[rt-users] RT 3.8.11 with nginx+SSL
ktm at rice.edu
ktm at rice.edu
Fri Mar 2 09:35:52 EST 2012
Hi RT Community,
I am trying to setup RT 3.8.11 to use nginx and FastCGI and
an encrypted HTTPS connection instead of the unencrypted HTTP
connection. I took a look at the RT-Extension-Nginx-0.02
module but it only works with RT4, so I used it as a template
and manually generated the following configuration files:
fastcgi.include.conf:
----
fastcgi_pass unix:/etc/nginx/fcgi.sock;
fastcgi_param SCRIPT_NAME "";
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
----
rt.server.conf
----
server {
server_name rt2.rice.edu;
listen 8443;
ssl on;
ssl_certificate /etc/pki/tls/certs/help_rice_edu_all.cer;
ssl_certificate_key /etc/pki/tls/private/help_rice_edu.key;
root /usr/site/rt/var/mason_data;
access_log /var/log/nginx/nginx.access.log;
gzip on;
gzip_min_length 500;
gzip_proxied any;
gzip_types
text/plain text/css
application/x-javascript application/javascript
;
gzip_disable "MSIE [1-6]\.";
location /NoAuth/images/ {
root /usr/site/rt;
try_files
local/html$uri
#<% join ' ', map "$_\$uri", map File::Spec->abs2rel($_, $RT::BasePath), RT->PluginDirs('html') %>
local/plugins/RT-Extension-CloneTicket-WithData/html$uri
local/plugins/RT-IR/html$uri
local/plugins/RT-Authen-ExternalAuth/html$uri
local/plugins/RT-Extension-MobileUI/html$uri
local/plugins/RTx-Calendar/html$uri
local/plugins/RTx-EmailCompletion/html$uri
local/plugins/RT-FM/html$uri
local/plugins/RT-Extension-ToggleSuperUser/html$uri
local/plugins/RT-Extension-SpawnLinkedTicketInQueue/html$uri
local/plugins/RT-Extension-SearchResults-XLS/html$uri
local/plugins/RTx-AssetTracker/html$uri
local/plugins/RT-Extension-SummaryByUser/html$uri
local/plugins/RT-Extension-MandatorySubject/html$uri
#<% join ' ', map "$_\$uri", map File::Spec->abs2rel($_, $RT::BasePath), RT->PluginDirs('html') %>
share/html$uri
@main
;
expires 1M;
}
location /NoAuth/css/ {
root /var/opt/fcgi_storage;
gzip_comp_level 9;
expires 1M;
location ~ squished {
expires max;
}
error_page 404 = @fetch_and_store;
}
location /NoAuth/js/ {
root /var/opt/fcgi_storage;
gzip_comp_level 9;
expires 1M;
location ~ squished {
expires max;
}
error_page 404 = @fetch_and_store;
}
location /NoAuth/RichText/ {
root /var/opt/fcgi_storage;
gzip_comp_level 9;
error_page 404 = @fetch_and_store;
expires 1M;
}
location / {
include /etc/nginx/fcgi.include.conf;
}
location @main {
include /etc/nginx/fcgi.include.conf;
}
location @fetch_and_store {
include /etc/nginx/fcgi.include.conf;
root /var/opt/fcgi_storage;
fastcgi_store on;
fastcgi_store_access user:rw group:rw all:r;
fastcgi_temp_path /var/opt/fcgi_temp;
}
}
----
nginx.conf:
----
user rt rt;
pid /var/run/nginx.pid;
error_log /var/log/nginx/nginx.error.log debug;
worker_processes 1;
events {
worker_connections 128;
}
http {
include /etc/nginx/mime.types;
include /etc/nginx/rt.server.conf;
}
----
It all works using normal HTTP on port 8080 without the ssl*
options. When I add the ssl* options, the login screen comes
up correctly, but after I login I get the following error:
400 Bad Request
The plain HTTP request was sent to HTTPS port
and the URL is http://rt2.rice.edu:8443 and not the https
version. If I change the URL manually from http to https
I have logged in. If I try to reply to a ticket, after I click
update, it again goes to the http version of the URL and not
the https version.
Does anyone have any idea about what I am missing?
Regards,
Ken
More information about the rt-users
mailing list