UCS Nginx reverse proxy issue - ucs sso office 365

Khalgrem · March 1, 2022, 10:27am

Hey there!

iam trying to get the ucs-sso office 365 site through a reverse proxy that our employees can reach it outside our company network. We have a reverse proxy server and that is running nginx. thats the config i try to run:

upstream example {
        server example.ktest.local:443;
}

server {
        listen   80;
        server_name example.ktest.de;
        return 301 https://$host$request_uri;
}

server {
        listen   443 ssl http2;
        server_name xx;

        access_log  /var/log/nginx/example.access.log;
        error_log  /var/log/nginx/example.error.log;

        ssl_certificate /etc/letsencrypt/live/sso.k-test.de/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/sso.k-test.de/privkey.pem;

        ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
        ssl_ciphers EECDH+AESGCM:EDH+AESGCM:EECDH:EDH:!MD5:!RC4:!LOW:!MEDIUM:!CAMELLIA:!ECDSA:!DES:!DSS:!3DES:!NULL;
        ssl_prefer_server_ciphers on;
        ssl_dhparam /etc/nginx/ssl/dhparam2048.pem;
        ssl_ecdh_curve secp384r1;
        ssl_session_cache shared:SSL:30m;
        ssl_session_timeout 10m;
        ssl_session_tickets on;
        ssl_session_ticket_key /etc/nginx/ssl/nginx_ticketkey;

        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";


        location / {

                proxy_pass https://example.ktest.local;

                proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

                proxy_set_header        Accept-Encoding   "";
                proxy_set_header        Host            $host;
                proxy_set_header        X-Real-IP       $remote_addr;
                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

                proxy_set_header        X-Forwarded-Proto $scheme;
                add_header              Front-End-Https   on;

                proxy_redirect     off;
        }
}

what do i need to change? Cause iam getting a 502 Error. Do i need to edit the apache config at the ucs itself?

santiago · March 1, 2022, 2:55pm

The first sentence in this tutorial is:

A 502 bad gateway error is one of the most HTTP status codes that are like short notes from a server…

So if it is working without nginx, you might look at the debug log files first? Other wise check the problem before starting nginx?

I have changed your real domain into an example. Maybe you don`t want to inform everybody where the broken hopefully closed gate into your company is

I hope this helps

PS Where is 502 coming from ? Nginx or Apache ?

Khalgrem · March 1, 2022, 4:28pm

502 got fixed. It was the A-Record from our domain provider that was unreachable. I just don’t get to the ucs-sso page with the proxy_pass. What do i need to change to get directly to the ucs-sso via reverse proxy?

santiago · March 2, 2022, 8:24am

Please open a new thread about this in the forum and help the people to help you with giving more details and messages from your system.
thx