Amin,
For what exactly we are using nginx here? just to offload ssl feature or as
load balancing solution as well or other?
If you have got it working for the purpose and its achieved, may be you can add
a wiki page at CS site and it may help others as well.
You can add your page as per new docs format created by sebastian for 4.3.
Thanks!
Santhosh
________________________________________
From: Marty Sweet [msweet....@gmail.com]
Sent: Wednesday, February 26, 2014 2:55 AM
To: users@cloudstack.apache.org
Subject: Re: Nginx reverse proxy to cloud stack
Thanks for the configuration Amin, I'm sure it will help someone out
in the future.
Marty
On Wed, Feb 26, 2014 at 6:23 AM, Amin Samir <aminsamira...@hotmail.com> wrote:
> Hi Marty,
>
> Thanks for your follow up attached is how working configuration file, I have
> also hardened the nginx.conf ( by commenting server_tokens off; ) remove
> server version.
>
>
> ## our http server at port 80
> server {
> listen 80;
> server_name amin.com.au;
> ## redirect http to https ##
> rewrite ^ https://$server_name$request_uri? permanent;
> }
>
> ## Our https server at port 443. You need to provide ssl config here###
> server {
> ## start ssl config ##
> listen 443;
> server_name amin.com.au;
>
> ## redirect www to nowww
> if ($host = 'www.amin.com.au' ) {
> rewrite ^/(.*)$ https://amin.com.au/$1 permanent;
> }
>
> ### ssl config - customize as per your cert files ###
> ssl on;
> ssl_certificate /etc/ssl/server.crt;
> ssl_certificate_key /etc/ssl/server.key;
> ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
> ssl_ciphers RC4:HIGH:!aNULL:!MD5;
> ssl_prefer_server_ciphers on;
> keepalive_timeout 70;
> ssl_session_cache shared:SSL:10m;
> ssl_session_timeout 10m;
>
> ## Reverse Proxy
> location / {
> add_header Front-End-Https on;
> add_header Cache-Control "public, must-revalidate";
> add_header Strict-Transport-Security "max-age=2592000;
> includeSubdomains";
> proxy_pass http://localhost:8080;
> proxy_next_upstream error timeout invalid_header http_500 http_502
> http_503;
> proxy_set_header Host $host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> }
> }
>
> I am still calling http://amin.com.au/client
>
> Thanks
> Amin
>
>
>> Date: Wed, 26 Feb 2014 03:12:51 +0000
>> Subject: Re: Nginx reverse proxy to cloud stack
>> From: msweet....@gmail.com
>> To: users@cloudstack.apache.org
>>
>> Hi Amin,
>>
>> Did you get this sorted? I assume navigating to
>> http://amin.com.au:8080/client works as expected, because of this I
>> doubt it's cloudstack API issue.
>>
>> We could try the following:
>> location /client {
>> proxy_set_header X-Forwarded-Host $host;
>> proxy_set_header X-Forwarded-Server $host;
>> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>> proxy_pass http://localhost:8080/client;
>> }
>>
>>
>> or
>>
>> location / {
>> proxy_set_header X-Forwarded-Host $host;
>> proxy_set_header X-Forwarded-Server $host;
>> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>> redirect off;
>> proxy_pass http://localhost:8080/client;
>> }
>>
>>
>> If that doesn't work it might be worth reaching out to the NGinx gurus :)
>>
>> Marty
>>
>>
>> On Tue, Feb 25, 2014 at 8:29 AM, Amin Samir <aminsamira...@hotmail.com>
>> wrote:
>> > Hi Marty,
>> > I might figured out what exactly I need, is a rewrite syntax to change
>> > amin.com.au to amin.com.au/client, so whenever a browser hits the nginx
>> > with amin.com.au it will change it to be amin.com.au/client
>> >
>> > Thanks if you know how is this done.
>> >
>> > Amin.
>> >
>> >> From: aminsamira...@hotmail.com
>> >> To: users@cloudstack.apache.org
>> >> Subject: RE: Nginx reverse proxy to cloud stack
>> >> Date: Tue, 25 Feb 2014 08:04:56 +0000
>> >>
>> >> Hi Marty,
>> >>
>> >> I have tried to restart the nginx, i did not yet enable the ssl , it is
>> >> just simple revere proxy from Nginx X back to cloud stack, and navigating
>> >> to http://amin.com.au/client will not work, because it still needs the
>> >> 8080 port in the URL.
>> >>
>> >> The problem is that it fires up an API with /client/client/api, whilst it
>> >> should fire up /client/api, there is a duplication in the /client/client,
>> >> which I dont understand why.
>> >>
>> >> simply what I am trying to do for now is to call amin.com.au from the web
>> >> browser to routed to http://localhost:8080/client via the Nginx reverse
>> >> proxy then authenticate and complete working with cloud stack management
>> >> server.
>> >>
>> >> Thanks in advance
>> >> Amin
>> >>
>> >> > Date: Tue, 25 Feb 2014 07:38:47 +0000
>> >> > Subject: Re: Nginx reverse proxy to cloud stack
>> >> > From: msweet....@gmail.com
>> >> > To: users@cloudstack.apache.org
>> >> >
>> >> > Hi Amin,
>> >> >
>> >> > The error shown should have hopefully been fixed by adjusting the
>> >> > proxy_pass, did you restart nginx?
