Skip to main content
Question

TAS over nginx proxy - configuration issues

P
Do Gooder (Customer)
Forum|alt.badge.img+1

Hi, 

This is my first post here so also wanted to say hello :)

 

I have problem with ngnix confguration (maybe not only). The general idea is to have TAS application working from the outside of the internal network on mobile devices.

 

General idea of the connection:

INTERNET ------> gateway (ngnix reverse proxy) ------ MWS server with TAS application

 

I was able to redirect connections to TAS service (or at least it’s web service):

 

location /mwo/ {
            proxy_pass         https://<interal_IP>:<PORT>/;
            proxy_redirect     off;
            proxy_pass_request_headers on;
            proxy_buffering off;

            proxy_set_header   host             $http_host;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header Upgrade            $http_upgrade;
            proxy_set_header Connection "upgrade";

            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto  $scheme;
            proxy_set_header X-Forwarded-Port   $server_port;

            client_max_body_size       100m;
            client_body_buffer_size    128k;

            proxy_connect_timeout      90;
            proxy_send_timeout         90;
            proxy_read_timeout         90;

            proxy_buffer_size          4k;
            proxy_buffers              4 32k;
            proxy_busy_buffers_size    64k;
            proxy_temp_file_write_size 64k;
        }
 

 

But i don’t get the page fully loaded:

 

Let’s say it is a smaller problem because i dont know how to add redirection for auth service. When try to login i got redirected to internal address whitch is not exposed to the internet: 

 

 

Any ideas how to redirect this or how it shoud be done ?

 

Thanks in advice !

 

    6 replies

    Rukmal Fernando
    Superhero (Employee)
    Forum|alt.badge.img+16
    • Rukmal Fernando
    • Superhero (Employee)
    • 381 replies
    • August 21, 2024

    @pawel.wnuk Hello, and welcome to IFS Community!

    A few followup questions for you:

    1. Can you login to your TAS from inside the network using its internal URL? This way we can confirm whether it’s the installation or the reverse proxy to dig into.
    2. The first two screenshots suggest that your CSS files are not loading, which could be either on the IIS end (since the TAS is an IIS app) or on nginx. Again, #1 will help.
    3. On the issue with the redirect URI, can you double check against this: https://docs.ifs.com/techdocs/Foundation1/020_installation/400_installation_options/030_touch_apps/010_touch_apps_server/35_open_id_connect/default.htm

    Best regards,

    Rukmal

    P
    Do Gooder (Customer)
    Forum|alt.badge.img+1
    • pawel.wnuk
    • Author
    • Do Gooder (Customer)
    • 2 replies
    • August 21, 2024

    Hi Rukmal, 

    Thank you for a fast replay. 

     

    1. Can you login to your TAS from inside the network using its internal URL? This way we can confirm whether it’s the installation or the reverse proxy to dig into.

     

    Yes, I can confirm that local logging is working fine.

     

     

    1. The first two screenshots suggest that your CSS files are not loading, which could be either on the IIS end (since the TAS is an IIS app) or on nginx. Again, #1 will help

     

    If that help - my proxy is in DMZ, and the connection to TAS is limited to port 9443 TCP/UDP.

    EDITED: I have found that css was not loaded because system search it in main location not /MWO/. When I have changed ngnix config from :

    location /mwo/ {

    to:

    location / {

     

    css is now loading ok.

    Rukmal Fernando
    Superhero (Employee)
    Forum|alt.badge.img+16
    • Rukmal Fernando
    • Superhero (Employee)
    • 381 replies
    • August 22, 2024

    @pawel.wnuk great to hear! have you been able to change the authentication configuration to use the external URL as well?

    Best regards,

    Rukmal

    P
    Do Gooder (Customer)
    Forum|alt.badge.img+1
    • pawel.wnuk
    • Author
    • Do Gooder (Customer)
    • 2 replies
    • August 27, 2024

    Hi Rukmal, 

    No I still have this problem and I have no idea there to start…. 

    Rukmal Fernando
    Superhero (Employee)
    Forum|alt.badge.img+16
    • Rukmal Fernando
    • Superhero (Employee)
    • 381 replies
    • August 27, 2024

    @pawel.wnuk what about the documentation? Have you followed those instructions? https://docs.ifs.com/techdocs/Foundation1/020_installation/400_installation_options/030_touch_apps/010_touch_apps_server/35_open_id_connect/default.htm

     

    Best regards,

     

    Rukmal

    AshenR
    Hero (Partner)
    Forum|alt.badge.img+8
    • AshenR
    • Hero (Partner)
    • 99 replies
    • December 15, 2024

    @pawel.wnuk This type of issue often occurs due to a misconfiguration or missing IIS components. Since the Touch App service runs on top of the IIS service, please verify that all necessary components are properly installed and configured through the Server Manager.

    Thanks and Best Regards, Ashen - https://www.linkedin.com/in/ashen-ranaweera-49562b30/

    Reply


    Terms & ConditionsCookie settings

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings