in the websites (nginx) plugin you have the option to force a website to SSL. I want to use this as a method to proxy to unsafe sites, but whenever I try to access http://test.domain.com, instead of enforcing https://test.domain.com the OMV admin panel appears.
what can we do here?
The nginx server tries to identify the local server via the host entry in the http header which is sent by the browser.
On which port your nginx server is listening?
Are you running it from web or in LAN area?
I think there might be an issue with the subdomain not pointing to the right port.
Openmediavault is configured to be the default server listening to the 80 / 443 ports. So either you change the config files (/etc/nginx/sites-enabled/) so both servers may listen to 80 or 443 just to different server_names, or you have to point the subdomain to another Port your server-config is running at.
that's how it is set up:
OMV: https://omv.domain.com:443
nginx proxy: https://calibre.domain.com:443 (but set up, that requests to http://calibre.domain.com:80 should be served from https://calibre.domain.com:443)
all the name based servers created with the "websites (nginx) " plugin are listening to 443, but don't seem to have the
listen [::]:80;
statement - isn't that neccessary to force SSL?
all the name based servers created with the "websites (nginx) " plugin are listening to 443, but don't seem to have the
listen [::]:80;
statement - isn't that neccessary to force SSL?
This is just the IPv6 version of
so not neccessary for SSL. For use with SSL there has to be a line like
Do you have SSH access to the server? Then please give us the content of all files in /etc/nginx/sites-enabled/ Then we might see, where the problem arises from
../openmediavault-webgui
server {
server_name openmediavault-webgui;
root /var/www/openmediavault;
index index.php;
autoindex off;
server_tokens off;
sendfile on;
large_client_header_buffers 4 32k;
client_max_body_size 25M;
error_log /var/log/nginx/openmediavault-webgui_error.log error;
access_log /var/log/nginx/openmediavault-webgui_access.log combined;
location /extjs/ {
alias /usr/share/javascript/extjs4/;
}
location /images/ {
alias /var/www/openmediavault/images/;
}
location ~ \.php$ {
try_files $uri = 404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm-openmediavault-webgui.sock;
fastcgi_index index.php;
fastcgi_read_timeout 60s;
include fastcgi_params;
}
listen [::]:80 default_server ipv6only=off;
listen [::]:443 default_server ipv6only=off ssl deferred;
ssl_certificate /etc/ssl/certs/openmediavault-8a8f2078-f1bc-4fa7-a344-108502e2225c.crt;
ssl_certificate_key /etc/ssl/private/openmediavault-8a8f2078-f1bc-4fa7-a344-108502e2225c.key;
include /etc/nginx/openmediavault-webgui.d/*.conf;
}example from ../openmediavault-nginx
server {
listen [::]:443 ssl;
ssl_certificate /etc/ssl/certs/openmediavault-8a8f2078-f1bc-4fa7-a344-108502e2225c.crt;
ssl_certificate_key /etc/ssl/private/openmediavault-8a8f2078-f1bc-4fa7-a344-108502e2225c.key;
server_name proxiedsite.domain.com;
index index.html;
access_log /var/log/nginx/6a9d3536-4ab8-4a3b-aed8-4387787873a9-access.log;
error_log /var/log/nginx/6a9d3536-4ab8-4a3b-aed8-4387787873a9-error.log;
large_client_header_buffers 4 8k;
location / {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}Ok, as you see, the main difference is the
vs.
So the nginx-server is listening only to ipv6. Try to add the following line to the extra options:
Then nginx should listen to ipv4 ssl port also for this server.
this prevents an nginx restart with
root# /etc/init.d/nginx restart
Restarting nginx: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] still could not bind()
nginx.the ../openmediavault-nginx after adding the line to the extra options looks like this:
server {
listen [::]:443 ssl;
ssl_certificate /etc/ssl/certs/openmediavault-8a8f2078-f1bc-4fa7-a344-108502e2225c.crt;
ssl_certificate_key /etc/ssl/private/openmediavault-8a8f2078-f1bc-4fa7-a344-108502e2225c.key;
server_name sub.domain.com;
index index.html;
access_log /var/log/nginx/6a9d3536-4ab8-4a3b-aed8-4387787873a9-access.log;
error_log /var/log/nginx/6a9d3536-4ab8-4a3b-aed8-4387787873a9-error.log;
large_client_header_buffers 4 8k;
location / {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;........
}
listen 443 ssl;
}The plugin is working as intended, but I should rename the "Force SSL" option to something like "Only SSL". The Nginx configuration for OMV on the other hand redirects all requests to https.
ok, just to clearify, is there a way to actually enforce ssl ina way, that whoever accesses http://sub.domain.com:80 gets redirected to https://sub.domain.com:443
Did some reading. We can accomplish this quite easiyly right now by haveing two domains with the same name, one listening on 443 (but not on 80), delivering the content and one listening on 80 (but not on 443) wth the opton
in the Extras option field.
Maybe you can implement an option for this?
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!