How to config the nginx so that ST2 can be accessed by using the domain name?


(qinhao) #1

Hi there

I build ST2 Service use docker file according this guide Docker — StackStorm 2.8.1 documentation

And I have applied for a domain name , i want to visit ST2 use this domain name. There is another nginx server , i have to config the nginx conf to make the traffic route to the install ST2 Server.

I refrence this HA deployment guide and have this nginx conf below:

upstream st2 {
server 10.1.34.123:443;
}

server {
listen *:80 default_server;
server_name autoops.com;

add_header Front-End-Https on;
add_header X-Content-Type-Options nosniff;

if ($ssl_protocol = “”) {
return 301 https://$host$request_uri;
}

index index.html index.htm index.php;

access_log /var/logs/nginx/st2webui.access.log combined;
error_log /var/logs/nginx/st2webui.error.log;
}

server {
listen *:443 ssl;
server_name autoops.com;

ssl on;

ssl_certificate e2.crt;
ssl_certificate_key e2.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;

index index.html index.htm index.php;

access_log /var/logs/nginx/ssl-st2webui.access.log combined;
error_log /var/logs/nginx/ssl-st2webui.error.log;

add_header Front-End-Https on;
add_header X-Content-Type-Options nosniff;

location /api/ {
rewrite ^/api/(.*) /api/$1 break;

proxy_pass            https://st2/api/;
proxy_read_timeout    90;
proxy_connect_timeout 90;
proxy_redirect        off;

proxy_set_header      Host $host;
proxy_set_header      X-Real-IP $remote_addr;
proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header Connection '';
chunked_transfer_encoding off;
proxy_buffering off;
proxy_cache off;
proxy_set_header Host $host;

}

location /auth/ {
rewrite ^/auth/(.*) /auth/$1 break;

proxy_pass            https://st2/auth/;
proxy_read_timeout    90;
proxy_connect_timeout 90;
proxy_redirect        off;

proxy_set_header      Host $host;
proxy_set_header      X-Real-IP $remote_addr;
proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_header     Authorization;

proxy_set_header Connection '';
chunked_transfer_encoding off;
proxy_buffering off;
proxy_cache off;
proxy_set_header Host $host;

}

location /mistral/ {
rewrite ^/mistral/(.*) /mistral/$1 break;

proxy_pass            https://st2/mistral/;
proxy_read_timeout    90;
proxy_connect_timeout 90;
proxy_redirect        off;

proxy_set_header      Host $host;
proxy_set_header      X-Real-IP $remote_addr;
proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_header     Authorization;

proxy_set_header Connection '';
chunked_transfer_encoding off;
proxy_buffering off;
proxy_cache off;
proxy_set_header Host $host;

}

location / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Protocol https;
proxy_pass https://st2/;
}
}

But when i visit ST2 use domain name no matter what the URL is , i got response like this
"The requested URL /api/v1/executions was not found on this server "


(Lindsay Hill) #2

Check the logs on your nginx servers - do you see the requests getting proxied to 10.1.34.123? What does its logs show it doing with those requests?

Does it work if you go direct to https://10.1.34.123?