Hi Marty,
Thanks for your follow up attached is how working configuration file, I have
also hardened the nginx.conf ( by commenting server_tokens off; ) remove server
version.
## our http server at port 80
server {
listen 80;
server_name amin.com.au;
## redirect http to https ##
rewrite ^ https://$server_name$request_uri? permanent;
}
## Our https server at port 443. You need to provide ssl config here###
server {
## start ssl config ##
listen 443;
server_name amin.com.au;
## redirect www to nowww
if ($host = 'www.amin.com.au' ) {
rewrite ^/(.*)$ https://amin.com.au/$1 permanent;
}
### ssl config - customize as per your cert files ###
ssl on;
ssl_certificate /etc/ssl/server.crt;
ssl_certificate_key /etc/ssl/server.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
keepalive_timeout 70;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
## Reverse Proxy
location / {
add_header Front-End-Https on;
add_header Cache-Control "public, must-revalidate";
add_header Strict-Transport-Security "max-age=2592000;
includeSubdomains";
proxy_pass http://localhost:8080;
proxy_next_upstream error timeout invalid_header http_500 http_502
http_503;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
I am still calling http://amin.com.au/client
Thanks
Amin
> Date: Wed, 26 Feb 2014 03:12:51 +0000
> Subject: Re: Nginx reverse proxy to cloud stack
> From: [email protected]
> To: [email protected]
>
> Hi Amin,
>
> Did you get this sorted? I assume navigating to
> http://amin.com.au:8080/client works as expected, because of this I
> doubt it's cloudstack API issue.
>
> We could try the following:
> location /client {
> proxy_set_header X-Forwarded-Host $host;
> proxy_set_header X-Forwarded-Server $host;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_pass http://localhost:8080/client;
> }
>
>
> or
>
> location / {
> proxy_set_header X-Forwarded-Host $host;
> proxy_set_header X-Forwarded-Server $host;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> redirect off;
> proxy_pass http://localhost:8080/client;
> }
>
>
> If that doesn't work it might be worth reaching out to the NGinx gurus :)
>
> Marty
>
>
> On Tue, Feb 25, 2014 at 8:29 AM, Amin Samir <[email protected]> wrote:
> > Hi Marty,
> > I might figured out what exactly I need, is a rewrite syntax to change
> > amin.com.au to amin.com.au/client, so whenever a browser hits the nginx
> > with amin.com.au it will change it to be amin.com.au/client
> >
> > Thanks if you know how is this done.
> >
> > Amin.
> >
> >> From: [email protected]
> >> To: [email protected]
> >> Subject: RE: Nginx reverse proxy to cloud stack
> >> Date: Tue, 25 Feb 2014 08:04:56 +0000
> >>
> >> Hi Marty,
> >>
> >> I have tried to restart the nginx, i did not yet enable the ssl , it is
> >> just simple revere proxy from Nginx X back to cloud stack, and navigating
> >> to http://amin.com.au/client will not work, because it still needs the
> >> 8080 port in the URL.
> >>
> >> The problem is that it fires up an API with /client/client/api, whilst it
> >> should fire up /client/api, there is a duplication in the /client/client,
> >> which I dont understand why.
> >>
> >> simply what I am trying to do for now is to call amin.com.au from the web
> >> browser to routed to http://localhost:8080/client via the Nginx reverse
> >> proxy then authenticate and complete working with cloud stack management
> >> server.
> >>
> >> Thanks in advance
> >> Amin
> >>
> >> > Date: Tue, 25 Feb 2014 07:38:47 +0000
> >> > Subject: Re: Nginx reverse proxy to cloud stack
> >> > From: [email protected]
> >> > To: [email protected]
> >> >
> >> > Hi Amin,
> >> >
> >> > The error shown should have hopefully been fixed by adjusting the
> >> > proxy_pass, did you restart nginx?
> >> > Just to confirm, does navigating to https://amin.com.au/client/ load
> >> > fully but still result in a username/password incorrect (giving the
> >> > error shown above)?
