Help

JSS behind Nginx reverse proxy

OxymaIT
New Contributor

Posted on β€Ž04-04-2016 05:26 AM

We have a Nginx reverse proxy with ssl offloading configured on a seperate host then the jss server with the following configuration:

server {
        listen                  443 ssl;
        server_name             [domain];

        access_log              /var/log/nginx/[domain]/access.log;
        error_log               /var/log/nginx/[domain]/error.log;

        ssl_certificate         /etc/ssl/[domain]/fullchain.pem;
        ssl_certificate_key     /etc/ssl/[domain]/privkey.pem;

        add_header X-Frame-Options "SAMEORIGIN";
        client_max_body_size    128M;

        location / {
                allow [trusted ip];
                deny all;

                proxy_set_header        Host $host;
                proxy_set_header        X-Real-IP $remote_addr;
                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header        X-Forwarded-Proto $scheme;

                proxy_pass              http://10.30.11.131:8080;
                proxy_connect_timeout       600;
                proxy_send_timeout          600;
                proxy_read_timeout          600;
                send_timeout                600;
                proxy_redirect          http://10.30.11.131:8080 https://[domain];
        }
}

we can connect to the jss server with our browser, login and configure. However when we are trying to connect with the casper admin on mac osx we get a "Connection error while connecting to. .." The traffic seems to stop at the nginx server. The strange part is, starting "Recon" it will connect to the server.. Anybody familiar with this issue ??

0 Kudos
2 REPLIES 2

davidacland
Honored Contributor II
Honored Contributor II

Posted on β€Ž04-04-2016 08:29 AM

We've had similar symptoms before but as we're an MSP, it's normally out of our control to edit the proxy config. It's not that often that we're using Casper Admin these days though. We either use JDSes and upload content via the web interface, or drop the packages directly into the file share DP and create the package in the web interface.

When we have a lot of packages to add to a file share DP, we use a script to loop through all packages and create them all in the JSS using the API.

Ignoring the issue really but hopefully one of these options will keep you up and running while you're looking at the problem.

0 Kudos

RaulSantos
Contributor

Posted on β€Ž08-24-2016 10:39 AM

@davidacland would you be willing to share that script ?

0 Kudos
Jamf helps organizations succeed with Apple. By enabling IT to empower end users, we bring the legendary Apple experience to businesses, education and government organizations. Learn about Jamf.