Fwd: Problem with CAS on nginx configuration

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Fwd: Problem with CAS on nginx configuration

carlos maddaleno cuellar

Hello!

I wanted to know if some one could help me with a problem i have with my CAS, the problem is that i have a nginx that is responding to three diferent servers as a proxy, the thing is that i put the cas on one instance (server) but when it loads on 

siampapps(nginx)

https://siamppapps.mp/cas it shows that is not navigating on a secure port as you can see

Imágenes integradas 2


 
but when i try directly on the ip of the server and the port it doesn't show any error 

Imágenes integradas 1


this is my nginx configuration:

---------------------------------------------------------------------------------------------------------------------
 
upstream nomina {
        server siampv4.mp:28080;
}

upstream siampv3.mp {
        server siampv3.mp:28083;        
}

upstream siampv5.mp {
        server siampv5.mp:28080;        
}




server {
        listen 443;
        client_max_body_size 8M;
        ssl on;
ssl_certificate /etc/nginx/siampapps.mp.crt;        # path to your cacert.pem
        ssl_certificate_key /etc/nginx/siampapps.mp.key;    # path to your privkey.pem
        server_name test.mp;
        # ......
        fastcgi_param   HTTPS               on;
        fastcgi_param   HTTP_SCHEME         https;
#location / {
#        root   /usr/share/nginx/html;
#        index  index.html index.htm;
#    }



location /nomina {
proxy_pass http://nomina;
}

location / {
proxy_pass http://siampv3.mp;
}

location /mailer {
proxy_pass http://siampv5.mp;
}

location /cas {

proxy_pass http://siampv5.mp;
}


}

thanks a lot!!



_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

RE: [IE] Fwd: Problem with CAS on nginx configuration

Jason Whittington

It looks to me like the problem is that  siampapps.mp.crt is a weak certificate.  F12 tools in google show that it uses SHA-1 which is obsolete.   You should be able to fix this by generating a new cert using a more secure algorithm.

 

 

From: nginx [mailto:[hidden email]] On Behalf Of carlos maddaleno cuellar
Sent: Tuesday, November 28, 2017 9:45 AM
To: [hidden email]
Subject: [IE] Fwd: Problem with CAS on nginx configuration

 

 

Hello!

 

I wanted to know if some one could help me with a problem i have with my CAS, the problem is that i have a nginx that is responding to three diferent servers as a proxy, the thing is that i put the cas on one instance (server) but when it loads on 

 

siampapps(nginx)

 

https://siamppapps.mp/cas it shows that is not navigating on a secure port as you can see

 

Imágenes integradas 2

 

 

 

but when i try directly on the ip of the server and the port it doesn't show any error 

 

Imágenes integradas 1

 

 

this is my nginx configuration:

 

---------------------------------------------------------------------------------------------------------------------

 

upstream nomina {

        server siampv4.mp:28080;

}

 

upstream siampv3.mp {

        server siampv3.mp:28083;        

}

 

upstream siampv5.mp {

        server siampv5.mp:28080;        

}

 

 

 

 

server {

        listen 443;

        client_max_body_size 8M;

        ssl on;

ssl_certificate /etc/nginx/siampapps.mp.crt;        # path to your cacert.pem

        ssl_certificate_key /etc/nginx/siampapps.mp.key;    # path to your privkey.pem

        server_name test.mp;

        # ......

        fastcgi_param   HTTPS               on;

        fastcgi_param   HTTP_SCHEME         https;

#location / {

#        root   /usr/share/nginx/html;

#        index  index.html index.htm;

#    }

 

 

 

location /nomina {

proxy_pass http://nomina;

}

 

location / {

proxy_pass http://siampv3.mp;

}

 

location /mailer {

proxy_pass http://siampv5.mp;

}

 

location /cas {

 

proxy_pass http://siampv5.mp;

}

 

 

}

 

thanks a lot!!

 

 

This message contains proprietary information from Equifax which may be confidential. If you are not an intended recipient, please refrain from any disclosure, copying, distribution or use of this information and note that such actions are prohibited. If you have received this transmission in error, please notify by e-mail [hidden email]. Equifax® is a registered trademark of Equifax Inc. All rights reserved.
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx