Re: [mapserver-users] mapcache behind nginx with ssl
OK So I will answer my self then after a major hint from a mapcache user. In the mapcache.xml.sample file there is a section https://github.com/MapServer/mapcache/blob/11f7713c5efb730a1699dfd35bbf7300b38c8e06/mapcache.xml.sample#L7-L14 Where you can do exactly what I want. This solves my problem Den 2021-09-27 22:40, skrev Trygve Aspenes: Hi there I have put up a mapserver behind nginx with ssl and a curl like this curl -s "https://mapserver/cgi-bin/mapserv?map=/data/mapserver/map-files/mapserver-8505ad3e-f9e3-4de3-a080-8253443ac954-20210908T120432Z.map=WMS=GetCapabilities; | grep OnlineResource Gives me like: http://www.w3.org/1999/xlink; xlink:href="https://mapserver/cgi-bin/mapserv?map=/data/mapserver/map-files/mapserver-8505ad3e-f9e3-4de3-a080-8253443ac954-20210908T120432Z.map"/> http://www.w3.org/1999/xlink; xlink:href="https://mapserver/cgi-bin/mapserv?map=/data/mapserver/map-files/mapserver-8505ad3e-f9e3-4de3-a080-8253443ac954-20210908T120432Z.map"/> http://www.w3.org/1999/xlink; xlink:href="https://mapserver/cgi-bin/mapserv?map=/data/mapserver/map-files/mapserver-8505ad3e-f9e3-4de3-a080-8253443ac954-20210908T120432Z.map"/> http://www.w3.org/1999/xlink; xlink:href="https://mapserver/cgi-bin/mapserv?map=/data/mapserver/map-files/mapserver-8505ad3e-f9e3-4de3-a080-8253443ac954-20210908T120432Z.map"/> http://www.w3.org/1999/xlink; xlink:href="https://mapserver/cgi-bin/mapserv?map=/data/mapserver/map-files/mapserver-8505ad3e-f9e3-4de3-a080-8253443ac954-20210908T120432Z.map"/> Yeah you get the idea. Everything perfect with https in the href link. Thanks! So I put up a mapcache which I intend to put up i front of mapserver. When I do a similar curl like: curl -s "https://mapcache/mapcache?Overview=/data/mapserver/map-files/mapserver-8505ad3e-f9e3-4de3-a080-8253443ac954-20210908T120432Z.map=WMS=GetCapabilities; | xmllint --format - | grep OnlineResource I get: http://www.w3.org/1999/xlink; xlink:href="http://mapcache:8090/mapcache?"/> http://www.w3.org/1999/xlink; xlink:href="http://mapcache:8090/mapcache?"/> http://www.w3.org/1999/xlink; xlink:href="http://mapcache:8090/mapcache?"/> http://www.w3.org/1999/xlink; xlink:href="http://mapcache:8090/mapcache?"/> I here starts the problems. If I do this in eg QGIS, QGIS are told to go to the http address with port 8090(mapcache is setup to run on port 8090 behind the scenes) which is not reachable. It should return https (with no specified port, ie. using standard https port) if I understands correctly. And I just cant figure put why. The configuration for the two are almost identical and I have double and tripple check my config. Any idea what I should check next? If it could be of any help I could open access to my mapcache server running. Thanks Trygve PS: when I test mapcache and mapserver setup locally without ssl and nginx in front it works fine. ___ MapServer-users mailing list MapServer-users@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/mapserver-users ___ MapServer-users mailing list MapServer-users@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/mapserver-users
Re: [mapserver-users] mapcache behind nginx with ssl
I had the same issue with HAProxy in front and Mapserver on Apache in the back. 1. http->http (returns http-urls) 2. https->http (returns http-urls) 3. https->https (returns https-urls) Even if I tell the backend that the client request protocol was https on port 443 (forwardfor,forwardport,forwardprotocol). It would be nice if Mapserver could utilize information from forwardport/forwardprotocol, so we could do ssl-offloading instead of ssl-passthrough - if we wanted to. My solution was to serve a dummy-certificate on the backend, and configure alt. 1 and 2. -Bjørn Ove Trygve Aspenes: > Hi there > > I have put up a mapserver behind nginx with ssl and a curl like this > > curl -s > "https://mapserver/cgi-bin/mapserv?map=/data/mapserver/map-files/mapserver-8505ad3e-f9e3-4de3-a080-8253443ac954-20210908T120432Z.map=WMS=GetCapabilities; > | grep OnlineResource > > Gives me like: > > http://www.w3.org/1999/xlink; > xlink:href="https://mapserver/cgi-bin/mapserv?map=/data/mapserver/map-files/mapserver-8505ad3e-f9e3-4de3-a080-8253443ac954-20210908T120432Z.map"/> > http://www.w3.org/1999/xlink; > xlink:href="https://mapserver/cgi-bin/mapserv?map=/data/mapserver/map-files/mapserver-8505ad3e-f9e3-4de3-a080-8253443ac954-20210908T120432Z.map"/> > http://www.w3.org/1999/xlink; > xlink:href="https://mapserver/cgi-bin/mapserv?map=/data/mapserver/map-files/mapserver-8505ad3e-f9e3-4de3-a080-8253443ac954-20210908T120432Z.map"/> > http://www.w3.org/1999/xlink; > xlink:href="https://mapserver/cgi-bin/mapserv?map=/data/mapserver/map-files/mapserver-8505ad3e-f9e3-4de3-a080-8253443ac954-20210908T120432Z.map"/> > http://www.w3.org/1999/xlink; > xlink:href="https://mapserver/cgi-bin/mapserv?map=/data/mapserver/map-files/mapserver-8505ad3e-f9e3-4de3-a080-8253443ac954-20210908T120432Z.map"/> > > Yeah you get the idea. Everything perfect with https in the href link. > Thanks! > > So I put up a mapcache which I intend to put up i front of mapserver. When I > do a similar curl like: > > curl -s > "https://mapcache/mapcache?Overview=/data/mapserver/map-files/mapserver-8505ad3e-f9e3-4de3-a080-8253443ac954-20210908T120432Z.map=WMS=GetCapabilities; > | xmllint --format - | grep OnlineResource > > I get: > > http://www.w3.org/1999/xlink; > xlink:href="http://mapcache:8090/mapcache?"/> > http://www.w3.org/1999/xlink; > xlink:href="http://mapcache:8090/mapcache?"/> > http://www.w3.org/1999/xlink; > xlink:href="http://mapcache:8090/mapcache?"/> > http://www.w3.org/1999/xlink; > xlink:href="http://mapcache:8090/mapcache?"/> > > I here starts the problems. If I do this in eg QGIS, QGIS are told to go to > the http address with port 8090(mapcache is setup to run on port 8090 behind > the scenes) which is not reachable. It should return https (with no > specified port, ie. using standard https port) if I understands correctly. > > And I just cant figure put why. > > The configuration for the two are almost identical and I have double and > tripple check my config. > > Any idea what I should check next? > > If it could be of any help I could open access to my mapcache server > running. > > Thanks > > Trygve > > PS: when I test mapcache and mapserver setup locally without ssl and nginx > in front it works fine. > ___ > MapServer-users mailing list > MapServer-users@lists.osgeo.org > https://lists.osgeo.org/mailman/listinfo/mapserver-users ___ MapServer-users mailing list MapServer-users@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/mapserver-users
[mapserver-users] mapcache behind nginx with ssl
Hi there I have put up a mapserver behind nginx with ssl and a curl like this curl -s "https://mapserver/cgi-bin/mapserv?map=/data/mapserver/map-files/mapserver-8505ad3e-f9e3-4de3-a080-8253443ac954-20210908T120432Z.map=WMS=GetCapabilities; | grep OnlineResource Gives me like: http://www.w3.org/1999/xlink; xlink:href="https://mapserver/cgi-bin/mapserv?map=/data/mapserver/map-files/mapserver-8505ad3e-f9e3-4de3-a080-8253443ac954-20210908T120432Z.map"/> xmlns:xlink="http://www.w3.org/1999/xlink; xlink:href="https://mapserver/cgi-bin/mapserv?map=/data/mapserver/map-files/mapserver-8505ad3e-f9e3-4de3-a080-8253443ac954-20210908T120432Z.map"/> xmlns:xlink="http://www.w3.org/1999/xlink; xlink:href="https://mapserver/cgi-bin/mapserv?map=/data/mapserver/map-files/mapserver-8505ad3e-f9e3-4de3-a080-8253443ac954-20210908T120432Z.map"/> xmlns:xlink="http://www.w3.org/1999/xlink; xlink:href="https://mapserver/cgi-bin/mapserv?map=/data/mapserver/map-files/mapserver-8505ad3e-f9e3-4de3-a080-8253443ac954-20210908T120432Z.map"/> xmlns:xlink="http://www.w3.org/1999/xlink; xlink:href="https://mapserver/cgi-bin/mapserv?map=/data/mapserver/map-files/mapserver-8505ad3e-f9e3-4de3-a080-8253443ac954-20210908T120432Z.map"/> Yeah you get the idea. Everything perfect with https in the href link. Thanks! So I put up a mapcache which I intend to put up i front of mapserver. When I do a similar curl like: curl -s "https://mapcache/mapcache?Overview=/data/mapserver/map-files/mapserver-8505ad3e-f9e3-4de3-a080-8253443ac954-20210908T120432Z.map=WMS=GetCapabilities; | xmllint --format - | grep OnlineResource I get: http://www.w3.org/1999/xlink; xlink:href="http://mapcache:8090/mapcache?"/> http://www.w3.org/1999/xlink; xlink:href="http://mapcache:8090/mapcache?"/> http://www.w3.org/1999/xlink; xlink:href="http://mapcache:8090/mapcache?"/> http://www.w3.org/1999/xlink; xlink:href="http://mapcache:8090/mapcache?"/> I here starts the problems. If I do this in eg QGIS, QGIS are told to go to the http address with port 8090(mapcache is setup to run on port 8090 behind the scenes) which is not reachable. It should return https (with no specified port, ie. using standard https port) if I understands correctly. And I just cant figure put why. The configuration for the two are almost identical and I have double and tripple check my config. Any idea what I should check next? If it could be of any help I could open access to my mapcache server running. Thanks Trygve PS: when I test mapcache and mapserver setup locally without ssl and nginx in front it works fine. ___ MapServer-users mailing list MapServer-users@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/mapserver-users
