New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Disable SSL/TLS? #51
Comments
in the jetty directory edit the start.ini file change --module=https to --module=http and change jetty.port=8443 to whatever you need it to be and restart. On Fri, Feb 20, 2015 at 10:15 AM, Emiel Kollof notifications@github.com
|
Awesome, thanks!
|
No problem. Glad it helped! 🤘 |
@ekollof |
Above snippet is my Nginx proxy config for Keybox, no need to disable ssl . Note: Nginx proxy timeout is 60s by default, websocket will be terminated after that. increase |
@rgv151 |
I am also having trouble getting Keybox to work from behind an Nginx reverse proxy. I can access it via the local lan on the configured HTTP port of 8080, but when trying to access it from external via nginx, nginx is returning a 502 Bad Gateway error. Any ideas? |
I worked out my 502 Bad Gateway Error. It was pesky SELinux on the nginx box. Putting SELinux into permissive mode fixed the issue. |
@ausip - Thanks for posting the fix! |
Putting SELinux in permissive mode is not a fix. |
@ekollof - Yeah good point! |
Hi, has anyone made KeyBox working with an Apache reverse proxy? I currently have the following VirtualHost set, but I have a visual glitch on the terminal. As Sean told me, it is very likely that this is caused by the reverse-proxy blocking web sockets:
I have tried with the below, but maybe I would need some advice on how to use them as I cannot get rid of the problem:
Thank you |
I have a working configuration.
Jetty is running on port 8443 in https. I had problem with httpd 2.4.6 (last httpd updated when I tried on CentOS) in regard with an apache bug with web sockets. I had to install httpd 2.4.10. I hope this helps |
Hi colandre, thanks for your reply. I have modified the VirtualHost section as follows (I don't use ssl on KeyBox):
However I still have the same problem but I am unsure that this is related to the bug you are mentioning as I do not need a ssl pass-through... Any other idea or guidance on my piece of instructions? Thanks! |
One thing that I find wrong in your configuration is the ws:// URI in the location match. You wrote:
You are missing /admin. I think it should be:
What do you think? |
Grazie colandre, I did modify it, but it did not solve the problem. I actually found another, much worst problem: as far as I understood [1] to use mod_proxy_wstunnel extention of mod_proxy you need to run Apache > 2.4.5 but I am currently running Apache 2.2.31 on my QNAP. I would therefore need to upgrade or patch Apache to use it [2]. Do you think this could indeed be the problem? [1] http://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html |
I do not think that Apache 2.2.31 is the problem. I have found backporting and patches for mod_proxy_wstunnel for Apache 2.2.20, but I really don't know if your version is working. It should be good to upgrade at least to Apache version 2.4.10 or greater. |
sure, the problem is that such Apache version is running on a QNAP and I cannot patch it myself. I hope their support team can assist me on this. In any case, thank you for your support and advise! |
Hi guys, I'm using apache as reverse proxy and don't get it to work correct. SSL on proxy is currently disabled. It will forward to use the ssl certificate from the keybox webserver. <VirtualHost *:443> ServerName ssh.domain.de SSLProxyEngine On
SSLCertificateFile /etc/letsencrypt/live/ssh.domain.de/fullchain.pem Also i've tried this one: <VirtualHost *:443> ServerName ssh.domain.de
ProxyRequests off <LocationMatch "/admin/(terms.*)"> RequestHeader set X-Forwarded-Proto "https" env=HTTPS
SSLCertificateFile /etc/letsencrypt/live/ssh.domain.de/fullchain.pem |
I've fixed it now. The second config from my last post was correct but i've forgot to enable apache proxy_wstunnel module with "a2enmod proxy_wstunnel" Thanks! |
Hi, ist there a new Method how to do exactly that, i mean disabling ssl if nginx already handels that? |
I am using nginx as reverse proxy, but sometimes I'm getting a 502 gateway error to my bastillion using hostname. However, when i try to access bastillion using the : i was able to access the bastillion login page. Anybody faced this issue before? |
Can SSL/TLS be disabled? Because my nginx already terminates SSL.
The text was updated successfully, but these errors were encountered: