Using CAS with Apache or Nginx with SSL

515 views
Skip to first unread message

Alexandre Arcanjo de Queiroz

unread,
Oct 17, 2016, 12:36:12 PM10/17/16
to CAS Community
Can I use CAS with this architecture?: A HTTP server with SSL certificate (like Nginx or Apache) acting as proxy of a  CAS deployed in a Web Container (like Jetty) without SSL certificate? The Services (using reverse proxy too) only communicate with CAS through HTTP Server.

Ray Bon

unread,
Oct 17, 2016, 12:44:12 PM10/17/16
to cas-...@apereo.org
That is exactly how I have my development environment configured. On one server: nginx with self signed cert and 3 tomcats (two CAS one test application(s)).

Ray


On 2016-10-17 09:36, Alexandre Arcanjo de Queiroz wrote:
Can I use CAS with this architecture?: A HTTP server with SSL certificate (like Nginx or Apache) acting as proxy of a  CAS deployed in a Web Container (like Jetty) without SSL certificate? The Services (using reverse proxy too) only communicate with CAS through HTTP Server.
--
CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
CAS documentation website: https://apereo.github.io/cas
CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e4ea7637-9f4b-4b9a-b6cd-619fdc7f0b91%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

-- 
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE C017 | rb...@uvic.ca

Brandon Martin

unread,
Oct 17, 2016, 1:26:22 PM10/17/16
to CAS Community, rb...@uvic.ca
Here's the nginx config I use:

server {

  listen 443 ssl;

  server_name login.domain.net;


  location = / {

        rewrite ^/(.*) https://login.domain.net/login;

  }


  location / {

    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";

    add_header 'Access-Control-Allow-Origin' '*';

    add_header 'Access-Control-Allow-Credentials' 'true';

    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';

    add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';


    dav_methods PUT DELETE;

    proxy_pass http://host-address:5540/; ##My CAS is running on a host inside a docker container, port 5540 would be mapped to http port 8080 to CAS.


    fastcgi_read_timeout 60000;

    fastcgi_send_timeout 60000;

    send_timeout 60000;

    proxy_read_timeout 60000;

    proxy_send_timeout 60000;

Reply all
Reply to author
Forward
0 new messages