Hi everyone, I have recently installed Tryton 2.4 in a Linux environment (on an OpenStack instance). It is fully functional under the following situations:
1. I can connect from my Debian Wheezy laptop with the client when the server is connected directly to server's IP address WITHOUT ssl 2. I can connect as above WITH ssl directly to server's IP 3. I can connect from the client to the server THROUGH AN NGINX SERVER which passes requests between client on the internet and the server on its private IP but WITHOUT SSL (!) I need #3 to work WITH SSL but I've tried every imaginable combination of enabling SSL and disabling SSL on trytond and nginx. The nginx web server doing the proxy pass is on a DIFFERENT host than tryton. I can even use web browser or WGET to reach the tryton server using ssl-enabled connection (https: instead of http:) through the NGINX proxy--it all works just fine EXCEPT the client itself! In short I have to get this to work: [tryton server] <----http or https over private net---> [nginx proxy-pass] <----https ONLY on internet----> [client] The symptoms are as follows: * the internet leg of the connection only works with HTTP and no encryption using the tryton client interface * from the client machine I can use a web browser/wget/etc to send requests and see responses from the tryton server (nothing that is usable of course but I see data over a secure connection) * when I try and connect to the server with the tryton it throws an exception that the server returned error 400 "bad request". NGINX logs and wireshark show that the client is trying to do "plain http" to the HTTPS socket. When I test with wget or a web browser I can specifically use "https" in the URL to the public hostname that redirects to the server. However the tryton client has no options to control SSL at all--it seems to "just know". In fact, when I connect the client directly to the server successfully with SSL first, then disalbe SSL, it subsequently gives me a "fingerprint error" on the client until I erase the tryton client config files. What kind of magic is the client performing when it decides to use HTTPS or HTTP? Why does the magic fail when the proxy-pass server is in the way? How can I force the Tryton client to NOT attempt insecure connections? I am not able to get the config files just yet--probably tonight I could. But has anyone seen this kind of problem? Is there a special trick to make proxy-pass work with SSL the way it does without it? Thanks in advance to anyone who can help. -- -- [email protected] mailing list
