Configuring schedulix web with HTTPS extensions

[Juraj Bocinec]

Greetings,

we've installed schedulix 2.9 from Centos RPM and according to documentation setup the schedulix web. Now we would like to setup HTTPS according to the installation manual on page 25. I'm stuck with step 3 - patch zope installation, the mentioned script isn't in the location so i found another one and tried to run it but it seems i'm missing some files or packages maybe? Did anyone come across similar issue already? Thanks for info.

[schedulix@lv421093 ~]$ $BICSUITEHOME/zope/https/patch.sh

-bash: /opt/schedulix/schedulix/zope/https/patch.sh: No such file or directory

[schedulix@lv421093 ~]$ find . -name patch.sh

./schedulix-2.9/zope/patch.sh

[schedulix@lv421093 ~]$ /opt/schedulix/schedulix/zope/patch.sh

ls: cannot access Zope2-*-py2.7.egg: No such file or directory

diff: /opt/schedulix/schedulix/zope/https/chk/component.xml: No such file or directory

diff: /home/schedulix/ZServer/component.xml: No such file or directory

diff: /opt/schedulix/schedulix/zope/https/patch/component.xml: No such file or directory

diff: /home/schedulix/ZServer/component.xml: No such file or directory

/opt/schedulix/schedulix/zope/https/chk/component.xml does not match /home/schedulix/ZServer/component.xml !

cannot patch

[Juraj Bocinec]

Hello all, for now we have circumvented this by creating nginx proxy that listens on HTTPS and sends requests to the HTTP:8080 port.

[Ronald Jeninga]

Hi Juraj,

sorry for the late response.

In fact I was going to suggest to use Apache or alike, as you now did.

That method is far easier than the Zope patching. The latter is also very dependent of the actual Zope release you're using.

Maybe you'd like to share the steps to setup the nginx proxy for use with schedulix?

(If not, no bad feelings).

Best regards,

Ronald 

[Juraj Bocinec]

Greetings, i followed general steps i found to set up nginx as reverse proxy, here's my actual steps for RHEL 7.6:

1. install nginx:

yum install nginx

2. generate certificate, for our internal usage it's sufficient to have self-signed certificates but if you use it over the internet you might consider some certification authority:

cd /etc/nginx

openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/nginx/cert.key -out /etc/nginx/cert.crt

3. configure SSL reverse proxy in nginx.conf, i commented out settings for server on port 80 and created this section for port 443. There are some proxy_set_header settings which im still trying to figure out how to set because with current settings i have to type in login information 2 times, one time when i head to the main HTTPS address and second time when i launch the Schedulix interface. However this doesn't happen everytime, sometimes the login prompt appears only once, so consider the proxy settings as "work in progress":

# Settings for a TLS enabled server.

    server {

        listen       443 ssl http2 default_server;

        listen       [::]:443 ssl http2 default_server;

        server_name  lv421093.aci1.rwegroup.cz;

        root         /usr/share/nginx/html;

        ssl_certificate "/etc/nginx/cert.crt";

        ssl_certificate_key "/etc/nginx/cert.key";

        ssl on;

        ssl_session_cache shared:SSL:1m;

        ssl_session_timeout  10m;

        ssl_ciphers HIGH:!aNULL:!MD5;

        ssl_prefer_server_ciphers on;

        # Load configuration files for the default server block.

        include /etc/nginx/default.d/*.conf;

        access_log      /var/log/nginx/ssl-access.log;

        location / {

#           proxy_set_header    Host $host;

#           proxy_set_header    X-Real-IP $remote_addr;

#           proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;

#           proxy_set_header    X-Forwarded-Proto $scheme;

            proxy_set_header    Accept-Encoding "";

            # Fix the “It appears that your reverse proxy set up is broken" error.

            proxy_pass          http://lv421093.aci1.rwegroup.cz:8080/SDMS/;

            proxy_read_timeout  90;

            proxy_redirect      http://lv421093.aci1.rwegroup.cz:8080/SDMS/ https://lv421093.aci1.rwegroup.cz;

        }

        error_page 404 /404.html;

            location = /40x.html {

        }

        error_page 500 502 503 504 /50x.html;

            location = /50x.html {

        }

    }

}

4. after just start nginx, if no errors are in configuration file, the service should be up:

systemctl start nginx

[Dieter Stubler]

Hi Juraj,

thank you very much for sharing this with our community!

Regards
Dieter