Welcome! Log In Create A New Profile

Advanced

Unable to redirect portal, can someone please help

December 22, 2022 02:41AM
Hi Team,

Here is the some weird issue I am facing and I really appreciate if someone can help?
I have portal test.example.com which is currently being accessed as https://test.example.com:44300/sap/bc/ui2/flp

I need to put this behind Nginx reverse proxy however I want user to access only
http://test.example.com --> It will be redirected to https://test.example.com//sap/bc/ui2/flp

This works fine however after logging in the pages are accessed as

xx.xx.xx.xx - - [22/Dec/2022:12:56:10 +0530] "GET /sap/public/bc/uics/whitelist/ClickjackingFramingProtection.js HTTP/2.0" 200 3553 "https://test.example.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"
xx.xx.xx.xx - - [22/Dec/2022:12:56:10 +0530] "GET /sap/public/bc/ui2/logon/themes/sap_belize/library.css HTTP/2.0" 200 1602 "https://test.example.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"
xx.xx.xx.xx - - [22/Dec/2022:12:56:10 +0530] "GET /sap/public/bc/ui2/logon/fiori3/js/login.js HTTP/2.0" 200 8713 "https://test.example.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"
xx.xx.xx.xx - - [22/Dec/2022:12:56:11 +0530] "GET /sap/public/bc/ui2/logon/img/sap_logo.png HTTP/2.0" 200 10105 "https://test.example.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"


Hence My stanza is like this

server {
listen 80 ;
server_name test.example.com;
modsecurity on;
modsecurity_rules_file /etc/nginx/modsec/main.conf;
# return 301 https://test.example.com/sap/bc/ui2/flp$request_uri;
# return 301 https://$server_name$request_uri;
error_page 404 403 /custom_404.html;
access_log /var/log/nginx/fiori/access.log;
error_log /var/log/nginx/fiori/error.log;
location / {
if ($request_method !~ GET|HEAD|POST) {
return 403;
break;
}
client_max_body_size 10m;
client_body_buffer_size 128k;
allow all;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_connect_timeout 30s;
proxy_pass https://test1.example.com:44300;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

##### fiori HTTPS starts
server {
listen 443 ssl;
server_name test.example.com;
modsecurity on;
modsecurity_rules_file /etc/nginx/modsec/main.conf;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_certificate /etc/nginx/certs/test/nrb.crt;
ssl_certificate_key /etc/nginx/certs/test/nrb2.key;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE
-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA
384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES
-CBC3-SHA:AES128-GCM-SHA256:AES56-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_dhparam /etc/ssl/dhparams2048.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
ssl_session_timeout 1d;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
keepalive_timeout 70;
resolver 1.1.1.1 valid=300s;
access_log /var/log/nginx/fiori/access.log;
error_log /var/log/nginx/fiori/error.log;
location ^~ /sap/public {
proxy_pass https://test1.example.com:44300/sap/public;
}
location /sap/bc/ui2/flp {
client_max_body_size 700m;
client_body_buffer_size 128k;
proxy_send_timeout 90;
proxy_http_version 1.1;
proxy_read_timeout 90;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_connect_timeout 30s;
# proxy_pass https://test1.example.com:44300/sap/bc/ui2/flp/;
proxy_pass https://test1.example.com:44300/;
proxy_ssl_server_name on;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy "no-referrer-when-downgrade";
add_header X-Frame-Options "SAMEORIGIN" always;
}
}
Subject Author Posted

Unable to redirect portal, can someone please help

blason December 22, 2022 02:41AM

Re: Unable to redirect portal, can someone please help

blason December 22, 2022 08:05AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 157
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready