Welcome! Log In Create A New Profile

Advanced

Fwd: Problem with CAS on nginx configuration

Posted by carlos maddaleno cuellar 
carlos maddaleno cuellar
Fwd: Problem with CAS on nginx configuration
November 28, 2017 04:50PM
Hello!

I wanted to know if some one could help me with a problem i have with my
CAS, the problem is that i have a nginx that is responding to three
diferent servers as a proxy, the thing is that i put the cas on one
instance (server) but when it loads on

siampapps(nginx)

https://siamppapps.mp/cas it shows that is not navigating on a secure port
as you can see

[image: Imágenes integradas 2]



but when i try directly on the ip of the server and the port it doesn't
show any error

[image: Imágenes integradas 1]


this is my nginx configuration:

------------------------------------------------------------
---------------------------------------------------------

upstream nomina {
server siampv4.mp:28080;
}

upstream siampv3.mp {
server siampv3.mp:28083;
}

upstream siampv5.mp {
server siampv5.mp:28080;
}




server {
listen 443;
client_max_body_size 8M;
ssl on;
ssl_certificate /etc/nginx/siampapps.mp.crt; # path to your
cacert.pem
ssl_certificate_key /etc/nginx/siampapps.mp.key; # path to your
privkey.pem
server_name test.mp;
# ......
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
#location / {
# root /usr/share/nginx/html;
# index index.html index.htm;
# }



location /nomina {
proxy_pass http://nomina;
}

location / {
proxy_pass http://siampv3.mp;
}

location /mailer {
proxy_pass http://siampv5.mp;
}

location /cas {

proxy_pass http://siampv5.mp;
}


}

thanks a lot!!
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Attachments:
open | download - image.png (70.4 KB)
open | download - image.png (65.7 KB)
Jason Whittington
RE: [IE] Fwd: Problem with CAS on nginx configuration
November 29, 2017 12:00AM
It looks to me like the problem is that siampapps.mp.crt is a weak certificate. F12 tools in google show that it uses SHA-1 which is obsolete. You should be able to fix this by generating a new cert using a more secure algorithm.

[cid:[email protected]]

From: nginx [mailto:[email protected]] On Behalf Of carlos maddaleno cuellar
Sent: Tuesday, November 28, 2017 9:45 AM
To: nginx@nginx.org
Subject: [IE] Fwd: Problem with CAS on nginx configuration


Hello!

I wanted to know if some one could help me with a problem i have with my CAS, the problem is that i have a nginx that is responding to three diferent servers as a proxy, the thing is that i put the cas on one instance (server) but when it loads on

siampapps(nginx)

https://siamppapps.mp/cas it shows that is not navigating on a secure port as you can see

[Imágenes integradas 2]



but when i try directly on the ip of the server and the port it doesn't show any error

[Imágenes integradas 1]


this is my nginx configuration:

---------------------------------------------------------------------------------------------------------------------

upstream nomina {
server siampv4.mp:28080http://siampv4.mp:28080;
}

upstream siampv3.mphttp://siampv3.mp {
server siampv3.mp:28083http://siampv3.mp:28083;
}

upstream siampv5.mphttp://siampv5.mp {
server siampv5.mp:28080http://siampv5.mp:28080;
}




server {
listen 443;
client_max_body_size 8M;
ssl on;
ssl_certificate /etc/nginx/siampapps.mp.crt; # path to your cacert.pem
ssl_certificate_key /etc/nginx/siampapps.mp.key; # path to your privkey.pem
server_name test.mphttp://test.mp;
# ......
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
#location / {
# root /usr/share/nginx/html;
# index index.html index.htm;
# }



location /nomina {
proxy_pass http://nomina;
}

location / {
proxy_pass http://siampv3.mp;
}

location /mailer {
proxy_pass http://siampv5.mp;
}

location /cas {

proxy_pass http://siampv5.mp;
}


}

thanks a lot!!


This message contains proprietary information from Equifax which may be confidential. If you are not an intended recipient, please refrain from any disclosure, copying, distribution or use of this information and note that such actions are prohibited. If you have received this transmission in error, please notify by e-mail postmaster@equifax.com. Equifax® is a registered trademark of Equifax Inc. All rights reserved.
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Attachments:
open | download - image005.jpg (23.5 KB)
open | download - image006.png (49.5 KB)
open | download - image007.png (41.1 KB)
Sorry, only registered users may post in this forum.

Click here to login