ebsr_paramedic
Visitor.
157 views

Configuring Reverse Proxy Nginx for Webaccess

Hi Everyone.

We are attempting to use NGINX as a reverse proxy for WebAccess. We are having some trouble where the body of the email messages are not appearing.

Here is ours for review:

#############################################################################

#####################################################
# webaccess  (60) **80
#####################################################

server {
listen 80;
listen [::]:80;
server_name webaccess.sub.org;
return 301 https://$server_name;
location / {
proxy_pass https://192.168.1.60;
proxy_set_header host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
#try_files $uri $uri/ /index.php?q=$uri&$args;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}

#####################################################
# webaccess.sub.org;(60)**443
#####################################################

server {
listen 443 ssl;
server_name webaccess.sub.org;

ssl_protocols TLSv1.2;
#ssl_protocols TLSv1.3
ssl_prefer_server_ciphers on;
#ssl_dhparam /etc/nginx/dhparam.pem; # openssl dhparam -out /etc/nginx/dhparam.pem 4096
ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
#ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
#ssl_session_timeout 24h;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
#resolver $DNS-IP-1 $DNS-IP-2 valid=300s; #new item
resolver_timeout 5s; #new item
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; #new item
add_header X-Frame-Options DENY; #new item
add_header X-Content-Type-Options nosniff; #new item
add_header X-XSS-Protection "1; mode=block"; #new item
keepalive_timeout 300s;

ssl_certificate /etc/letsencrypt/live/webaccess.sub.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/webaccess.sub.org/privkey.pem;

charset utf-8;

location / {
include proxy_params;
proxy_pass https://192.168.1.60;
#proxy_redirect on;

# Handle Web Socket connections
proxy_http_version 1.1;
#proxy_cache_bypass $http_upgrade; ####new

}
############################################################}

 

Has anyone else had a problem with nginx reverse proxy fronting  webaccess?

Does my server block pass muster?

Thanks in advance.

 

 

  

Labels (1)
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.