<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:Wingdings;
        panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:#0563C1;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:#954F72;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri",sans-serif;
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri",sans-serif;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">Hi,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">My set up is as below:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">NGINX (reverse proxy) <span style="font-family:Wingdings">à</span>IBM WebSeal (redirects to a common login page, after authentication forwards to internal proxy along with the redirected url)
<span style="font-family:Wingdings">à</span> Internal Proxy (IBM http Server) <span style="font-family:Wingdings">
à</span> WebSphere Portal.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I am trying to access <a href="https://%3chost_name%3e/wps/seedlist/myserver?Source=com.ibm.lotus.search.plugins.seedlist.retriever.portal.PortalRetrieverFactory&Action=GetDocuments&Range=100&locale=en">
https://<host_name>/wps/seedlist/myserver?Source=com.ibm.lotus.search.plugins.seedlist.retriever.portal.PortalRetrieverFactory&Action=GetDocuments&Range=100&locale=en</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Host_name is the server_name on NGINX and the url is in the Portal server. When I am accessing it directly, replacing the host_name with Portal server IP/port, it works.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">With the host_name, I am getting the message as in the subject line, on the browser.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">My nginx config is below:-<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">#Security<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">    server_tokens off; #Turn off version number<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">    add_header X-Frame-Options "SAMEORIGIN"; #Turn off click jacking; so no frames<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">    add_header X-XSS-Protection "1; mode=block";<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">    add_header X-Content-Type-Options nosniff;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%"># Redirect all insecure requests to the secure port<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">server {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">  listen <IP_address>:80 ;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">  server_name <server name>;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">   return 301 https://<server_name>$request_uri;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">}<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%"># Serve SSL encrypted data<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">server {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">  listen <IP_address>:443 default_server ssl;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">  add_header Strict-Transport-Security max-age=15768000;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">  server_name <server_name>;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">  access_log /web/nginx/servers/name/logs/access.log;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">  error_log /web/nginx/servers/name/logs/ error.log;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">  # Security<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">    ssl on;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">    ssl_prefer_server_ciphers on;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">    ssl_session_cache shared:SSL:10m;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">    ssl_dhparam /etc/ssl/certs/dhparam.pem;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4';<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">  # Specify the certificate and key<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">    ssl_certificate /etc/nginx/ssl/name/server.name.com.crt;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">    ssl_certificate_key /etc/nginx/ssl/name/server.name.com.key;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">location /download/ {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">                                                rewrite ^/download/vadxeval$ "https://<server name>/mybrocade/secure/navigate?nid=n32&prodCode=VIRTUAL_ADX&pname=VADX_DOWNLOAD&completePath=downloads/Virtual
 ADX/Virtual ADX_Eval"  break;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">                                                rewrite ^/download/apitoolkit$ "https:// <server name>/mybrocade/secure/navigate?nid=n30&prodCode=BRD_API_SUPPORT&prodCatCode=API&pname=VYATTA_DOWNLOAD&completePath=Brocade
 API Toolkit"  break;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">                                }<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">  location / {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">        rewrite ^/$ https:// <server name>/wps/myportal/ break;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">        rewrite ^/wps/portal$ http:// <server name>/wps/myportal/ break;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">        index index.html;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">        root /web/nginx/servers/name/conf;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">    proxy_set_header        Host $server_name;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">    proxy_set_header        X-Real-IP $remote_addr;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">    proxy_set_header        X-Forwarded-Proto $scheme;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">    proxy_pass http://<webseal_hostname>/;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">    proxy_read_timeout 90;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">  }<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%">}<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C55A11;mso-style-textfill-fill-color:#C55A11;mso-style-textfill-fill-alpha:100.0%"><o:p> </o:p></span></p>
<p class="MsoNormal">Please help.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks,<o:p></o:p></p>
<p class="MsoNormal">Krishna<o:p></o:p></p>
</div>
</body>
</html>