[SOLVED] Behind Nginx proxy : access quarantine webgui (port 443 or 8006)?

atec666

Member
Mar 8, 2019
136
4
18
Issoire
i can access admin console via pve.domain.fr:443 , en proxy pass to port 8006 on PMG

But ... for quarantine ....

Code:
https://xxxx.domaine.fr/quarantine?ticket=PMGQUAR%253Auser .....

i do this :

pmgsh set /config/spamquar -port 443 [ where can we see that pmg listenning on port 443 ?]

But nginx reverse proxy gave error :

Code:
2019/08/27 17:48:30 [error] 11887#11887: *11 connect() failed (111: Connection refused) while connecting to upstream
, client: 192.168.1.4, server: xxxxx.domain.fr, request: "GET
/quarantine?ticket=PMGQUAR%253Auser%2540domain.fr%
253A5D653204%253A%253AC%252FW3l283MHqkfEsoAtngTjSyilTjiDbeMU19AsQY12DyDjK8T6%252FU3MoCeb
xYz%252BEu%252FLnLEbHVxKmLg3fc37hjSV79nsoEy6Ug7ylB%252Bb0XPONTKmudBZnVjhDD3bp50qb33p6go
KrdLjQvkL75hcoxyCSn3ect58MylB%252BCn3w5TaDW48sgVsuFzld%252F8m5yjKWcd8I0OAi1ET42zypYLrJcvr0P
UnxHFuVDgYvKLvhqSId4zDb8asOYekoXRP3AP1bytpY9XIy4rW1Cb4eyN1QvCgBATPY3cZ3Yu3VzCM1BgywIBJUcx
qb8jawop51gBrXQt45K2s1nrufCrl74qEv9Pw%253D%253D HTTP/1.1", upstream: "https://10.10.10.31:443
/quarantine?ticket=PMGQUAR%253Auser%2540domain.fr%253A5D653204%253A%253AC%252FW3l283MHqkf
EsoAtngTjSyilTjiDbeMU19AsQY12DyDjK8T6%252FU3MoCebxYz%252BEu%252FLnLEbHVxKmLg3fc37hjSV79n
soEy6Ug7ylB%252Bb0XPONTKmudBZnVjhDD3bp50qb33p6goKrdLjQvkL75hcoxyCSn3ect58MylB%252BCn3w
5TaDW48sgVsuFzld%252F8m5yjKWcd8I0OAi1ET42zypYLrJcvr0PUnxHFuVDgYvKLvhqSId4zDb8asOYekoXRP3
AP1bytpY9XIy4rW1Cb4eyN1QvCgBATPY3cZ3Yu3VzCM1BgywIBJUcxqb8jawop51gBrXQt45K2s1nrufCrl74qE
v9Pw%253D%253D", host: "xxxxx.domain.fr"

my nginx reverse proxy settings (i alreday have a server site for admin acces on 8006 with same setup):

Code:
server {

        listen 80;
        server_name xxxxx.domain.fr;

        #       return 301 https://$host$request_uri;
        rewrite ^(.*) https://$host$1 permanent;

}

server {

        listen  443;

        server_name xxxxx.domain.fr;

        ssl_certificate /etc/letsencrypt/live/xxxxx.domain.fr/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/xxxxx.domain.fr/privkey.pem;
        ssl_stapling on;
        ssl_stapling_verify on;

        proxy_redirect off;

        location /.well-known {

                alias /var/www/html/.well-known;

        }


        location / {

                include proxy_params;

                expires off;

                add_header Cache-Control private;

                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_pass https://10.10.10.31:443/;
                proxy_buffering off;
                client_max_body_size 0;

        #       proxy_connect_timeout  3600s;
        #       proxy_read_timeout  3600s;
        #       proxy_send_timeout  3600s;
                send_timeout  3600s;

        }
}


On PMG :

Code:
root@rmx1:~# pmgsh get /config/spamquar
200 OK
{
   "authmode" : "ldapticket",
   "digest" : "7e13257be0d23453387024fb32983cba019271f6",
   "hostname" : "xxxxx.domain.fr",
   "mailfrom" : "postmaster@domain.fr",
   "port" : 443
}

BUT if i do :

Code:
pmgsh set /config/spamquar -port 8006

with a tick et generated with https://xxxxxx.domain.fr it's ok !! (but the ticket will be with 8006)
It's seem to be a bug ?

The question is : setting the port to 443 does really work ?

ERRATA : In fact putting port to 443 just modify the mail send , 8006 is just delete !!!!!!
So no impact on PMG listenning port to 443.
PMG is always listenning on 8006 , and your reverse proxy NEED to proxy pass to ..... 8006 , and not 443 !

Suasssssssss.
 
Last edited by a moderator: