wiki

User Tools

Site Tools

Trace:
iam_production_deployment_guide

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
iam_production_deployment_guide [2026/02/26 10:15] – [Proxy through NGINX] pradnyaiam_production_deployment_guide [2026/02/26 12:47] (current) – [cPanel's userdata include] pradnya
Line 331: Line 331:
 </code> </code>
  
-===== Proxy through NGINX =====+===== Proxy through NGINX - Droplet FIX =====
  
 To resolve on browser error "We are sorry… HTTPS required" To resolve on browser error "We are sorry… HTTPS required"
Line 423: Line 423:
  
 </code> </code>
 +
 +Start NginX
 +
 +<code>
 +systemctl restart nginx
 +
 +</code>
 +
 +Check/Configure Firewall rules for URL as follows
 +
 +**Configure Inbound Rules**
 +
 +Add these inbound rules:
 +
 +^Type^Protocol^Port^Sources|
 +|HTTP|TCP|80|All IPv4, All IPv6|
 +|HTTPS|TCP|443|All IPv4, All IPv6|
 +|SSH|TCP|22| \\ All IPv4, All IPv6|
 +
 +Allow Nginx to connect to local ports
 +<code>
 +
 + setsebool -P httpd_can_network_connect 1
 +
 +#or
 +
 +setenforce 1
 +
 +</code>
 +
 +Stop docker and NginX and start again.
 +
 +===== cPanel's userdata include =====
 +
 +**Step 1: Create the userdata directories**
 +
 +bash
 +
 +<code>
 +mkdir -p /etc/apache2/conf.d/userdata/std/2_4/ctapi/kcloak.ctapi.in/
 +mkdir -p /etc/apache2/conf.d/userdata/ssl/2_4/ctapi/kcloak.ctapi.in/
 +
 +</code>
 +
 +**Step 2: Create HTTP proxy config**
 +
 +bash
 +
 +<code>
 +nano /etc/apache2/conf.d/userdata/std/2_4/ctapi/kcloak.ctapi.in/proxy.conf
 +
 +</code>
 +
 +Add:
 +
 +<code>
 +RewriteEngine On RewriteRule ^(.*)$ https://kcloak.ctapi.in$1 [R=301,L]<code>
 +
 +**Step 3: Create HTTPS proxy config**
 +
 +bash
 +
 +<code>nano /etc/apache2/conf.d/userdata/ssl/2_4/ctapi/kcloak.ctapi.in/proxy.conf
 +
 +</code>
 +
 +Add:
 +
 +<code>
 +ProxyPreserveHost On\
 +ProxyPass / http://127.0.0.1:8080/\
 +ProxyPassReverse / http://127.0.0.1:8080/\
 +RequestHeader set X-Forwarded-Proto "https"\
 +RequestHeader set X-Forwarded-Port "443"
 +
 +</code>
 +
 +**Step 4: Rebuild Apache config and restart**
 +
 +bash
 +
 +<code>
 +/scripts/rebuildhttpdconf
 +httpd -t
 +systemctl restart httpd
 +
 +</code>
 +
 +Then test:
 +
 +bash
 +
 +<code>
 +curl -I https://kcloak.ctapi.in
 +
 +</code>
 +
 +Expected result:
 +
 +<code>
 +curl -I [[https://kcloak.ctapi.in/|https://kcloak.ctapi.in]]
 +
 +HTTP/1.1 302 Found Date: Thu, 26 Feb 2026 11:22:25 GMT
 +
 +Server: Apache
 +
 +Location: [[https://kcloak.ctapi.in/admin/|https://kcloak.ctapi.in/admin/]]
 +
 +Referrer-Policy: no-referrer
 +
 +Strict-Transport-Security: max-age=31536000; includeSubDomains
 +
 +X-Content-Type-Options: nosniff
 +
 +X-XSS-Protection: 1;
 +
 +mode=block
 +
 +</code>
 +
 +Check for **Location: https://kcloak.ctapi.in/admin/|https://kcloak.ctapi.in/admin/**
 +
 +This is poining to correct directory and not apache direcoty with cgi folder.
  
  
iam_production_deployment_guide.1772100901.txt.gz · Last modified: by pradnya