[rt-users] RT 3.8.11 with nginx+SSL

ktm at rice.edu ktm at rice.edu
Fri Mar 2 09:35:52 EST 2012


Hi RT Community,

I am trying to setup RT 3.8.11 to use nginx and FastCGI and
an encrypted HTTPS connection instead of the unencrypted HTTP
connection. I took a look at the RT-Extension-Nginx-0.02
module but it only works with RT4, so I used it as a template
and manually generated the following configuration files:

fastcgi.include.conf:
----
fastcgi_pass   unix:/etc/nginx/fcgi.sock;
fastcgi_param  SCRIPT_NAME      "";
fastcgi_param  PATH_INFO        $fastcgi_script_name;
fastcgi_param  QUERY_STRING     $query_string;
fastcgi_param  REQUEST_METHOD   $request_method;
fastcgi_param  CONTENT_TYPE     $content_type;
fastcgi_param  CONTENT_LENGTH   $content_length;
fastcgi_param  REQUEST_URI      $request_uri;
fastcgi_param  SERVER_PROTOCOL  $server_protocol;
fastcgi_param  REMOTE_ADDR      $remote_addr;
fastcgi_param  REMOTE_PORT      $remote_port;
fastcgi_param  SERVER_ADDR      $server_addr;
fastcgi_param  SERVER_PORT      $server_port;
fastcgi_param  SERVER_NAME      $server_name;
----

rt.server.conf
----
server {
    server_name  rt2.rice.edu;
    listen       8443;
    ssl          on;
    ssl_certificate /etc/pki/tls/certs/help_rice_edu_all.cer;
    ssl_certificate_key /etc/pki/tls/private/help_rice_edu.key;

    root         /usr/site/rt/var/mason_data;

    access_log /var/log/nginx/nginx.access.log;

    gzip             on;
    gzip_min_length  500;
    gzip_proxied     any;
    gzip_types
        text/plain text/css
        application/x-javascript application/javascript
    ;
    gzip_disable     "MSIE [1-6]\.";

    location /NoAuth/images/ {
        root /usr/site/rt;
        try_files
            local/html$uri
            #<% join ' ', map "$_\$uri", map File::Spec->abs2rel($_, $RT::BasePath), RT->PluginDirs('html') %>
            local/plugins/RT-Extension-CloneTicket-WithData/html$uri
            local/plugins/RT-IR/html$uri
            local/plugins/RT-Authen-ExternalAuth/html$uri
            local/plugins/RT-Extension-MobileUI/html$uri
            local/plugins/RTx-Calendar/html$uri
            local/plugins/RTx-EmailCompletion/html$uri
            local/plugins/RT-FM/html$uri
            local/plugins/RT-Extension-ToggleSuperUser/html$uri
            local/plugins/RT-Extension-SpawnLinkedTicketInQueue/html$uri
            local/plugins/RT-Extension-SearchResults-XLS/html$uri
            local/plugins/RTx-AssetTracker/html$uri
            local/plugins/RT-Extension-SummaryByUser/html$uri
            local/plugins/RT-Extension-MandatorySubject/html$uri
            #<% join ' ', map "$_\$uri", map File::Spec->abs2rel($_, $RT::BasePath), RT->PluginDirs('html') %>
            share/html$uri
            @main
        ;
        expires 1M;
    }
    location /NoAuth/css/ {
        root /var/opt/fcgi_storage;
        gzip_comp_level 9;
        expires 1M;
        location ~ squished {
            expires max;
        }
        error_page 404 = @fetch_and_store;
    }
    location /NoAuth/js/ {
        root /var/opt/fcgi_storage;
        gzip_comp_level 9;
        expires 1M;
        location ~ squished {
            expires max;
        }
        error_page 404 = @fetch_and_store;
    }
    location /NoAuth/RichText/ {
        root /var/opt/fcgi_storage;
        gzip_comp_level 9;
        error_page 404 = @fetch_and_store;
        expires 1M;
    }
    location / {
        include /etc/nginx/fcgi.include.conf;
    }

    location @main {
        include /etc/nginx/fcgi.include.conf;
    }
    location @fetch_and_store {
        include /etc/nginx/fcgi.include.conf;

        root /var/opt/fcgi_storage;
        fastcgi_store          on;
        fastcgi_store_access   user:rw  group:rw  all:r;
        fastcgi_temp_path      /var/opt/fcgi_temp;
    }
}
----

nginx.conf:
----
user  rt rt;

pid         /var/run/nginx.pid;
error_log   /var/log/nginx/nginx.error.log debug;

worker_processes  1;
events {
    worker_connections  128;
}

http {
    include /etc/nginx/mime.types;
    include /etc/nginx/rt.server.conf;
}
----

It all works using normal HTTP on port 8080 without the ssl*
options. When I add the ssl* options, the login screen comes
up correctly, but after I login I get the following error:

400 Bad Request
The plain HTTP request was sent to HTTPS port

and the URL is http://rt2.rice.edu:8443 and not the https
version. If I change the URL manually from http to https
I have logged in. If I try to reply to a ticket, after I click
update, it again goes to the http version of the URL and not
the https version.

Does anyone have any idea about what I am missing?

Regards,
Ken






More information about the rt-users mailing list