Thanks for the configuration Amin, I'm sure it will help someone out in the future.
Marty On Wed, Feb 26, 2014 at 6:23 AM, Amin Samir <[email protected]> wrote: > Hi Marty, > > Thanks for your follow up attached is how working configuration file, I have > also hardened the nginx.conf ( by commenting server_tokens off; ) remove > server version. > > > ## our http server at port 80 > server { > listen 80; > server_name amin.com.au; > ## redirect http to https ## > rewrite ^ https://$server_name$request_uri? permanent; > } > > ## Our https server at port 443. You need to provide ssl config here### > server { > ## start ssl config ## > listen 443; > server_name amin.com.au; > > ## redirect www to nowww > if ($host = 'www.amin.com.au' ) { > rewrite ^/(.*)$ https://amin.com.au/$1 permanent; > } > > ### ssl config - customize as per your cert files ### > ssl on; > ssl_certificate /etc/ssl/server.crt; > ssl_certificate_key /etc/ssl/server.key; > ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; > ssl_ciphers RC4:HIGH:!aNULL:!MD5; > ssl_prefer_server_ciphers on; > keepalive_timeout 70; > ssl_session_cache shared:SSL:10m; > ssl_session_timeout 10m; > > ## Reverse Proxy > location / { > add_header Front-End-Https on; > add_header Cache-Control "public, must-revalidate"; > add_header Strict-Transport-Security "max-age=2592000; > includeSubdomains"; > proxy_pass http://localhost:8080; > proxy_next_upstream error timeout invalid_header http_500 http_502 > http_503; > proxy_set_header Host $host; > proxy_set_header X-Real-IP $remote_addr; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > } > } > > I am still calling http://amin.com.au/client > > Thanks > Amin > > >> Date: Wed, 26 Feb 2014 03:12:51 +0000 >> Subject: Re: Nginx reverse proxy to cloud stack >> From: [email protected] >> To: [email protected] >> >> Hi Amin, >> >> Did you get this sorted? I assume navigating to >> http://amin.com.au:8080/client works as expected, because of this I >> doubt it's cloudstack API issue. >> >> We could try the following: >> location /client { >> proxy_set_header X-Forwarded-Host $host; >> proxy_set_header X-Forwarded-Server $host; >> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; >> proxy_pass http://localhost:8080/client; >> } >> >> >> or >> >> location / { >> proxy_set_header X-Forwarded-Host $host; >> proxy_set_header X-Forwarded-Server $host; >> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; >> redirect off; >> proxy_pass http://localhost:8080/client; >> } >> >> >> If that doesn't work it might be worth reaching out to the NGinx gurus :) >> >> Marty >> >> >> On Tue, Feb 25, 2014 at 8:29 AM, Amin Samir <[email protected]> >> wrote: >> > Hi Marty, >> > I might figured out what exactly I need, is a rewrite syntax to change >> > amin.com.au to amin.com.au/client, so whenever a browser hits the nginx >> > with amin.com.au it will change it to be amin.com.au/client >> > >> > Thanks if you know how is this done. >> > >> > Amin. >> > >> >> From: [email protected] >> >> To: [email protected] >> >> Subject: RE: Nginx reverse proxy to cloud stack >> >> Date: Tue, 25 Feb 2014 08:04:56 +0000 >> >> >> >> Hi Marty, >> >> >> >> I have tried to restart the nginx, i did not yet enable the ssl , it is >> >> just simple revere proxy from Nginx X back to cloud stack, and navigating >> >> to http://amin.com.au/client will not work, because it still needs the >> >> 8080 port in the URL. >> >> >> >> The problem is that it fires up an API with /client/client/api, whilst it >> >> should fire up /client/api, there is a duplication in the /client/client, >> >> which I dont understand why. >> >> >> >> simply what I am trying to do for now is to call amin.com.au from the web >> >> browser to routed to http://localhost:8080/client via the Nginx reverse >> >> proxy then authenticate and complete working with cloud stack management >> >> server. >> >> >> >> Thanks in advance >> >> Amin >> >> >> >> > Date: Tue, 25 Feb 2014 07:38:47 +0000 >> >> > Subject: Re: Nginx reverse proxy to cloud stack >> >> > From: [email protected] >> >> > To: [email protected] >> >> > >> >> > Hi Amin, >> >> > >> >> > The error shown should have hopefully been fixed by adjusting the >> >> > proxy_pass, did you restart nginx? >> >> > Just to confirm, does navigating to https://amin.com.au/client/ load >> >> > fully but still result in a username/password incorrect (giving the >> >> > error shown above)? >> >> > >> >> > Thanks, >> >> > Marty >> >> > >> >> > On Tue, Feb 25, 2014 at 4:54 AM, Amin Samir <[email protected]> >> >> > wrote: >> >> > > >> >> > > >> >> > > >> >> > > Hi Marty, >> >> > > thanks for you fast reply, editing the proxy_pass to be >> >> > > http://localhost:8080 ; does not help, in regards to the location /, >> >> > > when I recall the server from the browser I use "amin.com.au" and I >> >> > > have this domain name set in the local hosts file. One more thing to >> >> > > mention is cloud stack is working with its own URL fine. >> >> > > The F12 error output is as follows: >> >> > > <html><head><title>Apache Tomcat/6.0.35 - Error >> >> > > report</title><style><!--H1 >> >> > > {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} >> >> > > H2 >> >> > > {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} >> >> > > H3 >> >> > > {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} >> >> > > BODY >> >> > > {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} >> >> > > B >> >> > > {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} >> >> > > P >> >> > > {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A >> >> > > {color : black;}A.name {color : black;}HR {color : >> >> > > #525D76;}--></style> </head><body><h1>HTTP Status 404 - >> >> > > /client/client/api</h1><HR size="1" noshade="noshade"><p><b>type</b> >> >> > > Status report</p><p><b>message</b> >> >> > > <u>/client/client/api</u></p><p><b>description</b> <u>The requested >> >> > > resource (/client/client/api) is not available.</u></p><HR size="1" >> >> > > noshade="noshade"><h3>Apache Tomcat/6.0.35</h3></body></html> >> >> > > >> >> > > --------Seems there is a duplication in >> >> > > /client/client/api------------- >> >> > > I dont know how rectify this I am newbie cloudstack and nginx. >> >> > > >> >> > > Thanks in advance. >> >> > > Amin >> >> > > >> >> > > >> >> > >> Date: Tue, 25 Feb 2014 04:15:40 +0000 >> >> > >> Subject: Re: Nginx reverse proxy to cloud stack >> >> > >> From: [email protected] >> >> > >> To: [email protected] >> >> > >> CC: [email protected] >> >> > >> >> >> > >> Hi Amin, >> >> > >> >> >> > >> From first glance it seems that it could be related to your location >> >> > >> being '/' - although I personally haven't setup CS behind NGinx >> >> > >> before. >> >> > >> Is there any improvement if 'proxy_pass http://localhost:8080;' is >> >> > >> used? This should make the paths be the 'same' - although it should >> >> > >> all be relative anyway - worth a try. >> >> > >> >> >> > >> You may also be able to see if any web errors are occurring by >> >> > >> profiling network on most new browsers (F12). >> >> > >> Also is there anything obvious in your management logs? >> >> > >> >> >> > >> Let us know how you get on, >> >> > >> Marty >> >> > >> >> >> > >> On Tue, Feb 25, 2014 at 1:57 AM, Amin Samir >> >> > >> <[email protected]> wrote: >> >> > >> > Hello, >> >> > >> > >> >> > >> > I am trying to configure Nginx to reverse proxy cloud stack to >> >> > >> > offload SSL, I have done the following: >> >> > >> > Installed the NginxCreated a virtual host with the >> >> > >> > following:server { >> >> > >> > server_name amin.com.au; >> >> > >> > location / { >> >> > >> > proxy_set_header X-Forwarded-Host $host; >> >> > >> > proxy_set_header X-Forwarded-Server $host; >> >> > >> > proxy_set_header X-Forwarded-For >> >> > >> > $proxy_add_x_forwarded_for; >> >> > >> > proxy_pass http://localhost:8080/client/; >> >> > >> > } >> >> > >> > When trying to log on to cloud stack it gives me wrong user name >> >> > >> > and password.I even added the root to be root >> >> > >> > /usr/share/cloudstack-management/webapps/client/; index index.jsp; >> >> > >> > (still does not authenticate me). >> >> > >> > however when trying to log in using http://amin.com.au it >> >> > >> > authenticates me and works smoothly. >> >> > >> > >> >> > >> > Any idea why is this happening. >> >> > >> > >> >> > >> > Thanks in advance for advise what might be the cause. >> >> > >> > >> >> > >> > >> >> > >> > Amin >> >> > >> > >> >> > >> > >> >> > >> >> >> > >> >> >> > >> >> >> > >> -- >> >> > >> Marty >> >> > > >> >> > > >> >> > >> >> > >> >> > >> >> > -- >> >> > Marty >> >> >> > >> >> >> >> -- >> Marty > -- Marty
