HI Harish, But the issue I'm facing is different, when I try http://ci1.altlifelab.com it works fine, when I use https://ci1.altlifelab.com the url does not redirect to auth.
On Thu, Nov 26, 2020 at 11:12 AM HARISH KUMAR Ivaturi < [email protected]> wrote: > Once try this. > > > https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication/ > > And configure again with auth proxy module > > On Thu 26 Nov, 2020, 6:17 AM Pavan P, <[email protected]> wrote: > >> Yes Harish, Certificate is working fine. >> >> root@ip-172-31-33-18:~# nginx -V >> nginx version: nginx/1.10.3 (Ubuntu) >> built with OpenSSL 1.0.2g 1 Mar 2016 >> TLS SNI support enabled >> configure arguments: --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong >> -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' >> --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' >> --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf >> --http-log-path=/var/log/nginx/access.log >> --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock >> --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body >> --http-fastcgi-temp-path=/var/lib/nginx/fastcgi >> --http-proxy-temp-path=/var/lib/nginx/proxy >> --http-scgi-temp-path=/var/lib/nginx/scgi >> --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit >> --with-ipv6 --with-http_ssl_module --with-http_stub_status_module >> --with-http_realip_module --with-http_auth_request_module >> --with-http_addition_module --with-http_dav_module --with-http_geoip_module >> --with-http_gunzip_module --with-http_gzip_static_module >> --with-http_image_filter_module --with-http_v2_module >> --with-http_sub_module --with-http_xslt_module --with-stream >> --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-threads >> (base) root@ip-172-31-33-18:~# >> >> On Thu, Nov 26, 2020 at 10:43 AM HARISH KUMAR Ivaturi < >> [email protected]> wrote: >> >>> 1) once type nginx -V and send rhe output. >>> >>> 2) certificate - certificate.cert >>> Certificate_key - certificate.key >>> >>> Once recheck the certs section and make sure that you have generated >>> with certificates with openssl properly. >>> >>> BR >>> Harish Kumar >>> >>> On Thu 26 Nov, 2020, 5:27 AM Pavan P, <[email protected]> wrote: >>> >>>> Hi Harish, >>>> Below is the config of my nginx. Https module is configured fine. >>>> Please let me know if I have missed anything. >>>> >>>> server { >>>> server_name ci1.altlifelab.com; >>>> >>>> location / { >>>> proxy_set_header Host $host:$server_port; >>>> proxy_set_header X-Real-IP $remote_addr; >>>> proxy_set_header X-Forwarded-For >>>> $proxy_add_x_forwarded_for; >>>> proxy_set_header X-Forwarded-Proto $scheme; >>>> >>>> >>>> # Fix the "It appears that your reverse proxy set up is broken" >>>> error. >>>> proxy_pass http://127.0.0.1:9080; >>>> proxy_read_timeout 90; >>>> >>>> proxy_redirect http://127.0.0.1:9080 >>>> http://www.ci1.altlifelab.com; >>>> >>>> # Required for new HTTP-based CLI >>>> proxy_http_version 1.1; >>>> proxy_request_buffering off; >>>> # workaround for >>>> https://issues.jenkins-ci1.org/browse/JENKINS-45651 >>>> add_header 'X-SSH-Endpoint' 'ci1.altlifelab.com:50022' always; >>>> } >>>> >>>> listen 443 ssl; # managed by Certbot >>>> ssl_certificate /etc/letsencrypt/live/ >>>> ci1.altlifelab.com/fullchain.pem; # managed by Certbot >>>> ssl_certificate_key /etc/letsencrypt/live/ >>>> ci1.altlifelab.com/privkey.pem; # managed by Certbot >>>> include /etc/letsencrypt/options-ssl-nginx.conf; # managed by >>>> Certbot >>>> ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot >>>> >>>> >>>> } >>>> >>>> server { >>>> if ($host = ci1.altlifelab.com) { >>>> # return 301 https://$host$request_uri; >>>> return 301 >>>> https://myapps.microsoft.com/signin/ci2/a825dd26-fed2-4423-ae69-6a7d457b4b44?tenantId=eb9970cc-4803-4f6a-9ad2-e9b46042c5fd >>>> ; >>>> } # managed by Certbot >>>> >>>> >>>> listen 80; >>>> server_name ci1.altlifelab.com; >>>> return 301 >>>> https://myapps.microsoft.com/signin/ci2/a825dd26-fed2-4423-ae69-6a7d457b4b44?tenantId=eb9970cc-4803-4f6a-9ad2-e9b46042c5fd; >>>> >>>> } >>>> >>>> On Thu, Nov 26, 2020 at 5:04 AM HARISH KUMAR Ivaturi < >>>> [email protected]> wrote: >>>> >>>>> I am not sure if you have configured nginx with https_module. Once try >>>>> that. And also add proper headers in the nginx.conf like >>>>> >>>>> Listen 443 ssl; >>>>> Certificates location >>>>> >>>>> BR >>>>> Harish Kumar >>>>> >>>>> On Wed 25 Nov, 2020, 3:53 PM Pavan P, <[email protected]> wrote: >>>>> >>>>>> Hi, >>>>>> I have configured nginx to authenticate with azure AD for login. >>>>>> >>>>>> When I access the site abc.example.com it redirects to Azure for >>>>>> authentication and redirects me back once the authentication is complete. >>>>>> >>>>>> How ever when I try to access the site with https abc.example.com it >>>>>> does not redirect for authentication. >>>>>> >>>>>> Is there anyway I can get both http and https to redirect for azure >>>>>> auth. >>>>>> >>>>>> Regards, >>>>>> Pavan >>>>>> >>>>>> _______________________________________________ >>>>>> nginx-devel mailing list >>>>>> [email protected] >>>>>> http://mailman.nginx.org/mailman/listinfo/nginx-devel >>>>> >>>>> _______________________________________________ >>>>> nginx-devel mailing list >>>>> [email protected] >>>>> http://mailman.nginx.org/mailman/listinfo/nginx-devel >>>> >>>> _______________________________________________ >>>> nginx-devel mailing list >>>> [email protected] >>>> http://mailman.nginx.org/mailman/listinfo/nginx-devel >>> >>> _______________________________________________ >>> nginx-devel mailing list >>> [email protected] >>> http://mailman.nginx.org/mailman/listinfo/nginx-devel >> >> _______________________________________________ >> nginx-devel mailing list >> [email protected] >> http://mailman.nginx.org/mailman/listinfo/nginx-devel > > _______________________________________________ > nginx-devel mailing list > [email protected] > http://mailman.nginx.org/mailman/listinfo/nginx-devel
_______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
