Example site? Password protected?

[Maxburn]

OK, but it doesn't quite look like it's going to do it. That did get me to the login screen, BUT after logging in I get this error

Code: Select all

400 Bad Request
The plain HTTP request was sent to HTTPS port
nginx/1.7.7

The error in the log is this:

Code: Select all

2015/03/29 21:00:23 [error] 2454#0: *131 open() "/opt/alarmdecoder-webapp/ad2web/static/css/user_custom.css" failed (2: No such file or directory), client: 10.0.1.20, server: , request: "GET /static/css/user_custom.css HTTP/1.1", host: "10.0.1.30", referrer: "h$


For the record I found the server conf block in /etc/nginx/sites-enabled/alarmdecoder

[kevin]

Will have to play around with this in the office and see what's going on - should be that simple.


As far as that custom css file not being found - you can ignore that error - that file is loaded by the webapp if it exists, if not, then it doesn't care - it's a file you can create to override styles to your own preferences.

[Gordon]

Will have to play around with this in the office and see what's going on - should be that simple.

Oh so I wish!.. been playing around with the config for a few hours now and making very little progress.
Interestingly. when I switched to IE from Chrome, I did get a login screen (since I guess my login was not cached) on port 443 (HTTPS) but once logged in I got the same error message, " 400 Bad Request - The plain HTTP request was sent to HTTPS port"

So.. bump! Hoping to get some help to get HTTPS working

[mathewss]

Sounds like an easy fix inside of NGINX..

Check your server section(s) please send us a copy of your config here.

Here is an example using 2 server sections one for SSL and one for NON SSL

Code: Select all

server {
  listen 80;

  // other directives...
}

server {
  listen 443;

  ssl on;
  // SSL directives...

  // other directives...
}


or you can combine them

Code: Select all

server {
  listen 80;
  listen 443 default ssl;

  # ssl on   - remember to comment this out if you have it active

}


Re
Sean M

[Maxburn]

Again I'm not the expert at this stuff but there seems to be a reverse proxy going on, if that's the right term? The actual alarm decoder page contents after login appear to be coming from this section of the config file:

Code: Select all

    location @alarmdecoder {
        proxy_pass http://127.0.0.1:5000;


So whatever server is on that port needs to handle SSL too I'd guess? No idea why it's done that way but if you pull up the web page on that port it's the same page. I'm not sure if it's even a good idea to have the web server on the pi serving an undocumented port from a security standpoint.

[Gordon]

Just to be clear.. and perhaps correct my error, we are talking about this config file, right?
/etc/nginx/sites-enabled/alarmdecoder

[Maxburn]

Seems there are three config files spelled out. Nginx first looks at the nginx.conf which happens to have this in it:

Code: Select all

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;


There doesn't appear to be anything in my conf.d folder though. So looks like the whole nginx configuration is spread through two files.

[Gordon]

Tried a lot of variations.. this is one
file: /etc/nginx/sites-enabled/alarmdecoder
This should be the same as the original as installed except for the addition of these lines:
listen 443 default ssl;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
I'll add another possible clue.. in IE, I get a partial display with the menu,
Logged in .. Please Wait Loading... etc. and IE warns that only the secure content is displayed. Choose to display all content (or reload) and the "The plain HTTP request was sent to HTTPS port" message comes up. There is no error message in /var/log/nginx/error.log (except the aforementioned css error).

Code: Select all

server {
    listen 80;
    listen 443 default ssl;
    ssl_certificate /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;

    error_page 502 /502.html;

    gzip on;
    gzip_disable "msie6";
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_buffers 16 4k;
    gzip_http_version 1.1;
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

    location / {
        try_files $uri @alarmdecoder;
    }

    location @alarmdecoder {
        proxy_pass http://127.0.0.1:5000;
        include uwsgi_params;
        uwsgi_param UWSGI_SCHEME $scheme;
        uwsgi_param SERVER_SOFTWARE nginx/$nginx_version;

        proxy_redirect off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $server_name;
    }

    location /502.html {
        root /opt/alarmdecoder-webapp/ad2web/static;
    }

    location ~ \.(jpg|jpeg|png|css|js)$ {
    root /opt/alarmdecoder-webapp/ad2web;
    }
}



[kevin]

Hey guys, I was able to get this working in our demo lab with minimal changes to ONLY the nginx configuration file (/etc/nginx/sites-enabled/alarmdecoder)

Here is ours for example:

Code: Select all

server {
   listen 80;
   return 301 https://$host$request_uri;
}

server {
    error_page 502 /502.html;

    listen 443 ssl;
    server_name alarmdecoder-demo;

    ssl_certificate /etc/nginx/cert.crt;
    ssl_certificate_key /etc/nginx/cert.key;

    ssl on;
    ssl_session_cache builtin:1000 shared:SSL:10m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    gzip on;
    gzip_disable "msie6";
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_buffers 16 4k;
    gzip_http_version 1.1;
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

    location / {
        try_files $uri @alarmdecoder;
    }

    location @alarmdecoder {
        proxy_pass http://127.0.0.1:5000;
        include uwsgi_params;
        uwsgi_param UWSGI_SCHEME $scheme;
        uwsgi_param SERVER_SOFTWARE nginx/$nginx_version;

        proxy_redirect off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X_FORWARDED_PROTO https;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $server_name;
   proxy_redirect http://localhost:5000 https://alarmdecoder-demo;
    }

    location /502.html {
        root /opt/alarmdecoder-webapp/ad2web/static;
    }

    location ~ \.(jpg|jpeg|png|css|js)$ {
    root /opt/alarmdecoder-webapp/ad2web;
    }
}


Feel free to use this for example or ask questions - this particular config forces always HTTPS connections - the key lines were:

server block:
server_name alarmdecoder-demo;

@alarmdecoder block:
proxy_set_header X_FORWARDED_PROTO https;
proxy_redirect http://localhost:5000 https://alarmdecoder-demo;

[Gordon]

@ Kevin
Thanks, works great now with Chrome browser (after changing to match my SSL files and path)... Great customer service again!

But note that using IE-11 the behavior is still exactly as I described above. Did you try IE?

Also saw this on restart:

Code: Select all

pi@alarmdecoder ~ $ sudo service nginx restart
Restarting nginx: nginx: [warn] conflicting server name "" on 0.0.0.0:80, ignored
nginx.

Might have spoke too soon.. seems to be back to the same problem, even after restarting chrome and clearing cache.. still testing,, will post update later.