[mapserver-users] mapcache behind nginx with ssl

Bjørn Ove Grøtan bjorn.ove at grotan.com
Tue Sep 28 00:19:50 PDT 2021


I had the same issue with HAProxy in front and Mapserver on Apache in the back.
1. http->http (returns http-urls)
2. https->http (returns http-urls)
3. https->https (returns https-urls)

Even if I tell the backend that the client request protocol was https on port 443
(forwardfor,forwardport,forwardprotocol). It would be nice if Mapserver could utilize
information from forwardport/forwardprotocol, so we could do ssl-offloading instead
of ssl-passthrough - if we wanted to.

My solution was to serve a dummy-certificate on the backend, and configure alt. 1 and 2.

-Bjørn Ove

Trygve Aspenes:
> Hi there
> 
> I have put up a mapserver behind nginx with ssl and a curl like this
> 
> curl -s "https://mapserver/cgi-bin/mapserv?map=/data/mapserver/map-files/mapserver-8505ad3e-f9e3-4de3-a080-8253443ac954-20210908T120432Z.map&service=WMS&request=GetCapabilities"
> | grep OnlineResource
> 
> Gives me like:
> 
>  <OnlineResource xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://mapserver/cgi-bin/mapserv?map=/data/mapserver/map-files/mapserver-8505ad3e-f9e3-4de3-a080-8253443ac954-20210908T120432Z.map&"/>
>           <Get><OnlineResource xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://mapserver/cgi-bin/mapserv?map=/data/mapserver/map-files/mapserver-8505ad3e-f9e3-4de3-a080-8253443ac954-20210908T120432Z.map&"/></Get>
>           <Post><OnlineResource xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://mapserver/cgi-bin/mapserv?map=/data/mapserver/map-files/mapserver-8505ad3e-f9e3-4de3-a080-8253443ac954-20210908T120432Z.map&"/></Post>
>           <Get><OnlineResource xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://mapserver/cgi-bin/mapserv?map=/data/mapserver/map-files/mapserver-8505ad3e-f9e3-4de3-a080-8253443ac954-20210908T120432Z.map&"/></Get>
>           <Post><OnlineResource xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://mapserver/cgi-bin/mapserv?map=/data/mapserver/map-files/mapserver-8505ad3e-f9e3-4de3-a080-8253443ac954-20210908T120432Z.map&"/></Post>
> 
> Yeah you get the idea. Everything perfect with https in the href link.
> Thanks!
> 
> So I put up a mapcache which I intend to put up i front of mapserver. When I
> do a similar curl like:
> 
> curl -s "https://mapcache/mapcache?Overview&map=/data/mapserver/map-files/mapserver-8505ad3e-f9e3-4de3-a080-8253443ac954-20210908T120432Z.map&SERVICE=WMS&REQUEST=GetCapabilities"
> | xmllint --format - | grep OnlineResource
> 
> I get:
> 
>     <OnlineResource xmlns:xlink="http://www.w3.org/1999/xlink"
> xlink:href="http://mapcache:8090/mapcache?"/>
>               <OnlineResource xmlns:xlink="http://www.w3.org/1999/xlink"
> xlink:href="http://mapcache:8090/mapcache?"/>
>               <OnlineResource xmlns:xlink="http://www.w3.org/1999/xlink"
> xlink:href="http://mapcache:8090/mapcache?"/>
>               <OnlineResource xmlns:xlink="http://www.w3.org/1999/xlink"
> xlink:href="http://mapcache:8090/mapcache?"/>
> 
> I here starts the problems. If I do this in eg QGIS, QGIS are told to go to
> the http address with port 8090(mapcache is setup to run on port 8090 behind
> the scenes) which is not reachable. It should return https (with no
> specified port, ie. using standard https port) if I understands correctly.
> 
> And I just cant figure put why.
> 
> The configuration for the two are almost identical and I have double and
> tripple check my config.
> 
> Any idea what I should check next?
> 
> If it could be of any help I could open access to my mapcache server
> running.
> 
> Thanks
> 
> Trygve
> 
> PS: when I test mapcache and mapserver setup locally without ssl and nginx
> in front it works fine.
> _______________________________________________
> MapServer-users mailing list
> MapServer-users at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/mapserver-users



More information about the MapServer-users mailing list