Nginx proxy and SSL

rafa · May 4, 2021, 5:13pm

Hi,

I need to run tutor behind a web proxy and I am running into issues to enable https access.

I changed the port to 81 and disabled caddy as indicated in the docs:

tutor config save --set RUN_CADDY=false --set NGINX_HTTP_PORT=81

This is my config file for nginx and it seems to work fine for http access :

server {
    listen 80;
    server_name        abc.removed.com
    location /lms/ {
        proxy_pass http://127.0.0.1:81;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;
    }
}

When running tutor local quickstart i chose Yes for the last question about activating the SSL certificates. Https access was working fine before moving behind the web proxy.

Right now trafic is not redirected to https when i access with http and a request with https results in an error (This site can’t provide a secure connection ERR_SSL_PROTOCOL_ERROR).

Is there any modification I can make to nginx to make this work ? I understand Caddy is in charge of the SSL certificates but since it’s been disabled I am not sure how to proceed, should I run certbot on the web proxy to get new certificates ?

Thanks for your help

Tommy · May 5, 2021, 2:03am

I think, you can use Cloudflare
If you not config the caddy to success.

Tommy · May 5, 2021, 2:08am

Pls, did not run certbot. This is container of instance images

regis · May 6, 2021, 7:38am

Hi @rafa! Your analysis is actually pretty good:

When running tutor local quickstart i chose Yes for the last question about activating the SSL certificates. Https access was working fine before moving behind the web proxy.

This is correct.

I understand Caddy is in charge of the SSL certificates but since it’s been disabled I am not sure how to proceed, should I run certbot on the web proxy to get new certificates ?

Exactly. Since you no longer run Caddy, you are in charge of the following:

Generating SSL certificates on the proxy (with certbot or something else)
Configuring your web proxy to actually use these certificates.
Redirecting http to https.

rafa · May 6, 2021, 2:02pm

Thanks for your help, that should put on the right track, I’ll try to post a working example if I manage to get it working…

system · August 4, 2021, 2:02pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.