1 answer
- 10-1
ok, just solved - there was an interference with the settings from swag with included proxy.conf. Final nginx config looks like this and works:
server {
listen 443 ssl;
listen [::]:443 ssl;
# should listen to datawarehouse as well as dwh as subdomain
server_name joget-workflow.*;
root /opt/joget/apache-tomcat/webapps;
underscores_in_headers on;
include /config/nginx/ssl.conf;
# include /config/nginx/error-pages.conf;
client_max_body_size 0;
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
location / {
access_log /var/log/nginx/nginx-joget.log upstream_time;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Connection "upgrade";
# include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app joget;
set $upstream_port 9090;
set $upstream_proto http;
proxy_set_header X-XSRF-TOKEN $http_x_xsrf_token;
proxy_set_header x-xsrf-token $http_x_xsrf_token;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}Add your comment...
Hello,
I am using the default Joget docker installation as a docker-compose for testing purpose:
joget:
image: jogetworkflow/joget-community
restart: always
volumes:
- /var/lib/mysql
networks:
- infrastructure_default
Traffic is routed via a swag ssl docker container with reverse proxy. Configuration like this:
location / {
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
# Proxy Connection Settings
proxy_buffers 32 4k;
proxy_connect_timeout 240;
proxy_headers_hash_bucket_size 128;
proxy_headers_hash_max_size 1024;
proxy_http_version 1.1;
proxy_read_timeout 240;
proxy_redirect http:// $scheme://;
proxy_send_timeout 240;
# Proxy Cache and Cookie Settings
proxy_cache_bypass $cookie_session;
#proxy_cookie_path / "/; Secure"; # enable at your own risk, may break certain apps
proxy_no_cache $cookie_session;
# Proxy Header Settings
proxy_set_header Connection $connection_upgrade;
proxy_set_header Early-Data $ssl_early_data;
proxy_set_header Host $host;
proxy_set_header Proxy "";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Real-IP $remote_addr;
resolver 127.0.0.11 valid=30s;
proxy_pass http://joget:9090;
proxy_set_header X-XSRF-TOKEN $http_x_xsrf_token;
proxy_set_header x-xsrf-token $http_x_xsrf_token;
}
In general the application works but especially the preview does not work - it throws a 403 like this:
"POST /jw/web/fbuilder/app/insuranceManagementApp/1/form/insurancePropForm/preview/ HTTP/2.0" status=403
I can see other 403 in the logs as well - but the preview is not reachable at all.
Is it a problem of reverse proxy configuration?
Br
Thomas