Help please

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Help please

Johan Gabriel Medina Capois

Morning

 

We are new using nginx as reverse proxy, we are having trouble with a site in IIS getting this logs

 

Access logs

"GET /wfc HTTP/1.1" 404 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"

"GET /wfc/logon HTTP/1.1" 200 7496 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"

"GET /wfcstatic/applications/wpk/html/scripts/cookie.js?version=8.1.6.2032 HTTP/1.1" 200 2534 "http://kronos.mardom.com/wfc/logon" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"

 

Config

server {

listen 80;

server_name kronos.mardom.com;

 

location / { proxy_pass http://10.228.20.97;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

}

}

 

Can you help us please?

 

Regard

 

 

 

 

Johan Medina
Administrador de Sistemas e Infraestructura
Logo
 
Departamento: TECNOLOGIA
Central Tel: 809-539-600 Ext: 8139
Flota: (809) 974-4954
Directo: 809 974-4954
Email: [hidden email]
Web:www.mardom.com
 
Facebook icon Instagram icon Linkedin icon Youtube icon
 
Banner
 
Sea amable con el medio ambiente: no imprima este correo a menos que sea completamente necesario.

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: Help please

J.R.
> Can you help us please?

You're going to have to be a *bit* more specific what your problem is...
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

RE: Help please

Johan Gabriel Medina Capois
Sure.

The problem is that we have an backend application running in HTML5, when we navigate to http://kronos.mardom.com/wfc/htmlnavigator/logon and try to login, it redirect to http://kronos.mardom.com/wfc/ and deploy error message "you have no access" , but when navigate from localhost no problem.

And the nginx log

"GET /wfc HTTP/1.1" 404 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
"GET /wfc/logon HTTP/1.1" 200 7496 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
"GET /wfcstatic/applications/wpk/html/scripts/cookie.js?version=8.1.6.2032 HTTP/1.1" 200 2534 "http://kronos.mardom.com/wfc/logon" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"

Configuration is

server {
listen 80;
server_name kronos.mardom.com;

location / { proxy_pass http://10.228.20.97;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

Regards

-----Original Message-----
From: nginx <[hidden email]> On Behalf Of J.R.
Sent: Tuesday, January 28, 2020 9:34 AM
To: [hidden email]
Subject: Re: Help please

> Can you help us please?

You're going to have to be a *bit* more specific what your problem is...
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Johan Medina
Administrador de Sistemas e Infraestructura       [Logo]

Departamento: TECNOLOGIA
Central Tel: 809-539-600 Ext: 8139
Flota: (809) 974-4954
Directo: 809 974-4954
Email: [hidden email]
Web:www.mardom.com<https:://www.mardom.com>

[Facebook icon] <https://www.facebook.com/maritimadelcaribe> [Instagram icon]  <https://www.instagram.com/maritimadelcaribe> [Linkedin icon]  <https://www.linkedin.com/company/maritima-dominicana-sas/?viewAsMember=true> [Youtube icon]

[Banner]

Sea amable con el medio ambiente: no imprima este correo a menos que sea completamente necesario.
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: Help please

Richard Paul
It doesn't actually redirect to /wfc/ though, or rather your log lines show a 404 at /wfc

Also, your log line says /wfc/logon not /wfc/htmlnavigator/logon

GET /wfc
GET /wfc/logon
GET /wfcstatic/applications/wpk/html/scripts/cookie.js?version=8.1.6.2032


On Tue, 2020-01-28 at 14:03 +0000, Johan Gabriel Medina Capois wrote:
Sure.

The problem is that we have an backend application running in HTML5, when we navigate to 
http://kronos.mardom.com/wfc/htmlnavigator/logon
 and try to login, it redirect to 
http://kronos.mardom.com/wfc/
 and deploy error message "you have no access" , but when navigate from localhost no problem.

And the nginx log

"GET /wfc HTTP/1.1" 404 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
"GET /wfc/logon HTTP/1.1" 200 7496 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
"GET /wfcstatic/applications/wpk/html/scripts/cookie.js?version=8.1.6.2032 HTTP/1.1" 200 2534 "
http://kronos.mardom.com/wfc/logon
" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"

Configuration is

server {
listen 80;
server_name kronos.mardom.com;

location / { proxy_pass 
http://10.228.20.97
;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

Regards

-----Original Message-----
From: nginx <
[hidden email]
> On Behalf Of J.R.
Sent: Tuesday, January 28, 2020 9:34 AM
To: 
[hidden email]

Subject: Re: Help please

Can you help us please?

