Ciphermail nginx proxy

Gateway
1

Hello Ciphermail,

We've put the encryption gateway behind nginx proxy (full configuration
attached). Sample:

        location / {
                proxy_pass https://192.168.0.1:8443/;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;
                proxy_intercept_errors on;

                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $remote_addr;

However when a new user accesses PDF Portal they are presented with a Login
page instead of "Create new password" page for the user.

Also, inside the portal, some of the features like accessing system logs
return a page with no style (screenshot attached).

Can you please advise what nginx configuration we can try to make
Ciphermail work behind it?

attachment.html (1.67 KB)

ciphermail_logs_page.png
ciphermail_logs_page.png746×931 31.9 KB

nginx.conf (2.45 KB)

2

Hello Ciphermail users,

Can anyone suggest a way to proxy the Ciphermail gateway through Nginx?

- Dima

attachment.html (2.18 KB)

···

On Thu, Sep 23, 2021 at 6:44 PM Dima Kovalyov <dima(a)knogin.com> wrote:

Hello Ciphermail,

We've put the encryption gateway behind nginx proxy (full configuration
attached). Sample:

        location / {
                proxy_pass https://192.168.0.1:8443/;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;
                proxy_intercept_errors on;

                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $remote_addr;

However when a new user accesses PDF Portal they are presented with a
Login page instead of "Create new password" page for the user.

Also, inside the portal, some of the features like accessing system logs
return a page with no style (screenshot attached).

Can you please advise what nginx configuration we can try to make
Ciphermail work behind it?

3

Have you tried HAProxy instead of using the NGinx Web Server?

https://www.haproxy.org/

4

I do not have any experience running tomcat behind nginx. I know it
works with Apache HTTPd.

I suggest to use the developer tool from you browser to check what the
server response is when it tries to load the css file.

Kind regards,

Martijn

···

On Thu, 2021-09-23 at 18:44 +0300, Dima Kovalyov via Users wrote:

Hello Ciphermail,

We've put the encryption gateway behind nginx proxy (full
configuration attached). Sample:
> location / {
> proxy_pass https://192.168.0.1:8443/;
> proxy_http_version 1.1;
> proxy_set_header Upgrade $http_upgrade;
> proxy_set_header Connection 'upgrade';
> proxy_set_header Host $host;
> proxy_cache_bypass $http_upgrade;
> proxy_intercept_errors on;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $remote_addr;

However when a new user accesses PDF Portal they are presented with a
Login page instead of "Create new password" page for the user.

Also, inside the portal, some of the features like accessing system
logs return a page with no style (screenshot attached).

Can you please advise what nginx configuration we can try to make
Ciphermail work behind it?

--
CipherMail email encryption
Email encryption with support for S/MIME,
OpenPGP, PDF Messenger and Webmail Messenger

5

Thank you Martijn and Brian,

We have found that the following configuration makes PDF portal working
properly:

server {
        listen 443;
        server_name pdf.example.com;

        ssl on;
        ssl_certificate /etc/nginx/ssl/
example.com/wildcard.example.com.pem;
        ssl_certificate_key /etc/nginx/ssl/
tatratech.ch/wildcard.example.com.key;

        access_log /var/log/nginx/pdf.example.com.access.log;
        error_log /var/log/nginx/pdf.example.com.error.log;

        location / {
                proxy_pass https://192.168.0.1:8443/;
                proxy_set_header Host $host;
                error_page 301 302 307 = @handle_redirect;
        }
}

So we're using a separate NGinx configuration for PDF now.

I will take a look at the developer console for CSS case and consider using
HAProxy.
Thank you!

- Dima

attachment.html (3.56 KB)

···

On Fri, Oct 1, 2021 at 12:31 PM Martijn Brinkers <martijn(a)ciphermail.com> wrote:

On Thu, 2021-09-23 at 18:44 +0300, Dima Kovalyov via Users wrote:
> Hello Ciphermail,
>
> We've put the encryption gateway behind nginx proxy (full
> configuration attached). Sample:
> > location / {
> > proxy_pass https://192.168.0.1:8443/;
> > proxy_http_version 1.1;
> > proxy_set_header Upgrade $http_upgrade;
> > proxy_set_header Connection 'upgrade';
> > proxy_set_header Host $host;
> > proxy_cache_bypass $http_upgrade;
> > proxy_intercept_errors on;
> > proxy_set_header X-Real-IP $remote_addr;
> > proxy_set_header X-Forwarded-For $remote_addr;
>
> However when a new user accesses PDF Portal they are presented with a
> Login page instead of "Create new password" page for the user.
>
> Also, inside the portal, some of the features like accessing system
> logs return a page with no style (screenshot attached).
>
> Can you please advise what nginx configuration we can try to make
> Ciphermail work behind it?

I do not have any experience running tomcat behind nginx. I know it
works with Apache HTTPd.

I suggest to use the developer tool from you browser to check what the
server response is when it tries to load the css file.

Kind regards,

Martijn

--
CipherMail email encryption
Email encryption with support for S/MIME,
OpenPGP, PDF Messenger and Webmail Messenger