Solved Problem with Nginx conf file
-
@Mike-Davis said in Problem with Nginx conf file:
@JaredBusch said in Problem with Nginx conf file:
proxy_pass http://10.254.0.38;
Shouldn't it say:
proxy_pass https://10.254.0.38;
(https vs http) Since you're going to a SSL site?
No, Nginx is providing the SSL here. He'd likely skip Nginx if he already had SSL without it.
-
Internally, if he goes to http://10.254.0.38
does he get the Fedora site,
and if he goes to https://10.254.0.38
does he get the SuiteCRM site? -
I know with Snipe-IT in the .env config file, in the Optional: Misc section. You have to supply the ip address of the proxy server when snipe-it is behind a proxy server. Maybe SuiteCRM needs something like that.
-
@black3dynamite said in Problem with Nginx conf file:
I know with Snipe-IT in the .env config file, in the Optional: Misc section. You have to supply the ip address of the proxy server when snipe-it is behind a proxy server. Maybe SuiteCRM needs something like that.
Not with SuiteCRM. We support it and there is no special config like that.
-
Comparing the two configs
CRM under location / does not have this:
proxy_set_header X-Forwarded-Proto $scheme; -
@black3dynamite said in Problem with Nginx conf file:
Comparing the two configs
CRM under location / does not have this:
proxy_set_header X-Forwarded-Proto $scheme;Mine works without that.
-
I think there is a simpler problem. because if you notice, the port 80 server block should simple force a rediect to the SSL which will then hits the 443 block.
But if you go to crm.bundystl.com it does not even redirect.
-
but if you go to assets.bundystl.com it does.
-
but DNS resolves the same.
and it is all setup the same in cloudflare -
Looks like it is working to me.
-
well coming back I start over and it works this time.. but i REALLY do not know WTF was different..
I deleted the crm conf, and copied assets, again.
[root@nginxproxy ~]# cd /etc/nginx/conf.d/ [root@nginxproxy conf.d]# rm crm.bundystl.com.conf rm: remove regular file ‘crm.bundystl.com.conf’? y [root@nginxproxy conf.d]# cp assets.bundystl.com.conf crm.bundystl.com.conf
I edited the crm conf, only changin the two
server_name
lines and theproxy_pass
.[root@nginxproxy conf.d]# nano crm.bundystl.com.conf [root@nginxproxy conf.d]# cat crm.bundystl.com.conf server { client_max_body_size 40M; listen 443 ssl; server_name crm.bundystl.com; ssl on; ssl_certificate /etc/letsencrypt/live/support.bundystl.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/support.bundystl.com/privkey.pem; ssl_stapling on; ssl_stapling_verify on; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_dhparam /etc/ssl/certs/dhparam.pem; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://10.254.0.38; proxy_redirect off; # Socket.IO Support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } server { client_max_body_size 40M; listen 80; server_name crm.bundystl.com; rewrite ^ https://$server_name$request_uri? permanent; }
It tested good
[root@nginxproxy conf.d]# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@nginxproxy conf.d]# systemctl restart nginx [root@nginxproxy conf.d]#
and wtf it works.. someone who can find the difference, please let me know because this drove me fucking mad..
-
-
@JaredBusch said in Problem with Nginx conf file:
@scottalanmiller said in Problem with Nginx conf file:
Looks like it is working to me.
see post
I beat you my a second.
-
@black3dynamite said in Problem with Nginx conf file:
Comparing the two configs
CRM under location / does not have this:
proxy_set_header X-Forwarded-Proto $scheme;That probably went missing when I was troubleshooting. I was copy pasting in pieces and removing them trying to figure out why it was not working.