cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Amin Samir <aminsamira...@hotmail.com>
Subject RE: Nginx reverse proxy to cloud stack
Date Wed, 26 Feb 2014 06:23:30 GMT
Hi Marty,

Thanks for your follow up attached is how working configuration file, I have also hardened
the nginx.conf ( by commenting server_tokens off; ) remove server version.


## our http server at port 80
server {
      listen      80;
      server_name amin.com.au;
      ## redirect http to https ##
      rewrite        ^ https://$server_name$request_uri? permanent;
}

## Our https server at port 443. You need to provide ssl config here###
server {
      ## start ssl config ##
      listen      443;
      server_name amin.com.au;

## redirect www to nowww
      if ($host = 'www.amin.com.au' ) {
         rewrite  ^/(.*)$  https://amin.com.au/$1  permanent;
   }

    ### ssl config - customize as per your cert files ###
     ssl on;
     ssl_certificate      /etc/ssl/server.crt;
     ssl_certificate_key  /etc/ssl/server.key;
     ssl_protocols        SSLv3 TLSv1 TLSv1.1 TLSv1.2;
     ssl_ciphers RC4:HIGH:!aNULL:!MD5;
     ssl_prefer_server_ciphers on;
     keepalive_timeout    70;
     ssl_session_cache    shared:SSL:10m;
     ssl_session_timeout  10m;

    ## Reverse Proxy
      location / {
        add_header           Front-End-Https    on;
        add_header  Cache-Control "public, must-revalidate";
        add_header Strict-Transport-Security "max-age=2592000; includeSubdomains";
        proxy_pass  http://localhost:8080;
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
        proxy_set_header        Host            $host;
        proxy_set_header        X-Real-IP       $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      }
}

