Welcome! Log In Create A New Profile

Advanced

Re: Internal application - Publish on nginx

December 03, 2021 11:34AM
Hi Francis,

Follow the curl -v

#######################

root@ubuntu-server:/home/agomes# curl -v https://x.x.x.x/app?stickyRedirectTest=key
* Trying x.x.x.x:443...
* Connected to x.x.x.x (x.x.x.x) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CN=*.x.x.x.x.com
* start date: Mar 31 00:00:00 2021 GMT
* expire date: Mar 31 23:59:59 2022 GMT
* subjectAltName: host "x.x.x.x.com" matched cert's "*.x.x.x.x.com"
* issuer: x.x.x.x
* SSL certificate verify ok.
> GET /app?stickyRedirectTest=key HTTP/1.1
> Host: x.x.x.x.com
> User-Agent: curl/7.74.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Mark bundle as not supporting multiuse
< HTTP/1.1 302
< Server: nginx
< Date: Fri, 03 Dec 2021 16:19:30 GMT
< Content-Length: 0
< Location: https://x.x.x.x/app
< Connection: keep-alive
< Vary: Accept-Encoding
< Set-Cookie: JSESSIONID=AAB544EAB8D7EB2ADBC1A6586A8488C0; Path=/pwm; Secure; HttpOnly; SameSite=Strict
< X-PWM-SessionID: bD04y
< Content-Language: en
< X-PWM-Noise: vhz2n6pAC3u4HK4iUMn9rckjReGEH
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1
< X-PWM-Instance: 7D0720A46A762638
< X-Frame-Options: DENY
< X-PWM-Amb: if its broke, it's krowten's fault
< Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate
< Content-Security-Policy: default-src 'self'; object-src 'none'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src https://www.recaptcha.net/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ 'self' 'unsafe-eval' 'nonce-S4MPinwLctwCgOvE3YkfzXDu5ieb6yCh'; frame-src https://www.recaptcha.net/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ ; report-uri /pwm/public/api?processAction=cspReport
< Set-Cookie: ID=1NB7WIPZ99tarLf4xpYH6OdYOVV8mbjpkwqy9utk; Path=/pwm/; Secure; HttpOnly; SameSite=Strict
< Set-Cookie: SESSION=H4sIAAAAAAAAAAHLADT_UFdNLkdDTTEQoiWD0ScsDFgNWID788sURuVmAvS5EFkHh6_Z_SUXKTh_OPP34r6bZ2qCbzkXniGokm0POG_z-xEnuaILx79beMlnrLdzSslwzEIleeZG3Ld4XCtX-GdampE4X-jSo1EnDSvIwg2okbpn32JF-9mpJ-Mor-tpWmEe3eW3-deUeJ2VuPX_EbLdXmKjDpzlhWxknh3nVitS9jtqV4v4PRspwJ5PnKBmoeOdNVnoi3-hblN5gBpNyP0lLQV5DsQ85N9FodJW45e2ywAAAA%3D%3D; Path=/pwm/; Secure; HttpOnly; SameSite=Strict
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< Referrer-Policy: no-referrer-when-downgrade
< Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
< Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
<
* Connection #0 to host c360-lab.isecurityconsulting.com left intact

##################

When I try to use proxy_cookie_path ~^/pwm.* /app; in the location. (see below)

location /app {
proxy_pass https://resetpass/pwm/public/forgottenpasswordapp;
#rewrite ^/(.*)/pwm/public$ /$1 break;
proxy_redirect /pwm/public/forgottenpasswordapp /app;
#proxy_set_header Host $host;
proxy_cookie_path ~^/pwm.* /app;
}

I've got some stranges carachteres on the web page.

And in the deve tools in the browser, internally I have a lot of connections to the uri https://x.x.x.x:8443/pwm/public/resources

I think that I need to appoint this path in somewhere in the nginx config.
Subject Author Posted

Internal application - Publish on nginx

agomes December 03, 2021 07:37AM

Re: Internal application - Publish on nginx

Francis Daly December 03, 2021 08:36AM

Re: Internal application - Publish on nginx

agomes December 03, 2021 09:02AM

Re: Internal application - Publish on nginx

Francis Daly December 03, 2021 09:36AM

Re: Internal application - Publish on nginx

agomes December 03, 2021 10:05AM

Re: Internal application - Publish on nginx

Francis Daly December 03, 2021 11:02AM

Re: Internal application - Publish on nginx

agomes December 03, 2021 11:34AM

Re: Internal application - Publish on nginx

agomes December 03, 2021 12:57PM

Re: Internal application - Publish on nginx

Francis Daly December 04, 2021 03:58AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 111
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready