Hi Forumers!
I have been beating my head against the wall for 4 days straight and I am hoping someone here can put me out of my misery...
I have an internal legacy web-based application (http) that I cannot modify in any way. I need to make it publicly accessible and since it has sensitive data it needs to be secured by SSL (https). This is a Windows platform. I have loaded OpenSSL and nginx, and both are working properly. I have my SSL certificates installed and they are working properly as well. My proxy, however, is not.
Internally the url to this system is http://www.mydomain.com:7001/psp/HRPROD/ and it works perfectly.
Externally I expect my users go to http://www.mydomain.com
Note - I have replaced my real domain name with mydomain to protect the innocent :)
Here's my config:
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
# listens for incoming connection to http://www.mydomain,com and redirects to https://www.mydomain.com
server {
listen 80;
server_name www.mydomain.com;
return 310 https://$server_name$request_uri;
}
# accepts and decrypts https requests from the server above
server {
listen 443 ssl;
server_name www.mydomain.com;
ssl on;
ssl_certificate certs/mydomain.crt;
ssl_certificate_key certs/mydomain.key;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# proxies inbound requests to the internal server
proxy_pass http://www.mydomain.com:7001/psp/HRPROD/;
#proxy_redirect http://www.mydomain.com:7001 https://www.mydomain.com;
}
}
}
when I go to http://www.mydomain.com from the internet I get to my front page just fine - it even has flipped to https and the certificate is valid - however if I click on any link I get nowhere.
For example I have a link that should be taking me to a self-service screen (internally as http://www.mydomain.com:7001/psp/HRPROD/EMPLOYEE/HRMS/h/?tab=DEFAULT) but my external browser lands on a blank page with a URL of https://www.mydomain.com/?tab=DEFAULT - it has stripped the "/psp/HRPROD/EMPLOYEE/HRMS/h/" from the path.
I am pretty sure my error is with the proxy_pass or location but no matter what I try I cannot get it to work.
Any suggestions would be most appreciated!
Skip
I have been beating my head against the wall for 4 days straight and I am hoping someone here can put me out of my misery...
I have an internal legacy web-based application (http) that I cannot modify in any way. I need to make it publicly accessible and since it has sensitive data it needs to be secured by SSL (https). This is a Windows platform. I have loaded OpenSSL and nginx, and both are working properly. I have my SSL certificates installed and they are working properly as well. My proxy, however, is not.
Internally the url to this system is http://www.mydomain.com:7001/psp/HRPROD/ and it works perfectly.
Externally I expect my users go to http://www.mydomain.com
Note - I have replaced my real domain name with mydomain to protect the innocent :)
Here's my config:
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
# listens for incoming connection to http://www.mydomain,com and redirects to https://www.mydomain.com
server {
listen 80;
server_name www.mydomain.com;
return 310 https://$server_name$request_uri;
}
# accepts and decrypts https requests from the server above
server {
listen 443 ssl;
server_name www.mydomain.com;
ssl on;
ssl_certificate certs/mydomain.crt;
ssl_certificate_key certs/mydomain.key;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# proxies inbound requests to the internal server
proxy_pass http://www.mydomain.com:7001/psp/HRPROD/;
#proxy_redirect http://www.mydomain.com:7001 https://www.mydomain.com;
}
}
}
when I go to http://www.mydomain.com from the internet I get to my front page just fine - it even has flipped to https and the certificate is valid - however if I click on any link I get nowhere.
For example I have a link that should be taking me to a self-service screen (internally as http://www.mydomain.com:7001/psp/HRPROD/EMPLOYEE/HRMS/h/?tab=DEFAULT) but my external browser lands on a blank page with a URL of https://www.mydomain.com/?tab=DEFAULT - it has stripped the "/psp/HRPROD/EMPLOYEE/HRMS/h/" from the path.
I am pretty sure my error is with the proxy_pass or location but no matter what I try I cannot get it to work.
Any suggestions would be most appreciated!
Skip