>> >> > Just to confirm, does navigating to https://amin.com.au/client/ load
>> >> > fully but still result in a username/password incorrect (giving the
>> >> > error shown above)?
>> >> >
>> >> > Thanks,
>> >> > Marty
>> >> >
>> >> > On Tue, Feb 25, 2014 at 4:54 AM, Amin Samir <aminsamira...@hotmail.com>
>> >> > wrote:
>> >> > >
>> >> > >
>> >> > >
>> >> > > Hi Marty,
>> >> > > thanks for you fast reply, editing the proxy_pass to be
>> >> > > http://localhost:8080 ; does not help, in regards to the location /,
>> >> > > when I recall the server from the browser I use "amin.com.au" and I
>> >> > > have this domain name set in the local hosts file. One more thing to
>> >> > > mention is cloud stack is working with its own URL fine.
>> >> > > The F12 error output is as follows:
>> >> > > <html><head><title>Apache Tomcat/6.0.35 - Error
>> >> > > report</title><style><!--H1
>> >> > > {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
>> >> > > H2
>> >> > > {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
>> >> > > H3
>> >> > > {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
>> >> > > BODY
>> >> > > {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;}
>> >> > > B
>> >> > > {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
>> >> > > P
>> >> > > {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A
>> >> > > {color : black;}A.name {color : black;}HR {color :
>> >> > > #525D76;}--></style> </head><body><h1>HTTP Status 404 -
>> >> > > /client/client/api</h1><HR size="1" noshade="noshade"><p><b>type</b>
>> >> > > Status report</p><p><b>message</b>
>> >> > > <u>/client/client/api</u></p><p><b>description</b> <u>The requested
>> >> > > resource (/client/client/api) is not available.</u></p><HR size="1"
>> >> > > noshade="noshade"><h3>Apache Tomcat/6.0.35</h3></body></html>
>> >> > >
>> >> > > --------Seems there is a duplication in
>> >> > > /client/client/api-------------
>> >> > > I dont know how rectify this I am newbie cloudstack and nginx.
>> >> > >
>> >> > > Thanks in advance.
>> >> > > Amin
>> >> > >
>> >> > >
>> >> > >> Date: Tue, 25 Feb 2014 04:15:40 +0000
>> >> > >> Subject: Re: Nginx reverse proxy to cloud stack
>> >> > >> From: msweet....@gmail.com
>> >> > >> To: users@cloudstack.apache.org
>> >> > >> CC: aminsamira...@hotmail.com
>> >> > >>
>> >> > >> Hi Amin,
>> >> > >>
>> >> > >> From first glance it seems that it could be related to your location
>> >> > >> being '/' - although I personally haven't setup CS behind NGinx
>> >> > >> before.
>> >> > >> Is there any improvement if 'proxy_pass http://localhost:8080;' is
>> >> > >> used? This should make the paths be the 'same' - although it should
>> >> > >> all be relative anyway - worth a try.
>> >> > >>
>> >> > >> You may also be able to see if any web errors are occurring by
>> >> > >> profiling network on most new browsers (F12).
>> >> > >> Also is there anything obvious in your management logs?
>> >> > >>
>> >> > >> Let us know how you get on,
>> >> > >> Marty
>> >> > >>
>> >> > >> On Tue, Feb 25, 2014 at 1:57 AM, Amin Samir
>> >> > >> <aminsamira...@hotmail.com> wrote:
>> >> > >> > Hello,
>> >> > >> >
>> >> > >> > I am trying to configure Nginx to reverse proxy cloud stack to
>> >> > >> > offload SSL, I have done the following:
>> >> > >> > Installed the NginxCreated a virtual host with the
>> >> > >> > following:server {
>> >> > >> > server_name amin.com.au;
>> >> > >> > location / {
>> >> > >> > proxy_set_header X-Forwarded-Host $host;
>> >> > >> > proxy_set_header X-Forwarded-Server $host;
>> >> > >> > proxy_set_header X-Forwarded-For
>> >> > >> > $proxy_add_x_forwarded_for;
>> >> > >> > proxy_pass http://localhost:8080/client/;
>> >> > >> > }
>> >> > >> > When trying to log on to cloud stack it gives me wrong user name
>> >> > >> > and password.I even added the root to be root
>> >> > >> > /usr/share/cloudstack-management/webapps/client/; index index.jsp;
>> >> > >> > (still does not authenticate me).
>> >> > >> > however when trying to log in using http://amin.com.au it
>> >> > >> > authenticates me and works smoothly.
>> >> > >> >
>> >> > >> > Any idea why is this happening.
>> >> > >> >
>> >> > >> > Thanks in advance for advise what might be the cause.
>> >> > >> >
>> >> > >> >
>> >> > >> > Amin
>> >> > >> >
>> >> > >> >
>> >> > >>
>> >> > >>
>> >> > >>
>> >> > >> --
>> >> > >> Marty
>> >> > >
>> >> > >
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> > Marty
>> >>
>> >
>>
>>
>>
>> --
>> Marty
>
--
Marty
