Solved Problem with Nginx conf file

gjacobse

I don't know really anything of Nginx - that's a @scottalanmiller thing.

But If the server name is right, and the key is right, than I would think it should work.

First 'difference' I see is the server_name

SnipeIT as two server_name assest and snipe; whereas your CRM is just the CRM..

Which I can't see as being incorrect.

gjacobse

Can you still get to it by IP?

scottalanmiller

Looks right to me. No socket.io stuff needed, maybe remove that?

Mike Davis

@JaredBusch said in Problem with Nginx conf file:

   proxy_pass http://10.254.0.38;

Shouldn't it say:
proxy_pass https://10.254.0.38;

(https vs http) Since you're going to a SSL site?

scottalanmiller

@Mike-Davis said in Problem with Nginx conf file:

@JaredBusch said in Problem with Nginx conf file:

   proxy_pass http://10.254.0.38;

Shouldn't it say:
proxy_pass https://10.254.0.38;

(https vs http) Since you're going to a SSL site?

No, Nginx is providing the SSL here. He'd likely skip Nginx if he already had SSL without it.

Mike Davis

Internally, if he goes to http://10.254.0.38
does he get the Fedora site,
and if he goes to https://10.254.0.38
does he get the SuiteCRM site?

black3dynamite

I know with Snipe-IT in the .env config file, in the Optional: Misc section. You have to supply the ip address of the proxy server when snipe-it is behind a proxy server. Maybe SuiteCRM needs something like that.

scottalanmiller

@black3dynamite said in Problem with Nginx conf file:

I know with Snipe-IT in the .env config file, in the Optional: Misc section. You have to supply the ip address of the proxy server when snipe-it is behind a proxy server. Maybe SuiteCRM needs something like that.

Not with SuiteCRM. We support it and there is no special config like that.

black3dynamite

Comparing the two configs

CRM under location / does not have this:
proxy_set_header X-Forwarded-Proto $scheme;

scottalanmiller

@black3dynamite said in Problem with Nginx conf file:

Comparing the two configs

CRM under location / does not have this:
proxy_set_header X-Forwarded-Proto $scheme;

Mine works without that.

JaredBusch

I think there is a simpler problem. because if you notice, the port 80 server block should simple force a rediect to the SSL which will then hits the 443 block.

But if you go to crm.bundystl.com it does not even redirect.

JaredBusch

but if you go to assets.bundystl.com it does.

JaredBusch

but DNS resolves the same.
and it is all setup the same in cloudflare

scottalanmiller

Looks like it is working to me.

JaredBusch

well coming back I start over and it works this time.. but i REALLY do not know WTF was different..

I deleted the crm conf, and copied assets, again.

[root@nginxproxy ~]# cd /etc/nginx/conf.d/
[root@nginxproxy conf.d]# rm crm.bundystl.com.conf 
rm: remove regular file ‘crm.bundystl.com.conf’? y
[root@nginxproxy conf.d]# cp assets.bundystl.com.conf crm.bundystl.com.conf 

I edited the crm conf, only changin the two server_name lines and the proxy_pass.

[root@nginxproxy conf.d]# nano crm.bundystl.com.conf 
[root@nginxproxy conf.d]# cat crm.bundystl.com.conf 
server {
    client_max_body_size 40M;
    listen 443 ssl;
    server_name crm.bundystl.com;
    ssl          on;
    ssl_certificate /etc/letsencrypt/live/support.bundystl.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/support.bundystl.com/privkey.pem;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://10.254.0.38;
        proxy_redirect off;

        # Socket.IO Support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

    }
}

server {
    client_max_body_size 40M;
    listen 80;
    server_name crm.bundystl.com;
    rewrite        ^ https://$server_name$request_uri? permanent;
}

It tested good

[root@nginxproxy conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@nginxproxy conf.d]# systemctl restart nginx
[root@nginxproxy conf.d]# 

and wtf it works.. someone who can find the difference, please let me know because this drove me fucking mad..

JaredBusch

@scottalanmiller said in Problem with Nginx conf file:

Looks like it is working to me.

see post

scottalanmiller

@JaredBusch said in Problem with Nginx conf file:

@scottalanmiller said in Problem with Nginx conf file:

Looks like it is working to me.

see post

I beat you my a second.

JaredBusch

@black3dynamite said in Problem with Nginx conf file:

Comparing the two configs

CRM under location / does not have this:
proxy_set_header X-Forwarded-Proto $scheme;

That probably went missing when I was troubleshooting. I was copy pasting in pieces and removing them trying to figure out why it was not working.