You're going to have to be a *bit* more specific what your problem is...
_______________________________________________
nginx mailing list
[hidden email]

http://mailman.nginx.org/mailman/listinfo/nginx

Johan Medina
Administrador de Sistemas e Infraestructura       [Logo]

Departamento: TECNOLOGIA
Central Tel: 809-539-600 Ext: 8139
Flota: (809) 974-4954
Directo: 809 974-4954
Email: 
[hidden email]

Web:www.mardom.com<https:://www.mardom.com>

[Facebook icon] <
https://www.facebook.com/maritimadelcaribe
> [Instagram icon]  <
https://www.instagram.com/maritimadelcaribe
> [Linkedin icon]  <
https://www.linkedin.com/company/maritima-dominicana-sas/?viewAsMember=true
> [Youtube icon]

[Banner]

Sea amable con el medio ambiente: no imprima este correo a menos que sea completamente necesario.
_______________________________________________
nginx mailing list
[hidden email]

http://mailman.nginx.org/mailman/listinfo/nginx


_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: Help please

Richard Paul
By the looks of things, if the application is redirecting to /wfc that's not working, your application doesn't seem to accept that as a valid. The Squid cache is returning a miss and so it is hitting the backend and getting a 404 from there it seems. /wfc/ with a trailing slash does work however, so this looks like an issue with the IIS configuration to me. Also, this is a login form, I'd recommend that you get TLS set up on this (Let's Encrypt's certbot is free afterall).


On Tue, 2020-01-28 at 14:11 +0000, Richard Paul wrote:
It doesn't actually redirect to /wfc/ though, or rather your log lines show a 404 at /wfc

Also, your log line says /wfc/logon not /wfc/htmlnavigator/logon

GET /wfc
GET /wfc/logon
GET /wfcstatic/applications/wpk/html/scripts/cookie.js?version=8.1.6.2032


On Tue, 2020-01-28 at 14:03 +0000, Johan Gabriel Medina Capois wrote:
Sure.

The problem is that we have an backend application running in HTML5, when we navigate to 
http://kronos.mardom.com/wfc/htmlnavigator/logon
 and try to login, it redirect to 
http://kronos.mardom.com/wfc/
 and deploy error message "you have no access" , but when navigate from localhost no problem.

And the nginx log

"GET /wfc HTTP/1.1" 404 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
"GET /wfc/logon HTTP/1.1" 200 7496 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
"GET /wfcstatic/applications/wpk/html/scripts/cookie.js?version=8.1.6.2032 HTTP/1.1" 200 2534 "
http://kronos.mardom.com/wfc/logon
" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"

Configuration is

server {
listen 80;
server_name kronos.mardom.com;

location / { proxy_pass 
http://10.228.20.97
;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

Regards

-----Original Message-----
From: nginx <
[hidden email]
> On Behalf Of J.R.
Sent: Tuesday, January 28, 2020 9:34 AM
To: 
[hidden email]
Subject: Re: Help please

Can you help us please?

You're going to have to be a *bit* more specific what your problem is...
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx

Johan Medina
Administrador de Sistemas e Infraestructura       [Logo]

Departamento: TECNOLOGIA
Central Tel: 809-539-600 Ext: 8139
Flota: (809) 974-4954
Directo: 809 974-4954
Email: 
[hidden email]
Web:www.mardom.com<https:://www.mardom.com>

[Facebook icon] <
https://www.facebook.com/maritimadelcaribe
> [Instagram icon]  <
https://www.instagram.com/maritimadelcaribe
> [Linkedin icon]  <
https://www.linkedin.com/company/maritima-dominicana-sas/?viewAsMember=true
> [Youtube icon]

[Banner]

Sea amable con el medio ambiente: no imprima este correo a menos que sea completamente necesario.
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx

_______________________________________________
nginx mailing list
[hidden email]

http://mailman.nginx.org/mailman/listinfo/nginx

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

RE: Help please

Johan Gabriel Medina Capois

The issues is that nginx is not allowing authentication through, any application cant’s authenticate through nginx, is this case the backend is running in IIS, any idea?  if you need more information i can send what ever you need, but please a need your help.

