Forum OpenACS Development: Re: Setup https

Collapse
4: Re: Setup https (response to 2)
Posted by Iuri Sampaio on
Hi there,

I also found another thread regarding HTTPS issues:
https://openacs.org/forums/message-view?message_id=3853222

I applied them to my installation. Thanks for the tip Victor
.

Furthermore, It turned out that I sort of figured out what was causing the error on my HTTPS installation ( The site works on HTTP but when forwarded to the link
https://ezy.iurix.com:8443 it gets broken.

Surprisingly, within the file config.tcl, instead of the localhost address (127.0.0.1), if I set the parameter address as the external IP then HTTPS works.

set address 206.192.23.166
#set address 127.0.0.1

what would be the cause?

Btw, I am using NGINX proxy server

Collapse
5: Re: Setup https (response to 4)
Posted by Torben Brosten on
Iuri,

If you are using nginx proxy server to serve https url, then trying to access aolserver directly via port 8443 would not work, because aolserver is not configured to serve port 8443 via https port. Instead, https port is served by the proxy server (nginx), where nginx is listening on the https port at the external address --a typical configuration for a proxy server.

cheers,

Torben

Collapse
6: Re: Setup https (response to 5)
Posted by Iuri Sampaio on
Torben,

I am not using nginx server to serve https. See bellow the nginx config file for that instance.

server {
listen 206.192.23.166:80;
server_name ezy.iurix.com;

location / {

root /var/www/ezysource;
client_max_body_size 40M;

proxy_read_timeout 200;
proxy_connect_timeout 200;

proxy_pass http://127.0.0.1:8040;
proxy_set_header X-Forwarded-For $remote_addr;
}

The scenario I have now is:

1) The site works only through HTTPS. (I want it functioning for both HTTP and HTTPS. HTTPS must be used only to specific pages such as login, and etc. ( I am using ecommerce package.)

HTTP links are broken: "502 Bad Gateway"

I'm not sure but I think it isn't necessary to set up nginx to serve HTTPS. Is it?

Collapse
7: Re: Setup https (response to 6)
Posted by Iuri Sampaio on
Ok. So far I believe I fixed HTTP to work together with HTTPS access.

I was blind for small details. I had forgotten to amend proxy_pass parameter on nginx config file.

#proxy_pass http://127.0.0.1:8040;
proxy_pass http://206.192.23.166:8040;

Although, I still reluctant to accept the usage of external IP instead of local (127.0.0.1) within nginx configuration's file as well as aolserver's config.tcl.

But anyway, at least it works now I can't deny that.