OWIN Server Error
Peter Booth
peter_booth at me.com
Mon Jan 21 17:05:26 UTC 2019
Petrosetta,
Question is your nginx server running on the same host as your owin / IIS server?
With OWIN / IIS listening only on port 80 and nginx only on port 443?
And both listening on the physical NIC (not localhost) and no firewall?
It looks as though you are wanting to do SSL termination and HTTP/2 with nginx
and proxy everything to OWIN/IIS - is that correct?
If it were me, I’d try to bisect the problem:
1. first repeat the test request (ideally with curl ) as an HTTP 1.1 request
2. If that didn’t work, configure a second VirtualHost in nginx on port 8080 that has no SSL and request that with curl
Also, your config suggests that your web server might be internet visible.
If It is, I would suggest that you try access these test URLs, and also directly
accessing your IIS using the redbot.org HTTP validator.
Good luck,
Peter
> On 21 Jan 2019, at 9:23 AM, petrosetta <nginx-forum at forum.nginx.org> wrote:
>
> Morning all
> I don;t know if anyone has ever had this problem bit I am attempting to put
> an OWIN Server running on a Windows 2012 Server with IIS. Whenever we try to
> log on going through the NGINX server, I get "Invalid login attempt. Verify
> that your username and password are correct." I am sure the username and
> password are correct. When I look in NGINX logs, I am seeing GET
> /WebAccess/fonts/glyphicons-halflings-regular.woff2 HTTP/2.0" 404 1245
> https://mywebsite/Content/css?v=looooong string.
>
> My settings for this server in NGINX is the following:
>
> listen 443 ssl http2;
> server_tokens off;
> more_clear_headers Server;
> server_name devmachine.mydomain.com;
> ssl on;
> ssl_certificate ssl/devmachine/certificate.crt;
> ssl_certificate_key ssl/devmachine/private-key.pem;
> ssl_dhparam ssl/dhparams.pem;
> ssl_ecdh_curve secp384r1;
> ssl_stapling on;
> ssl_stapling_verify on;
> ssl_trusted_certificate ssl/devmachine/certificate-trusted.crt;
> resolver 8.8.8.8 8.8.4.4 valid=300s;
> resolver_timeout 10s;
> ssl_protocols TLSv1.3 TLSv1.2;
> ssl_prefer_server_ciphers on;
> ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
> ssl_session_cache shared:SSL:1m;
> ssl_session_timeout 1h;
> ssl_session_tickets off;
> add_header Strict-Transport-Security
> "max-age=31536000;includeSubDomains" always;
> access_log /var/log/nginx/access.log main;
> log_not_found on;
>
> location / {
> proxy_pass https://devserver;
> proxy_set_header Host $host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_set_header X-Forwarded-Proto $scheme;
> add_header X-Frame-Options SAMEORIGIN;
> add_header X-Content-Type-Options nosniff;
> add_header X-XSS-Protection "1; mode=block";
> proxy_ignore_client_abort on;
> proxy_buffering off;
> proxy_read_timeout 3600s;
> proxy_send_timeout 3600s;
> if ($limit_bots = 1) {
> return 403;
> }
> }
>
> Has anyone been able to get NGINX working with OWIN?
>
> Posted at Nginx Forum: https://forum.nginx.org/read.php?2,282762,282762#msg-282762
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20190121/8643351c/attachment.html>
More information about the nginx
mailing list