 

Regards

 

From: nginx <[hidden email]> On Behalf Of Richard Paul
Sent: Tuesday, January 28, 2020 11:00 AM
To: [hidden email]
Subject: Re: Help please

 

By the looks of things, if the application is redirecting to /wfc that's not working, your application doesn't seem to accept that as a valid. The Squid cache is returning a miss and so it is hitting the backend and getting a 404 from there it seems. /wfc/ with a trailing slash does work however, so this looks like an issue with the IIS configuration to me. Also, this is a login form, I'd recommend that you get TLS set up on this (Let's Encrypt's certbot is free afterall).

 

 

On Tue, 2020-01-28 at 14:11 +0000, Richard Paul wrote:

It doesn't actually redirect to /wfc/ though, or rather your log lines show a 404 at /wfc

 

Also, your log line says /wfc/logon not /wfc/htmlnavigator/logon

 

GET /wfc

GET /wfc/logon

GET /wfcstatic/applications/wpk/html/scripts/cookie.js?version=8.1.6.2032

 

 

On Tue, 2020-01-28 at 14:03 +0000, Johan Gabriel Medina Capois wrote:

Sure.

 

The problem is that we have an backend application running in HTML5, when we navigate to 

http://kronos.mardom.com/wfc/htmlnavigator/logon

 

 and try to login, it redirect to 

http://kronos.mardom.com/wfc/

 

 and deploy error message "you have no access" , but when navigate from localhost no problem.

 

And the nginx log

 

"GET /wfc HTTP/1.1" 404 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
"GET /wfc/logon HTTP/1.1" 200 7496 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
"GET /wfcstatic/applications/wpk/html/scripts/cookie.js?version=8.1.6.2032 HTTP/1.1" 200 2534 "

http://kronos.mardom.com/wfc/logon

 

" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"

 

Configuration is

 

server {
listen 80;
server_name kronos.mardom.com;

 

location / { proxy_pass 

http://10.228.20.97

 

;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

 

Regards

 

-----Original Message-----
From: nginx <

[hidden email]

[hidden email]

 

> On Behalf Of J.R.
Sent: Tuesday, January 28, 2020 9:34 AM
To: 

[hidden email]

[hidden email]

 

Subject: Re: Help please



Can you help us please?

 

You're going to have to be a *bit* more specific what your problem is...
_______________________________________________
nginx mailing list

[hidden email]

[hidden email]


http://mailman.nginx.org/mailman/listinfo/nginx

 

Johan Medina
Administrador de Sistemas e Infraestructura       [Logo]

 

Departamento: TECNOLOGIA
Central Tel: 809-539-600 Ext: 8139
Flota: (809) 974-4954
Directo: 809 974-4954
Email: 

[hidden email]

[hidden email]

 

Web:www.mardom.com<https:://www.mardom.com>

 

[Facebook icon] <

https://www.facebook.com/maritimadelcaribe

 

> [Instagram icon]  <

https://www.instagram.com/maritimadelcaribe

 

> [Linkedin icon]  <

https://www.linkedin.com/company/maritima-dominicana-sas/?viewAsMember=true

 

> [Youtube icon]

 

[Banner]

 

Sea amable con el medio ambiente: no imprima este correo a menos que sea completamente necesario.
_______________________________________________
nginx mailing list

[hidden email]

[hidden email]


http://mailman.nginx.org/mailman/listinfo/nginx

 

_______________________________________________
nginx mailing list

[hidden email]

[hidden email]

 

 

http://mailman.nginx.org/mailman/listinfo/nginx

 

Johan Medina
Administrador de Sistemas e Infraestructura
Logo
 
Departamento: TECNOLOGIA
Central Tel: 809-539-600 Ext: 8139
Flota: (809) 974-4954
Directo: 809 974-4954
Email: [hidden email]
Web:www.mardom.com
 
Facebook icon Instagram icon Linkedin icon Youtube icon
 
Banner
 
Sea amable con el medio ambiente: no imprima este correo a menos que sea completamente necesario.