I am still calling http://amin.com.au/client

Thanks
Amin


> Date: Wed, 26 Feb 2014 03:12:51 +0000
> Subject: Re: Nginx reverse proxy to cloud stack
> From: msweet.dev@gmail.com
> To: users@cloudstack.apache.org
> 
> Hi Amin,
> 
> Did you get this sorted? I assume navigating to
> http://amin.com.au:8080/client works as expected, because of this I
> doubt it's cloudstack API issue.
> 
> We could try the following:
>  location /client {
>         proxy_set_header X-Forwarded-Host $host;
>         proxy_set_header X-Forwarded-Server $host;
>         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>         proxy_pass http://localhost:8080/client;
>     }
> 
> 
> or
> 
>  location / {
>         proxy_set_header X-Forwarded-Host $host;
>         proxy_set_header X-Forwarded-Server $host;
>         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>         redirect off;
>         proxy_pass http://localhost:8080/client;
>     }
> 
> 
> If that doesn't work it might be worth reaching out to the NGinx gurus :)
> 
> Marty
> 
> 
> On Tue, Feb 25, 2014 at 8:29 AM, Amin Samir <aminsamiramin@hotmail.com> wrote:
> > Hi Marty,
> > I might figured out what exactly I need, is a rewrite syntax to change amin.com.au
to amin.com.au/client, so whenever a browser hits the nginx with amin.com.au it will change
it to be amin.com.au/client
> >
> > Thanks if you know how is this done.
> >
> > Amin.
> >
> >> From: aminsamiramin@hotmail.com
> >> To: users@cloudstack.apache.org
> >> Subject: RE: Nginx reverse proxy to cloud stack
> >> Date: Tue, 25 Feb 2014 08:04:56 +0000
> >>
> >> Hi Marty,
> >>
> >> I have tried to restart the nginx, i did not yet enable the ssl , it is just
simple revere proxy from Nginx X back to cloud stack, and navigating to http://amin.com.au/client
will not work, because it still needs the 8080 port in the URL.
> >>
> >> The problem is that it fires up an API with /client/client/api, whilst it should
fire up /client/api, there is a duplication in the /client/client, which I dont understand
why.
> >>
> >> simply what I am trying to do for now is to call amin.com.au from the web browser
to routed to http://localhost:8080/client via the Nginx reverse proxy then authenticate and
complete working with cloud stack management server.
> >>
> >> Thanks in advance
> >> Amin
> >>
> >> > Date: Tue, 25 Feb 2014 07:38:47 +0000
> >> > Subject: Re: Nginx reverse proxy to cloud stack
> >> > From: msweet.dev@gmail.com
> >> > To: users@cloudstack.apache.org
> >> >
> >> > Hi Amin,
> >> >
> >> > The error shown should have hopefully been fixed by adjusting the
> >> > proxy_pass, did you restart nginx?
> >> > Just to confirm, does navigating to https://amin.com.au/client/ load
> >> > fully but still result in a username/password incorrect (giving the
> >> > error shown above)?
> >> >
> >> > Thanks,
> >> > Marty
> >> >
> >> > On Tue, Feb 25, 2014 at 4:54 AM, Amin Samir <aminsamiramin@hotmail.com>
wrote:
> >> > >
> >> > >
> >> > >
> >> > > Hi Marty,
> >> > > thanks for you fast reply, editing the proxy_pass to be http://localhost:8080
; does not help, in regards to the location /, when I recall the server from the browser I
use "amin.com.au" and I have this domain name set in the local hosts file.  One more thing
to mention is cloud stack is working with its own URL fine.
> >> > > The F12 error output is as follows:
> >> > > <html><head><title>Apache Tomcat/6.0.35 - Error
report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color
: black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP
Status 404 - /client/client/api</h1><HR size="1" noshade="noshade"><p><b>type</b>
Status report</p><p><b>message</b> <u>/client/client/api</u></p><p><b>description</b>
<u>The requested resource (/client/client/api) is not available.</u></p><HR
size="1" noshade="noshade"><h3>Apache Tomcat/6.0.35</h3></body></html>
> >> > >
> >> > > --------Seems there is a duplication in /client/client/api-------------
> >> > > I dont know how rectify this I am newbie cloudstack and nginx.
> >> > >
> >> > > Thanks in advance.
> >> > > Amin
> >> > >
> >> > >
> >> > >> Date: Tue, 25 Feb 2014 04:15:40 +0000
> >> > >> Subject: Re: Nginx reverse proxy to cloud stack
> >> > >> From: msweet.dev@gmail.com
> >> > >> To: users@cloudstack.apache.org
> >> > >> CC: aminsamiramin@hotmail.com
> >> > >>
> >> > >> Hi Amin,
> >> > >>
> >> > >> From first glance it seems that it could be related to your location
> >> > >> being '/' - although I personally haven't setup CS behind NGinx
> >> > >> before.
> >> > >> Is there any improvement if 'proxy_pass http://localhost:8080;'
is
> >> > >> used? This should make the paths be the 'same' - although it should
> >> > >> all be relative anyway - worth a try.
> >> > >>
> >> > >> You may also be able to see if any web errors are occurring by
> >> > >> profiling network on most new browsers (F12).
> >> > >> Also is there anything obvious in your management logs?
> >> > >>
> >> > >> Let us know how you get on,
> >> > >> Marty
> >> > >>
> >> > >> On Tue, Feb 25, 2014 at 1:57 AM, Amin Samir <aminsamiramin@hotmail.com>
wrote:
> >> > >> > Hello,
> >> > >> >
> >> > >> > I am trying to configure Nginx to reverse proxy cloud stack
to offload SSL, I have done the following:
> >> > >> > Installed the NginxCreated a virtual host with the following:server
{
> >> > >> >     server_name  amin.com.au;
> >> > >> >  location / {
> >> > >> >         proxy_set_header X-Forwarded-Host $host;
> >> > >> >         proxy_set_header X-Forwarded-Server $host;
> >> > >> >         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> >> > >> >         proxy_pass http://localhost:8080/client/;
> >> > >> >     }
> >> > >> > When trying to log on to cloud stack it gives me wrong user
name and password.I even added the root to be root /usr/share/cloudstack-management/webapps/client/;
index index.jsp; (still does not authenticate me).
> >> > >> > however when trying to log in using http://amin.com.au it
authenticates me and works smoothly.
> >> > >> >
> >> > >> > Any idea why is this happening.
> >> > >> >
> >> > >> > Thanks in advance for advise what might be the cause.
> >> > >> >
> >> > >> >
> >> > >> > Amin
> >> > >> >
> >> > >> >
> >> > >>
> >> > >>
> >> > >>
> >> > >> --
> >> > >> Marty
> >> > >
> >> > >
> >> >
> >> >
> >> >
> >> > --
> >> > Marty
> >>
> >
> 
> 
> 
> -- 
> Marty
 		 	   		  
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message