phpipam
phpipam copied to clipboard
phpipam
nginx redirect - centos7
Hello,
I am currently trying to add to nginx configuration, redirect from http to https for phpipam, with no luck. I have tried every combination of configurations that were posted here for it without any luck.
My portal is running on port 82, defined in httpd w/o any issues, with the path found in /var/www/phpipam . When I try to redirect to https://ip/phpipam from http://ip:82 it fails
location /phpipam { proxy_pass http://ip:82; }
Any advices ?
Hey there,
Might I ask, just for clarification, you want clients who visit http://ip:82 automatically redirect to https://ip/phpipam ?
There are few problems with your current setup:
- What do you think will happen when you proxy_pass to a site that automatically redirects? Wouldn't that end in redirect loop?
- Why path /phpipam? You have other services running on port 443?
Ideally, it would be more helpful to simply post you entire Nginx configuration, though I maybe wrong here as I'm not aware of PHPipam policy regarding Github issues.
Cheers
Hi,
Exactly, how you described it. On the same server, where the phpipam is installed and configured, I have several applications running on different ports and I use nginx for redirection to https ( e.g. https://IP/app = http://ip:81 and so on )
In nginx.conf I only have
location /phpipam/ { proxy_pass http://IP:82; }
In config.php from phpipam I have define('BASE', "/");
If I access https://IP/phpipam/ it just redirect me to https://IP/login . After I change the BASE to /phpipam/ I get ERR_TOO_MANY_REDIRECTS but with the URL correct, https://IP/phpipam/login ,
This post is likely to not answer your question directly:
- Why not use domains instead of IP addresses and fall back to TLS SNI?
- HTTPS doesn't implicitly needs to be on port 443?
Nevertheless, when Nginx proxies the connection to port 81/82, the response will be 301/302, unless you have if directive in your config file somewhere. Unfortunately you omitted your configuration. I honestly don't see the point of hosting something on different ports here. Wouldn't aliases on 443 be a better alternative. I'm failing to understand the logic here especially if it's going to always redirect to https://ip/phpipam ?
OK, I've misunderstood your question.
I want to access the platform which is found at http://10.1.1.1:82 to be accesible from https://10.1.1.1/phpipam/ . NGINX is listening on 443 and 80 ( for redirect to 443 if typed http )
Remove the redirect on http://10.1.1.1:82 and set define('BASE', "/"); accordingly?
My problem is just that. I don't know what to set in order to make it work. A little help for a newbie like me, would be appreciated.
If you leave the configuration as is, I suspect you going to need URLRewrite on 443 to make it work. In practice, I'm inexperience, so I'll leave it here for the more inclined. If the alternatives don't work for you.
Updated the version from 1.3 to 1.3.2, tried the configuration from the documentation, but with no luck. Maybe it has something to do with the fact that it runs on a another port rather than the default 80.
OK, maybe @phpipam would be so kind, could give a insight into the matter. Full details:
phpipam version 1.4 nginx version: nginx/1.15.9
httpd running on port 82, so phpipam is accessible at ( http://ip:82 ) phpipam folder location : /var/www Pretty link are ON
phpipam/config.php if(!defined('BASE')) define('BASE', "/");
nginx.conf: location /phpipam/ { proxy_pass http://10.191.37.4:82/; try_files $uri $uri/ /phpipam/index.php; index index.php; } location /phpipam/api/ { proxy_pass http://10.191.37.4:82/; try_files $uri $uri/ /phpipam/api/index.php; } location ~.php$ { proxy_pass http://10.191.37.4:82; fastcgi_pass unix:/var/run/php-fpm.socket; fastcgi_index index.php; try_files $uri $uri/ index.php = 404; include fastcgi_params; }
httpd.conf
ServerName localhost:82 Listen 82
<Directory "/var/www/phpipam"> Options FollowSymLinks AllowOverride all Order allow,deny Allow from all </Directory>
httpd/conf.d/ipamphp.conf <VirtualHost *:82> ServerAdmin root@localhost DocumentRoot "/var/www/phpipam/" ServerName IP <Directory "/var/www/phpipam/"> Options Indexes FollowSymLinks AllowOverride All Require all granted </Directory> ErrorLog "/var/log/httpd/phpipam-error_log" CustomLog "/var/log/httpd/phpipam-access_log" combined </VirtualHost>
With these settings, I can acces https://ip/phpipam/ and get partial loading, with jQuery error! . When I click any link i get redirected to http://ip:82
If I remove the proxy_pass setting, I get 404 Not Found nginx/1.15.9
Hi, I am a bit confused. You are using nginx reverse proxy to proxy to apache on same server and different port ?