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: Help please

Francis Daly
On Wed, Jan 29, 2020 at 07:12:24PM +0000, Johan Gabriel Medina Capois wrote:

Hi there,

> The issues is that nginx is not allowing authentication through, any application cant’s authenticate through nginx, is this case the backend is running in IIS, any idea?  if you need more information i can send what ever you need, but please a need your help.
>

I suspect that it will become clearer where the problem might be, if
you can show one request that you make that works when you avoid nginx;
and show the same request through nginx and show the corresponding
failure response.

If you can use "curl -v" to send the request, with whatever user/pass
credentials you use obviously marked, then it may help to copy-paste
the request and response.

If you are using http basic authentication on IIS, then it should Just
Work. If you are using ntlm authentication on IIS, then it will not work
through any proxy or reverse proxy (unless it has specific ntlm support).

Good luck with it,

        f
--
Francis Daly        [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

RE: Help please

Johan Gabriel Medina Capois
Good afternoon

Here are two attached with required information, sorry for the time, anything else I'm available for send.

Regards

-----Original Message-----
From: nginx <[hidden email]> On Behalf Of Francis Daly
Sent: Wednesday, January 29, 2020 4:10 PM
To: [hidden email]
Subject: Re: Help please

On Wed, Jan 29, 2020 at 07:12:24PM +0000, Johan Gabriel Medina Capois wrote:

Hi there,

> The issues is that nginx is not allowing authentication through, any application cant’s authenticate through nginx, is this case the backend is running in IIS, any idea?  if you need more information i can send what ever you need, but please a need your help.
>

I suspect that it will become clearer where the problem might be, if you can show one request that you make that works when you avoid nginx; and show the same request through nginx and show the corresponding failure response.

If you can use "curl -v" to send the request, with whatever user/pass credentials you use obviously marked, then it may help to copy-paste the request and response.

If you are using http basic authentication on IIS, then it should Just Work. If you are using ntlm authentication on IIS, then it will not work through any proxy or reverse proxy (unless it has specific ntlm support).

Good luck with it,

f
--
Francis Daly        [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Johan Medina
Administrador de Sistemas e Infraestructura       [Logo]

Departamento: TECNOLOGIA
Central Tel: 809-539-600 Ext: 8139
Flota: (809) 974-4954
Directo: 809 974-4954
Email: [hidden email]
Web:www.mardom.com<https:://www.mardom.com>

[Facebook icon] <https://www.facebook.com/maritimadelcaribe> [Instagram icon]  <https://www.instagram.com/maritimadelcaribe> [Linkedin icon]  <https://www.linkedin.com/company/maritima-dominicana-sas/?viewAsMember=true> [Youtube icon]

[Banner]

Sea amable con el medio ambiente: no imprima este correo a menos que sea completamente necesario.

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx

Error Interboro.docx (646K) Download Attachment
curl -v kronos.txt (88K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Help please

Francis Daly
On Thu, Jan 30, 2020 at 04:46:27PM +0000, Johan Gabriel Medina Capois wrote:

Hi there,

> Here are two attached with required information, sorry for the time, anything else I'm available for send.
>

From that, I do not see any evidence of a problem involving nginx.

You say that authentication fails, but the only nginx logs you show all
show http 200.

And for "direct" access that works, you show logs with lots of
(java?) error messages

Can you show the actual login request? It looks like it should be a POST
to /wfc/portal including a username= and a password= in the POST request
body content.

Presumably that is a request that gives a "success" indication when
made directly, and a "failure" when made through nginx. A comparison of
the response bodies, and maybe the back-end server logs, will probably
be instructive.

That comes from the following (lines removed):

> <form style="display:inline;" target="_top" onsubmit="setlogin(); return false;" action="/wfc/portal" id="LogonForm" method="POST" name="logonForm" autocomplete="off" >
>                         <input name="username" id="username"  type="text" aria-label="username" tabindex="1" autocapitalize="none" />
>                                 <input id="passInput" name="password" type="password" aria-label="password" tabindex="2">

Thanks,

        f
--
Francis Daly        [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx