nginx (letsencrypt), tomcat9 integration

[Jacob Fosso Tande]

Hi folks,

I have been looking through the archive to see if anyone has the latest recipe

for nginx (ssl), tomcat9 integration with xnat. I was able to get just the nginx 

non secure integration to work but fell short with the secured integration 

(I may have screwed something up, and can't figure it out).

I would also appreciate if anyone will share recipe of nginx and letsencrypt integeration.

I appreciate your help

[Herrick, Rick]

From the XNAT point of view, there’s no difference between nginx with SSL and without: in both cases the request comes from the proxy to port 8080 (presuming you haven’t changed the default port on Tomcat). I’ve attached two different nginx configurations:

 

• nginx-vm.ssl is the configuration from my Vagrant VM that uses an SSL certificate issued by a self-created certificate authority (XNAT Vagrant generates these when the protocol specified in the YAML configuration is set to https)
• nginx-dev.ssl is a configuration from my dev server that uses Let’s Encrypt-generated wildcard certificates to provide the front-end proxy for various services running in Docker containers.

 

I can’t really help you with getting Let’s Encrypt itself set up. I previously managed Let’s Encrypt-issued certs using certbot, but switched to using acme.sh because it’s the only solution I could get working that supports issuing wildcard certificates for my DNS provider. I never had any real trouble getting certbot to work so if you can use that to manage your certificates I think that would help.

 

-- 

Rick Herrick

XNAT Architect/Developer

Computational Imaging Laboratory

Washington University School of Medicine

 

 

From: 'Jacob Fosso Tande' via xnat_discussion <xnat_di...@googlegroups.com>
Date: Friday, November 19, 2021 at 3:47 PM
To: xnat_discussion <xnat_di...@googlegroups.com>
Subject: [XNAT Discussion] nginx (letsencrypt), tomcat9 integration

* External Email - Caution *

--
You received this message because you are subscribed to the Google Groups "xnat_discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to xnat_discussi...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/xnat_discussion/4dbe3808-70c9-4d21-b77c-e2101214a9b1n%40googlegroups.com.

 

---

The materials in this message are private and may contain Protected Healthcare Information or other information of a sensitive nature. If you are not the intended recipient, be advised that any unauthorized use, disclosure, copying or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error, please immediately notify the sender via telephone or return mail.