Exactly. I just want to use the SSL port and certificate that I have configured in nginx and access the IPAM portal from there, using the /location
Ok, but why running 2 separate webservers on same host? Anyhow, in this case I guess you only need to proxy /phpipam/:
nginx.conf:
location /phpipam/ {
proxy_pass http://10.191.37.4:82/;
}
One thing I noticed in your apache config:
ServerName localhost:82
Listen 82
Note the localhost, maybe change it in nginx conf? It seems you are proxying to IP address but listen on localhost (127.0.0.1) if you dont have this changed on your hosts file.
If you use nginx directly (remove the proxy_pass) you are missing root directive in your server config :
root /var/www/phpipam/;
Otherwise add this to beginning of index.php (line 3) and show what headers are being sent from nginx to apache:
print "<pre>";
print_r($_SERVER);
Hi, Well, I have configured on the same host multiple instances that I want to access via nginx and https, that are running on different ports. I've done the changes you've said and I get the following :
- when accessing https://ip/phpipam/ it redirects me to https://ip/phpipam/login but the formatting is weird and I have the following code
Array ( [REDIRECT_UNIQUE_ID] => XI9PENfoY2uH56V4poikdAAAAAk [REDIRECT_STATUS] => 200 [UNIQUE_ID] => XI9PENfoY2uH56V4poikdAAAAAk [HTTP_HOST] => 10.191.37.4:82 [HTTP_CONNECTION] => close [HTTP_USER_AGENT] => Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:65.0) Gecko/20100101 Firefox/65.0 [HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 [HTTP_ACCEPT_LANGUAGE] => en-US,en;q=0.5 [HTTP_ACCEPT_ENCODING] => gzip, deflate, br [HTTP_UPGRADE_INSECURE_REQUESTS] => 1 [HTTP_CACHE_CONTROL] => max-age=0 [HTTP_COOKIE] => phpipam=as1b72sbsv9dgt102jv7if50h5 [PATH] => /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin [SERVER_SIGNATURE] => [SERVER_SOFTWARE] => Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 [SERVER_NAME] => 10.191.37.4 [SERVER_ADDR] => 10.191.37.4 [SERVER_PORT] => 82 [REMOTE_ADDR] => 10.191.37.4 [DOCUMENT_ROOT] => /var/www/phpipam/ [REQUEST_SCHEME] => http [CONTEXT_PREFIX] => [CONTEXT_DOCUMENT_ROOT] => /var/www/phpipam/ [SERVER_ADMIN] => root@localhost [SCRIPT_FILENAME] => /var/www/phpipam/index.php [REMOTE_PORT] => 53060 [REDIRECT_URL] => /login/ [GATEWAY_INTERFACE] => CGI/1.1 [SERVER_PROTOCOL] => HTTP/1.0 [REQUEST_METHOD] => GET [QUERY_STRING] => [REQUEST_URI] => /login/ [SCRIPT_NAME] => /index.php [PHP_SELF] => /index.php [REQUEST_TIME_FLOAT] => 1552895760.177 [REQUEST_TIME] => 1552895760 )
I think this is missing in nginx:
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
Remove changes you made in index.php and add this to your nginx config.
I've added the line above, under /phpipam/ block but it seems that it cannot load all resources, starting from scripts/images to the loading of the portal itself. It remains in Loading... after I input the credentials.
Hm... Maybe this ?
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header Host $host:$server_port;
My working config for nginx reverse proxy:
server {
listen 80;
server_name ipam.example.net;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name ipam.example.net;
ssl_certificate /etc/nginx/ssl/example.net.fullchain.cer;
ssl_certificate_key /etc/nginx/ssl/example.net.key;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
location / {
proxy_pass http://192.168.10.11/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
}
}
My working config for nginx reverse proxy:
server { listen 80; server_name ipam.example.net; return 301 https://$host$request_uri; } server { listen 443 ssl; server_name ipam.example.net; ssl_certificate /etc/nginx/ssl/example.net.fullchain.cer; ssl_certificate_key /etc/nginx/ssl/example.net.key; ssl_protocols TLSv1.1 TLSv1.2; ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; location / { proxy_pass http://192.168.10.11/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; proxy_set_header X-Forwarded-Host $host:$server_port; proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Nginx-Proxy true; proxy_redirect off; } }
2024, this works on phpipam 1.6.0, other standard configurations do not work.
