Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
Sergey Tsatsatsa2017-11-17 08:34:09
Nginx
Sergey Tsatsatsa, 2017-11-17 08:34:09

Nginx: https to https?

There is a server where the Jira, Confluence, Bitbucket kit is already configured.
Using proxying through nginx,
Jira: jira.lc -> 0.0.0.0:8880,
Confluence: wiki.lc -> 0.0.0.0:8890,
Bitbucket: git.lc -> 0.0.0.0:8870

Now the task is to translate everything on https. Proxying nginx using the https -> http method does not work, as jira is indignant and does not work correctly. Accordingly, Catalina was configured for Jira to work with https on port 8883, as a result, when accessing this port, everything works.

But we need nginx to proxy https://jira.lc to https://127.0.0.1:8883 .

set up nginx like this:

server {
    listen 0.0.0.0:443 ssl;
    server_name jira.lc www.jira.lc;
    access_log /var/log/nginx/jira_localhost_access.log;
    error_log /var/log/nginx/jira_localhost_error.log;
    proxy_connect_timeout 3600;
    proxy_send_timeout 3600;
    proxy_read_timeout 3600;
    send_timeout 3600;
    client_max_body_size 0;
    location /
    {
        proxy_pass https://127.0.0.1:8883;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-for $remote_addr;
        port_in_redirect off;
        proxy_redirect https://jira.lc:8883/ /;
        fastcgi_read_timeout 3600;
        proxy_connect_timeout 3600;
        proxy_send_timeout 3600;
        proxy_read_timeout 3600;
        send_timeout 3600;
        client_max_body_size 0;
    }
}

but doesn't work. The browser returns the error "An error occurred while establishing a secure connection"

Let me clarify right away:
1. What is "listen 0.0.0.0:443 ssl;", what is "listen 0.0.0.0:443;" they don't work the same way.
2. I'm not a system administrator and I don't have time to study nginx, catalina and all sorts of proxying principles, since there is another job. That is why I am turning to you.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
M
Mikhail Grigoriev, 2017-11-17
@capiev

Proxying nginx using the https -> http method does not work, as jira is indignant and does not work correctly. Accordingly, Catalina was configured for Jira to work with https on port 8883, as a result, when accessing this port, everything works.

1. Set up Jira to work on http only or to work in 2 modes - http and https - this is possible, there are manuals, use Google.
2. As TyzhSysAdmin advised , set up nginx https -> jira http proxying - this will be the most correct solution.

Report
T
TyzhSysAdmin, 2017-11-17
@POS_troi

I'm not a sysadmin and I don't have time to study nginx, catalina and all sorts of proxying principles

For this, I marked the question as a task.
Not set up correctly.
Transfer your services located behind nginx to bare http, you already register certificates on nginx itself, etc.
upstream jira-app {
  least_conn;
  server 127.0.0.1:8883 weight=10 max_fails=3 fail_timeout=30s;
}


server{
  listen 80;
  server_name jira.lc;
  rewrite ^(/.*)$ https://jira.lc permanent;
}

server {
  # Host settings
  listen   443  ssl http2;
  server_name jira.lc;

  # SSL settings
  ssl on;
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 10m;
  ssl_prefer_server_ciphers on;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_certificate /etc/nginx/cert/cert.pem;
  ssl_certificate_key /etc/nginx/cert/privkey.pem;
  ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!kEDH';
  ssl_stapling on;
  ssl_stapling_verify on;
  add_header X-Content-Type-Options nosniff;
  add_header X-XSS-Protection "1; mode=block";
  add_header X-Frame-Options SAMEORIGIN;
  add_header X-IT-TECH-PUBLIC-OFFER "Получая эти HTTP заголовки вы соглашаетесь с тем что попадаете в рабство :)";

  # Compression.
  gzip on;
  gzip_min_length 10240;
  gzip_proxied expired no-cache no-store private auth;
  gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
  gzip_disable "msie6";

  location / {
    proxy_pass http://jira-app;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
  }

}

Well, if you can’t do it, then you have a direct road to a freelance exchange with a cutlet of money - since you don’t want to learn anything yourself :)

Similar questions
B
BonBon Slick2017-09-22 01:55:30
How to check if all rights are configured correctly for files on the server? 1Reply
A
Ayk722017-09-23 23:11:46
How location works? 1Reply
O
Optimus2017-09-26 23:00:26
Where to configure nginx ngx_http_headers_module? 1Reply
A
Alex2017-10-02 14:08:44
How to disable access in NGINX to all non-existent third-level domains on the site via SSL (port 443)? 5Reply
S
SteepNET2020-02-20 15:09:56
Remove slash at the end of nginx request? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question