> >> >
> >> > Thanks,
> >> > Marty
> >> >
> >> > On Tue, Feb 25, 2014 at 4:54 AM, Amin Samir <[email protected]>
> >> > wrote:
> >> > >
> >> > >
> >> > >
> >> > > Hi Marty,
> >> > > thanks for you fast reply, editing the proxy_pass to be
> >> > > http://localhost:8080 ; does not help, in regards to the location /,
> >> > > when I recall the server from the browser I use "amin.com.au" and I
> >> > > have this domain name set in the local hosts file. One more thing to
> >> > > mention is cloud stack is working with its own URL fine.
> >> > > The F12 error output is as follows:
> >> > > <html><head><title>Apache Tomcat/6.0.35 - Error
> >> > > report</title><style><!--H1
> >> > > {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
> >> > > H2
> >> > > {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
> >> > > H3
> >> > > {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
> >> > > BODY
> >> > > {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;}
> >> > > B
> >> > > {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
> >> > > P
> >> > > {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A
> >> > > {color : black;}A.name {color : black;}HR {color :
> >> > > #525D76;}--></style> </head><body><h1>HTTP Status 404 -
> >> > > /client/client/api</h1><HR size="1" noshade="noshade"><p><b>type</b>
> >> > > Status report</p><p><b>message</b>
> >> > > <u>/client/client/api</u></p><p><b>description</b> <u>The requested
> >> > > resource (/client/client/api) is not available.</u></p><HR size="1"
> >> > > noshade="noshade"><h3>Apache Tomcat/6.0.35</h3></body></html>
> >> > >
> >> > > --------Seems there is a duplication in /client/client/api-------------
> >> > > I dont know how rectify this I am newbie cloudstack and nginx.
> >> > >
> >> > > Thanks in advance.
> >> > > Amin
> >> > >
> >> > >
> >> > >> Date: Tue, 25 Feb 2014 04:15:40 +0000
> >> > >> Subject: Re: Nginx reverse proxy to cloud stack
> >> > >> From: [email protected]
> >> > >> To: [email protected]
> >> > >> CC: [email protected]
> >> > >>
> >> > >> Hi Amin,
> >> > >>
> >> > >> From first glance it seems that it could be related to your location
> >> > >> being '/' - although I personally haven't setup CS behind NGinx
> >> > >> before.
> >> > >> Is there any improvement if 'proxy_pass http://localhost:8080;' is
> >> > >> used? This should make the paths be the 'same' - although it should
> >> > >> all be relative anyway - worth a try.
> >> > >>
> >> > >> You may also be able to see if any web errors are occurring by
> >> > >> profiling network on most new browsers (F12).
> >> > >> Also is there anything obvious in your management logs?
> >> > >>
> >> > >> Let us know how you get on,
> >> > >> Marty
> >> > >>
> >> > >> On Tue, Feb 25, 2014 at 1:57 AM, Amin Samir
> >> > >> <[email protected]> wrote:
> >> > >> > Hello,
> >> > >> >
> >> > >> > I am trying to configure Nginx to reverse proxy cloud stack to
> >> > >> > offload SSL, I have done the following:
> >> > >> > Installed the NginxCreated a virtual host with the following:server
> >> > >> > {
> >> > >> > server_name amin.com.au;
> >> > >> > location / {
> >> > >> > proxy_set_header X-Forwarded-Host $host;
> >> > >> > proxy_set_header X-Forwarded-Server $host;
> >> > >> > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> >> > >> > proxy_pass http://localhost:8080/client/;
> >> > >> > }
> >> > >> > When trying to log on to cloud stack it gives me wrong user name
> >> > >> > and password.I even added the root to be root
> >> > >> > /usr/share/cloudstack-management/webapps/client/; index index.jsp;
> >> > >> > (still does not authenticate me).
> >> > >> > however when trying to log in using http://amin.com.au it
> >> > >> > authenticates me and works smoothly.
> >> > >> >
> >> > >> > Any idea why is this happening.
> >> > >> >
> >> > >> > Thanks in advance for advise what might be the cause.
> >> > >> >
> >> > >> >
> >> > >> > Amin
> >> > >> >
> >> > >> >
> >> > >>
> >> > >>
> >> > >>
> >> > >> --
> >> > >> Marty
> >> > >
> >> > >
> >> >
> >> >
> >> >
> >> > --
> >> > Marty
> >>
> >
>
>
>
> --
> Marty
