ac954-20210908T120432Z.map&"/> > <Get><OnlineResource xmlns:xlink="http://www.w3.org/1999/xlink"; > xlink:href="https://mapserver/cgi-bin/mapserv?map=/data/mapserver/map-files/mapserver-8505ad3e-f9e3-4de3-a080-8253443ac954-20210908T120432Z.map&"/></Get> > <Post><OnlineResource xmlns:xlink="http://www.w3.org/1999/xlink"; > xlink:href="https://mapserver/cgi-bin/mapserv?map=/data/mapserver/map-files/mapserver-8505ad3e-f9e3-4de3-a080-8253443ac954-20210908T120432Z.map&"/></Post> > <Get><OnlineResource xmlns:xlink="http://www.w3.org/1999/xlink"; > xlink:href="https://mapserver/cgi-bin/mapserv?map=/data/mapserver/map-files/mapserver-8505ad3e-f9e3-4de3-a080-8253443ac954-20210908T120432Z.map&"/></Get> > <Post><OnlineResource xmlns:xlink="http://www.w3.org/1999/xlink"; > xlink:href="https://mapserver/cgi-bin/mapserv?map=/data/mapserver/map-files/mapserver-8505ad3e-f9e3-4de3-a080-8253443ac954-20210908T120432Z.map&"/></Post> > > Yeah you get the idea. Everything perfect with https in the href link. > Thanks! > > So I put up a mapcache which I intend to put up i front of mapserver. When I > do a similar curl like: > > curl -s > "https://mapcache/mapcache?Overview&map=/data/mapserver/map-files/mapserver-8505ad3e-f9e3-4de3-a080-8253443ac954-20210908T120432Z.map&SERVICE=WMS&REQUEST=GetCapabilities"; > | xmllint --format - | grep OnlineResource > > I get: > > <OnlineResource xmlns:xlink="http://www.w3.org/1999/xlink"; > xlink:href="http://mapcache:8090/mapcache?"/> > <OnlineResource xmlns:xlink="http://www.w3.org/1999/xlink"; > xlink:href="http://mapcache:8090/mapcache?"/> > <OnlineResource xmlns:xlink="http://www.w3.org/1999/xlink"; > xlink:href="http://mapcache:8090/mapcache?"/> > <OnlineResource xmlns:xlink="http://www.w3.org/1999/xlink"; > xlink:href="http://mapcache:8090/mapcache?"/> > > I here starts the problems. If I do this in eg QGIS, QGIS are told to go to > the http address with port 8090(mapcache is setup to run on port 8090 behind > the scenes) which is not reachable. It should return https (with no > specified port, ie. using standard https port) if I understands correctly. > > And I just cant figure put why. > > The configuration for the two are almost identical and I have double and > tripple check my config. > > Any idea what I should check next? > > If it could be of any help I could open access to my mapcache server > running. > > Thanks > > Trygve > > PS: when I test mapcache and mapserver setup locally without ssl and nginx > in front it works fine. > _______________________________________________ > MapServer-users mailing list > [email protected] > https://lists.osgeo.org/mailman/listinfo/mapserver-users _______________________________________________ MapServer-users mailing list [email protected] https://lists.osgeo.org/mailman/listinfo/mapserver-users
