[rt-users] RT 3.8.11 with nginx+SSL

Gerard FENELON gerard at eve-team.com
Fri Mar 2 09:43:45 EST 2012 

Stab in the dark: have you changed $WebBaseURL ?
Gerard

On 2012-03-02 15:35, ktm at rice.edu wrote:
> Hi RT Community,
>
> I am trying to setup RT 3.8.11 to use nginx and FastCGI and
> an encrypted HTTPS connection instead of the unencrypted HTTP
> connection. I took a look at the RT-Extension-Nginx-0.02
> module but it only works with RT4, so I used it as a template
> and manually generated the following configuration files:
>
> fastcgi.include.conf:
> ----
> fastcgi_pass   unix:/etc/nginx/fcgi.sock;
> fastcgi_param  SCRIPT_NAME      "";
> fastcgi_param  PATH_INFO        $fastcgi_script_name;
> fastcgi_param  QUERY_STRING     $query_string;
> fastcgi_param  REQUEST_METHOD   $request_method;
> fastcgi_param  CONTENT_TYPE     $content_type;
> fastcgi_param  CONTENT_LENGTH   $content_length;
> fastcgi_param  REQUEST_URI      $request_uri;
> fastcgi_param  SERVER_PROTOCOL  $server_protocol;
> fastcgi_param  REMOTE_ADDR      $remote_addr;
> fastcgi_param  REMOTE_PORT      $remote_port;
> fastcgi_param  SERVER_ADDR      $server_addr;
> fastcgi_param  SERVER_PORT      $server_port;
> fastcgi_param  SERVER_NAME      $server_name;
> ----
>
> rt.server.conf
> ----
> server {
>      server_name  rt2.rice.edu;
>      listen       8443;
>      ssl          on;
>      ssl_certificate /etc/pki/tls/certs/help_rice_edu_all.cer;
>      ssl_certificate_key /etc/pki/tls/private/help_rice_edu.key;
>
>      root         /usr/site/rt/var/mason_data;
>
>      access_log /var/log/nginx/nginx.access.log;
>
>      gzip             on;
>      gzip_min_length  500;
>      gzip_proxied     any;
>      gzip_types
>          text/plain text/css
>          application/x-javascript application/javascript
>      ;
>      gzip_disable     "MSIE [1-6]\.";
>
>      location /NoAuth/images/ {
>          root /usr/site/rt;
>          try_files
>              local/html$uri
>              #<% join ' ', map "$_\$uri", map File::Spec->abs2rel($_, $RT::BasePath), RT->PluginDirs('html') %>
>              local/plugins/RT-Extension-CloneTicket-WithData/html$uri
>              local/plugins/RT-IR/html$uri
>              local/plugins/RT-Authen-ExternalAuth/html$uri
>              local/plugins/RT-Extension-MobileUI/html$uri
>              local/plugins/RTx-Calendar/html$uri
>              local/plugins/RTx-EmailCompletion/html$uri
>              local/plugins/RT-FM/html$uri
>              local/plugins/RT-Extension-ToggleSuperUser/html$uri
>              local/plugins/RT-Extension-SpawnLinkedTicketInQueue/html$uri
>              local/plugins/RT-Extension-SearchResults-XLS/html$uri
>              local/plugins/RTx-AssetTracker/html$uri
>              local/plugins/RT-Extension-SummaryByUser/html$uri
>              local/plugins/RT-Extension-MandatorySubject/html$uri
>              #<% join ' ', map "$_\$uri", map File::Spec->abs2rel($_, $RT::BasePath), RT->PluginDirs('html') %>
>              share/html$uri
>              @main
>          ;
>          expires 1M;
>      }
>      location /NoAuth/css/ {
>          root /var/opt/fcgi_storage;
>          gzip_comp_level 9;
>          expires 1M;
>          location ~ squished {
>              expires max;
>          }
>          error_page 404 = @fetch_and_store;
>      }
>      location /NoAuth/js/ {
>          root /var/opt/fcgi_storage;
>          gzip_comp_level 9;
>          expires 1M;
>          location ~ squished {
>              expires max;
>          }
>          error_page 404 = @fetch_and_store;
>      }
>      location /NoAuth/RichText/ {
>          root /var/opt/fcgi_storage;
>          gzip_comp_level 9;
>          error_page 404 = @fetch_and_store;
>          expires 1M;
>      }
>      location / {
>          include /etc/nginx/fcgi.include.conf;
>      }
>
>      location @main {
>          include /etc/nginx/fcgi.include.conf;
>      }
>      location @fetch_and_store {
>          include /etc/nginx/fcgi.include.conf;
>
>          root /var/opt/fcgi_storage;
>          fastcgi_store          on;
>          fastcgi_store_access   user:rw  group:rw  all:r;
>          fastcgi_temp_path      /var/opt/fcgi_temp;
>      }
> }
> ----
>
> nginx.conf:
> ----
> user  rt rt;
>
> pid         /var/run/nginx.pid;
> error_log   /var/log/nginx/nginx.error.log debug;
>
> worker_processes  1;
> events {
>      worker_connections  128;
> }
>
> http {
>      include /etc/nginx/mime.types;
>      include /etc/nginx/rt.server.conf;
> }
> ----
>
> It all works using normal HTTP on port 8080 without the ssl*
> options. When I add the ssl* options, the login screen comes
> up correctly, but after I login I get the following error:
>
> 400 Bad Request
> The plain HTTP request was sent to HTTPS port
>
> and the URL is http://rt2.rice.edu:8443 and not the https
> version. If I change the URL manually from http to https
> I have logged in. If I try to reply to a ticket, after I click
> update, it again goes to the http version of the URL and not
> the https version.
>
> Does anyone have any idea about what I am missing?
>
> Regards,
> Ken

More information about the rt-users mailing list