[SOLVED] Re: Newbie: Trying to ssl-wrap Plone4 using non-standard port

Johannes Graumann johannes_graumann at web.de
Fri Oct 1 12:11:00 MSD 2010


Opening the default 8080 port to setup a plone site ("PloneSiteName") 
independent of NGINX and figuring out how to access plone's 
VirtualHostMonster fixed this.

I now run successfully

server {
    listen   8443;# Custom port as the standard 443 is taken by kolab
    server_name  myserver.net;
    # SSL is using KOLAB generated credentials
    ssl  on;
    ssl_certificate  /kolab/etc/kolab/cert.pem;
    ssl_certificate_key  /kolab/etc/kolab/key.pem;
    ssl_session_timeout  5m;
    ssl_protocols  SSLv3 TLSv1;
    ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
    ssl_prefer_server_ciphers   on;
    location / {
        proxy_pass 
http://localhost:8080/VirtualHostBase/https/myserver.net:8443/PloneSiteName/VirtualHostRoot/;
    }
  }

Cheers, Joh

Johannes Graumann wrote:

> mat h wrote:
> 
>> try using 127.0.0.1 instead of localhost.
> 
> Thanks. Trying to go beyond the start age I now get stuck with a failing
> http://127.0.0.1:8080/@@plone-addsite?site_id=Plone ...
> 
> Joh
> 
>> 
>> On Wed, Sep 29, 2010 at 4:20 AM, Johannes Graumann
>> <johannes_graumann at web.de> wrote:
>>> Igor Sysoev wrote:
>>>
>>>> On Tue, Sep 28, 2010 at 07:17:13PM +0200, Johannes Graumann wrote:
>>>>
>>>>> Hello,
>>>>>
>>>>> I have a domain (www.graumannschaft.org) that points to a non-standard
>>>>> ssl- port on a server I rent (h1616679.stratoserver.net:442), as 443
>>>>> is taken by an unrelated Apache instance.
>>>>> The server now hold a virgin buildout of Plone4, listening on 8080.
>>>>> I want to wrap that zope/plone cnnetion into ssl using NGINX and hsve
>>>>> so fa the following:
>>>>>
>>>>> server {
>>>>> listen   442;# Custom port as the standard 443 is taken by kolab
>>>>> server_name  www.graumannschaft.org;
>>>>> # SSL is using KOLAB generated credentials
>>>>> ssl  on;
>>>>> ssl_certificate  /kolab/etc/kolab/cert.pem;
>>>>> ssl_certificate_key  /kolab/etc/kolab/key.pem;
>>>>> ssl_session_timeout  5m;
>>>>> ssl_protocols  SSLv3 TLSv1;
>>>>> ssl_ciphers
>>>>> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
>>>>> ssl_prefer_server_ciphers   on;
>>>>> location / {
>>>>> proxy_pass http://localhost:8080;
>>>>> }
>>>>> }
>>>>>
>>>>> This gets me to Plone4's "Plone is up and running. * Your Plone site
>>>>> has not been added yet ..." age just fine, but clicking the button
>>>>> "Create a new Plone Site" redirects me to localhost:8080, which
>>>>> unsurprisingly doesn't work.
>>>>> I'm obviously lacking rewriting, but whatever I have tried along the
>>>>> lines of googled examples (which mostly rely n already up and running
>>>>> plone sites and plone's VirtulHostMonster), has not worked.
>>>>>
>>>>> Can someone lease nudge me into the right direction?
>>>>
>>>> location / {
>>>> proxy_pass      http://localhost:8080;
>>>> proxy_redirect  http://localhost:8080/ /;
>>>> }
>>>>
>>> Thanks! I have now
>>>
>>> server {
>>> listen   442;# This is a custom port as the standard 443 is taken by
>>> kolab server_name  www.graumannschaft.org h1616679.stratoserver.net;
>>> # SSL is using KOLAB generated credentials
>>> ssl  on;
>>> ssl_certificate  /kolab/etc/kolab/cert.pem;
>>> ssl_certificate_key  /kolab/etc/kolab/key.pem;
>>> ssl_session_timeout  5m;
>>> ssl_protocols  SSLv3 TLSv1;
>>> ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3 +EXP;
>>> ssl_prefer_server_ciphers   on;
>>> location / {
>>> proxy_pass      http://localhost:8080;
>>> proxy_redirect  http://localhost:8080/ /;
>>> }
>>> }
>>>
>>> But when trying to move on from plone's default start page (at
>>> https://h1616679.stratoserver.net:442/), I still end at
>>> http://localhost:8080/@@plone-addsite?site_id=Plone, which keeps not
>>> working ...
>>>
>>> Thanks for any hint, Joh
>>>
>>>
>>>
>>> _______________________________________________
>>> nginx mailing list
>>> nginx at nginx.org
>>> http://nginx.org/mailman/listinfo/nginx
>>>
>> 
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://nginx.org/mailman/listinfo/nginx
> 
> 
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx





More information about the nginx mailing list