ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Solved Problem with Nginx conf file

    IT Discussion
    nginx reverse proxy troubleshooting
    5
    19
    2.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      scottalanmiller
      last edited by

      Looks right to me. No socket.io stuff needed, maybe remove that?

      1 Reply Last reply Reply Quote 0
      • M
        Mike Davis
        last edited by Mike Davis

        @JaredBusch said in Problem with Nginx conf file:

           proxy_pass http://10.254.0.38;
        

        Shouldn't it say:
        proxy_pass https://10.254.0.38;

        (https vs http) Since you're going to a SSL site?

        S 1 Reply Last reply Reply Quote 0
        • S
          scottalanmiller @Mike Davis
          last edited by

          @Mike-Davis said in Problem with Nginx conf file:

          @JaredBusch said in Problem with Nginx conf file:

             proxy_pass http://10.254.0.38;
          

          Shouldn't it say:
          proxy_pass https://10.254.0.38;

          (https vs http) Since you're going to a SSL site?

          No, Nginx is providing the SSL here. He'd likely skip Nginx if he already had SSL without it.

          1 Reply Last reply Reply Quote 0
          • M
            Mike Davis
            last edited by

            Internally, if he goes to http://10.254.0.38
            does he get the Fedora site,
            and if he goes to https://10.254.0.38
            does he get the SuiteCRM site?

            1 Reply Last reply Reply Quote 0
            • B
              black3dynamite
              last edited by black3dynamite

              I know with Snipe-IT in the .env config file, in the Optional: Misc section. You have to supply the ip address of the proxy server when snipe-it is behind a proxy server. Maybe SuiteCRM needs something like that.

              S 1 Reply Last reply Reply Quote 0
              • S
                scottalanmiller @black3dynamite
                last edited by

                @black3dynamite said in Problem with Nginx conf file:

                I know with Snipe-IT in the .env config file, in the Optional: Misc section. You have to supply the ip address of the proxy server when snipe-it is behind a proxy server. Maybe SuiteCRM needs something like that.

                Not with SuiteCRM. We support it and there is no special config like that.

                1 Reply Last reply Reply Quote 0
                • B
                  black3dynamite
                  last edited by

                  Comparing the two configs

                  CRM under location / does not have this:
                  proxy_set_header X-Forwarded-Proto $scheme;

                  S J 2 Replies Last reply Reply Quote 0
                  • S
                    scottalanmiller @black3dynamite
                    last edited by

                    @black3dynamite said in Problem with Nginx conf file:

                    Comparing the two configs

                    CRM under location / does not have this:
                    proxy_set_header X-Forwarded-Proto $scheme;

                    Mine works without that.

                    1 Reply Last reply Reply Quote 0
                    • J
                      JaredBusch
                      last edited by JaredBusch

                      I think there is a simpler problem. because if you notice, the port 80 server block should simple force a rediect to the SSL which will then hits the 443 block.

                      But if you go to crm.bundystl.com it does not even redirect.

                      1 Reply Last reply Reply Quote 0
                      • J
                        JaredBusch
                        last edited by

                        but if you go to assets.bundystl.com it does.

                        1 Reply Last reply Reply Quote 0
                        • J
                          JaredBusch
                          last edited by

                          but DNS resolves the same.
                          and it is all setup the same in cloudflare

                          0_1494647542509_upload-0e9c7782-793c-4c45-bba2-ec4d83e217a8

                          1 Reply Last reply Reply Quote 0
                          • S
                            scottalanmiller
                            last edited by

                            Looks like it is working to me.

                            J 1 Reply Last reply Reply Quote 0
                            • J
                              JaredBusch
                              last edited by

                              well coming back I start over and it works this time.. but i REALLY do not know WTF was different..

                              I deleted the crm conf, and copied assets, again.

                              [root@nginxproxy ~]# cd /etc/nginx/conf.d/
                              [root@nginxproxy conf.d]# rm crm.bundystl.com.conf 
                              rm: remove regular file ‘crm.bundystl.com.conf’? y
                              [root@nginxproxy conf.d]# cp assets.bundystl.com.conf crm.bundystl.com.conf 
                              

                              I edited the crm conf, only changin the two server_name lines and the proxy_pass.

                              [root@nginxproxy conf.d]# nano crm.bundystl.com.conf 
                              [root@nginxproxy conf.d]# cat crm.bundystl.com.conf 
                              server {
                                  client_max_body_size 40M;
                                  listen 443 ssl;
                                  server_name crm.bundystl.com;
                                  ssl          on;
                                  ssl_certificate /etc/letsencrypt/live/support.bundystl.com/fullchain.pem;
                                  ssl_certificate_key /etc/letsencrypt/live/support.bundystl.com/privkey.pem;
                                  ssl_stapling on;
                                  ssl_stapling_verify on;
                                  ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
                                  ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
                                  ssl_prefer_server_ciphers on;
                                  ssl_session_cache shared:SSL:10m;
                                  ssl_dhparam /etc/ssl/certs/dhparam.pem;
                                  add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
                              
                                  location / {
                                      proxy_set_header X-Real-IP $remote_addr;
                                      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                                      proxy_set_header Host $http_host;
                                      proxy_set_header X-NginX-Proxy true;
                                      proxy_set_header X-Forwarded-Proto $scheme;
                                      proxy_pass http://10.254.0.38;
                                      proxy_redirect off;
                              
                                      # Socket.IO Support
                                      proxy_http_version 1.1;
                                      proxy_set_header Upgrade $http_upgrade;
                                      proxy_set_header Connection "upgrade";
                              
                                  }
                              }
                              
                              server {
                                  client_max_body_size 40M;
                                  listen 80;
                                  server_name crm.bundystl.com;
                                  rewrite        ^ https://$server_name$request_uri? permanent;
                              }
                              

                              It tested good

                              [root@nginxproxy conf.d]# nginx -t
                              nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
                              nginx: configuration file /etc/nginx/nginx.conf test is successful
                              [root@nginxproxy conf.d]# systemctl restart nginx
                              [root@nginxproxy conf.d]# 
                              

                              and wtf it works.. someone who can find the difference, please let me know because this drove me fucking mad..

                              0_1494648043805_upload-b0a73f26-d96a-4684-9d71-af15d8dab958

                              1 Reply Last reply Reply Quote 1
                              • J
                                JaredBusch @scottalanmiller
                                last edited by

                                @scottalanmiller said in Problem with Nginx conf file:

                                Looks like it is working to me.

                                see post

                                S 1 Reply Last reply Reply Quote 0
                                • S
                                  scottalanmiller @JaredBusch
                                  last edited by

                                  @JaredBusch said in Problem with Nginx conf file:

                                  @scottalanmiller said in Problem with Nginx conf file:

                                  Looks like it is working to me.

                                  see post

                                  I beat you my a second.

                                  1 Reply Last reply Reply Quote 0
                                  • J
                                    JaredBusch @black3dynamite
                                    last edited by

                                    @black3dynamite said in Problem with Nginx conf file:

                                    Comparing the two configs

                                    CRM under location / does not have this:
                                    proxy_set_header X-Forwarded-Proto $scheme;

                                    That probably went missing when I was troubleshooting. I was copy pasting in pieces and removing them trying to figure out why it was not working.

                                    1 Reply Last reply Reply Quote 0
                                    • 1 / 1
                                    • First post
                                      Last post