Skip to first unread message
DecPie
Jun 12, 2016, 2:07:55 PM6/12/16
to dcm4che
Hi,
I try to configure a reverse proxy with nginx on a local server "A" (IP ; 192.168.1.8) open to internet to allow a secure connection by https to a local server "B" (IP : 192.168.1.7) where is installed dcm4chee 5.
I followed this tutorial : http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e403
And the configuration is :
- default.conf on server B (nginx)
server {
listen 80;
server_name 192.168.1.8;
return 301 https://$server_name$request_uri;
}
server{
listen 443 ssl;
ssl_certificate /etc/nginx/certificates/nginx.crt;
ssl_certificate_key /etc/nginx/certificates/nginx.key;
ssl on;
server_name 192.168.1.8;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port 443;
proxy_pass http://192.168.1.7:8080;
}
}
- configuration.xml on server B (keycloak)
<server name="default-server">
...
<http-listener name="default" socket-binding="http" proxy-address-forwarding="true" redirect-socket="proxy-https"/>
...
</server>
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
...
<socket-binding name="proxy-https" port="443"/>
...
</socket-binding-group>
When I try to log on dcm4chee, I can see the authentication page but when I press the button "Log In" with the adequate username and password, I have the response "Invalid username or password." (the connection by http directly to the server "B" with http://192.168.1.7:8080/dcm4chee-arc/ui works).
Has someone a solution to configure a reverse proxy to use https for dcm4chee 5 ?
Thanks
I try to configure a reverse proxy with nginx on a local server "A" (IP ; 192.168.1.8) open to internet to allow a secure connection by https to a local server "B" (IP : 192.168.1.7) where is installed dcm4chee 5.
I followed this tutorial : http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e403
And the configuration is :
- default.conf on server B (nginx)
server {
listen 80;
server_name 192.168.1.8;
return 301 https://$server_name$request_uri;
}
server{
listen 443 ssl;
ssl_certificate /etc/nginx/certificates/nginx.crt;
ssl_certificate_key /etc/nginx/certificates/nginx.key;
ssl on;
server_name 192.168.1.8;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port 443;
proxy_pass http://192.168.1.7:8080;
}
}
- configuration.xml on server B (keycloak)
<server name="default-server">
...
<http-listener name="default" socket-binding="http" proxy-address-forwarding="true" redirect-socket="proxy-https"/>
...
</server>
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
...
<socket-binding name="proxy-https" port="443"/>
...
</socket-binding-group>
When I try to log on dcm4chee, I can see the authentication page but when I press the button "Log In" with the adequate username and password, I have the response "Invalid username or password." (the connection by http directly to the server "B" with http://192.168.1.7:8080/dcm4chee-arc/ui works).
Has someone a solution to configure a reverse proxy to use https for dcm4chee 5 ?
Thanks
Rick Romero
Jun 13, 2016, 10:30:05 AM6/13/16
to dcm...@googlegroups.com
IMHO, Use the DNS names EVERYWHERE.
Create a Server {} for each DNS name you want to proxy - where the server_name = proxy_pass hostname (say web.corp.com) . Then in the /etc/hosts, set web.corp.com = 192.168.1.7
That way the fqdns don't have to be rewritten, and you don't need to try and figure out if the devs ignored fqdns or not.
Rick
--
You received this message because you are subscribed to the Google Groups "dcm4che" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dcm4che+u...@googlegroups.com.
To post to this group, send email to dcm...@googlegroups.com.
Visit this group at https://groups.google.com/group/dcm4che.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages