JSS behind Nginx reverse proxy

OxymaIT
New Contributor

We have a Nginx reverse proxy with ssl offloading configured on a seperate host then the jss server with the following configuration:

server {
        listen                  443 ssl;
        server_name             [domain];

        access_log              /var/log/nginx/[domain]/access.log;
        error_log               /var/log/nginx/[domain]/error.log;

        ssl_certificate         /etc/ssl/[domain]/fullchain.pem;
        ssl_certificate_key     /etc/ssl/[domain]/privkey.pem;

        add_header X-Frame-Options "SAMEORIGIN";
        client_max_body_size    128M;

        location / {
                allow [trusted ip];
                deny all;

                proxy_set_header        Host $host;
                proxy_set_header        X-Real-IP $remote_addr;
                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header        X-Forwarded-Proto $scheme;

                proxy_pass              http://10.30.11.131:8080;
                proxy_connect_timeout       600;
                proxy_send_timeout          600;
                proxy_read_timeout          600;
                send_timeout                600;
                proxy_redirect          http://10.30.11.131:8080 https://[domain];
        }
}

we can connect to the jss server with our browser, login and configure. However when we are trying to connect with the casper admin on mac osx we get a "Connection error while connecting to. .." The traffic seems to stop at the nginx server. The strange part is, starting "Recon" it will connect to the server.. Anybody familiar with this issue ??

2 REPLIES 2

davidacland
Honored Contributor II
Honored Contributor II

We've had similar symptoms before but as we're an MSP, it's normally out of our control to edit the proxy config. It's not that often that we're using Casper Admin these days though. We either use JDSes and upload content via the web interface, or drop the packages directly into the file share DP and create the package in the web interface.

When we have a lot of packages to add to a file share DP, we use a script to loop through all packages and create them all in the JSS using the API.

Ignoring the issue really but hopefully one of these options will keep you up and running while you're looking at the problem.

RaulSantos
Contributor

@davidacland would you be willing to share that script ?