Solved Problem with Nginx conf file
-
I spun up SuiteCRM last night. it works by IP as expected.
So next, I connect to the proxy server I have running in front of everything that is on my lab network and make conf file for Nginx. I have many of these, I simply copied one and changed where things were pointing.
[root@nginxproxy ~]# cat /etc/nginx/conf.d/crm.bundystl.com.conf server { client_max_body_size 40M; listen 443 ssl; server_name crm.bundystl.com; server_tokens off; ssl on; ssl_certificate /etc/letsencrypt/live/support.bundystl.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/support.bundystl.com/privkey.pem; ssl_stapling on; ssl_stapling_verify on; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_dhparam /etc/ssl/certs/dhparam.pem; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://10.254.0.38; proxy_redirect off; # Socket.IO Support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } server { client_max_body_size 40M; listen 80; server_name crm.bundystl.com; rewrite ^ https://$server_name$request_uri? permanent; }
But I get this instead..
Because it loads by internal IP, I know that SuiteCRM is up and runnng.
My SnipeIT system is behind this as well and it works perfectly.
[root@nginxproxy ~]# cat /etc/nginx/conf.d/assets.bundystl.com.conf server { client_max_body_size 40M; listen 443 ssl; server_name assets.bundystl.com snipe.bundystl.com; ssl on; ssl_certificate /etc/letsencrypt/live/support.bundystl.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/support.bundystl.com/privkey.pem; ssl_stapling on; ssl_stapling_verify on; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_dhparam /etc/ssl/certs/dhparam.pem; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass https://10.254.0.34; proxy_redirect off; # Socket.IO Support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } server { client_max_body_size 40M; listen 80; server_name assets.bundystl.com snipe.bundystl.com; rewrite ^ https://$server_name$request_uri? permanent; }
someone tell me what stupid f***ing thing I did here...
-
well coming back I start over and it works this time.. but i REALLY do not know WTF was different..
I deleted the crm conf, and copied assets, again.
[root@nginxproxy ~]# cd /etc/nginx/conf.d/ [root@nginxproxy conf.d]# rm crm.bundystl.com.conf rm: remove regular file ‘crm.bundystl.com.conf’? y [root@nginxproxy conf.d]# cp assets.bundystl.com.conf crm.bundystl.com.conf
I edited the crm conf, only changin the two
server_name
lines and theproxy_pass
.[root@nginxproxy conf.d]# nano crm.bundystl.com.conf [root@nginxproxy conf.d]# cat crm.bundystl.com.conf server { client_max_body_size 40M; listen 443 ssl; server_name crm.bundystl.com; ssl on; ssl_certificate /etc/letsencrypt/live/support.bundystl.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/support.bundystl.com/privkey.pem; ssl_stapling on; ssl_stapling_verify on; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_dhparam /etc/ssl/certs/dhparam.pem; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://10.254.0.38; proxy_redirect off; # Socket.IO Support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } server { client_max_body_size 40M; listen 80; server_name crm.bundystl.com; rewrite ^ https://$server_name$request_uri? permanent; }
It tested good
[root@nginxproxy conf.d]# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@nginxproxy conf.d]# systemctl restart nginx [root@nginxproxy conf.d]#
and wtf it works.. someone who can find the difference, please let me know because this drove me fucking mad..
-
I don't know really anything of Nginx - that's a @scottalanmiller thing.
But If the server name is right, and the key is right, than I would think it should work.
First 'difference' I see is the
server_name
SnipeIT as two
server_name
assest and snipe; whereas your CRM is just the CRM..Which I can't see as being incorrect.
-
Can you still get to it by IP?
-
Looks right to me. No socket.io stuff needed, maybe remove that?
-
@JaredBusch said in Problem with Nginx conf file:
proxy_pass http://10.254.0.38;
Shouldn't it say:
proxy_pass https://10.254.0.38;
(https vs http) Since you're going to a SSL site?
-
@Mike-Davis said in Problem with Nginx conf file:
@JaredBusch said in Problem with Nginx conf file:
proxy_pass http://10.254.0.38;
Shouldn't it say:
proxy_pass https://10.254.0.38;
(https vs http) Since you're going to a SSL site?
No, Nginx is providing the SSL here. He'd likely skip Nginx if he already had SSL without it.
-
Internally, if he goes to http://10.254.0.38
does he get the Fedora site,
and if he goes to https://10.254.0.38
does he get the SuiteCRM site? -
I know with Snipe-IT in the .env config file, in the Optional: Misc section. You have to supply the ip address of the proxy server when snipe-it is behind a proxy server. Maybe SuiteCRM needs something like that.
-
@black3dynamite said in Problem with Nginx conf file:
I know with Snipe-IT in the .env config file, in the Optional: Misc section. You have to supply the ip address of the proxy server when snipe-it is behind a proxy server. Maybe SuiteCRM needs something like that.
Not with SuiteCRM. We support it and there is no special config like that.
-
Comparing the two configs
CRM under location / does not have this:
proxy_set_header X-Forwarded-Proto $scheme; -
@black3dynamite said in Problem with Nginx conf file:
Comparing the two configs
CRM under location / does not have this:
proxy_set_header X-Forwarded-Proto $scheme;Mine works without that.
-
I think there is a simpler problem. because if you notice, the port 80 server block should simple force a rediect to the SSL which will then hits the 443 block.
But if you go to crm.bundystl.com it does not even redirect.
-
but if you go to assets.bundystl.com it does.
-
but DNS resolves the same.
and it is all setup the same in cloudflare -
Looks like it is working to me.
-
well coming back I start over and it works this time.. but i REALLY do not know WTF was different..
I deleted the crm conf, and copied assets, again.
[root@nginxproxy ~]# cd /etc/nginx/conf.d/ [root@nginxproxy conf.d]# rm crm.bundystl.com.conf rm: remove regular file ‘crm.bundystl.com.conf’? y [root@nginxproxy conf.d]# cp assets.bundystl.com.conf crm.bundystl.com.conf
I edited the crm conf, only changin the two
server_name
lines and theproxy_pass
.[root@nginxproxy conf.d]# nano crm.bundystl.com.conf [root@nginxproxy conf.d]# cat crm.bundystl.com.conf server { client_max_body_size 40M; listen 443 ssl; server_name crm.bundystl.com; ssl on; ssl_certificate /etc/letsencrypt/live/support.bundystl.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/support.bundystl.com/privkey.pem; ssl_stapling on; ssl_stapling_verify on; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_dhparam /etc/ssl/certs/dhparam.pem; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://10.254.0.38; proxy_redirect off; # Socket.IO Support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } server { client_max_body_size 40M; listen 80; server_name crm.bundystl.com; rewrite ^ https://$server_name$request_uri? permanent; }
It tested good
[root@nginxproxy conf.d]# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@nginxproxy conf.d]# systemctl restart nginx [root@nginxproxy conf.d]#
and wtf it works.. someone who can find the difference, please let me know because this drove me fucking mad..
-
-
@JaredBusch said in Problem with Nginx conf file:
@scottalanmiller said in Problem with Nginx conf file:
Looks like it is working to me.
see post
I beat you my a second.
-
@black3dynamite said in Problem with Nginx conf file:
Comparing the two configs
CRM under location / does not have this:
proxy_set_header X-Forwarded-Proto $scheme;That probably went missing when I was troubleshooting. I was copy pasting in pieces and removing them trying to figure out why it was not working.