Hi everyone,

Sorry for my english. My scenario like below ;

I setup my webserver in cloud and I have my ERP server running at
different
DC. The connection from cloud to DC is very fast, no interuption at all.
When my customer access www.example.com it will show the website that i
build in cloud (Webserver). Each customer have vpn access when they
subscribe with us. So, when they wat to use ERP system, they need to
connect
to vpn first and they can go through https://erp.example.com. I
configured
NGINX to allow only server subnet IP and tunnel network subnet for VPN.
The
problem is when they click to login page, it will show error 403 not my
html
error page. I want it to trigger error page that I build in HTML.

My problem is it not show the error page (html) that I build. It wil
show
error 403.

Please anyone help me

Posted at Nginx Forum:

Hi,

Am Montag, 16. Juni 2014, 05:14:59 schrieb mknazri:

NGINX to allow only server subnet IP and tunnel network subnet for VPN. The
problem is when they click to login page, it will show error 403 not my
html error page. I want it to trigger error page that I build in HTML.

My problem is it not show the error page (html) that I build. It wil show
error 403.

How did you configure your error_page?

Here’s a snippet I use

error_page 500 502 503 504 =200 /maintenance.html;
location /maintenance.html {
root /etc/nginx;
}

You can add 403 and 404 status.

Please anyone help me

Posted at Nginx Forum:
How to redirect error page (html) self built html error page

---

nginx mailing list
[email protected]
nginx Info Page

Regards, Axel

Hi Axel,

This is my nginx conf in /etc/nginx/sites-available/erp;

upstream webserver {
server 127.0.0.1:8078 weight=1 fail_timeout=300s;
}

server {
listen 80;
server_name example.com;
location / {
proxy_pass http://127.0.0.1:5000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $remote_addr;
port_in_redirect off;
proxy_connect_timeout 300;
}
}

server {
listen 80;
server_name _;

server_name erp.example.com;

# Strict Transport Security
add_header Strict-Transport-Security max-age=2592000;

rewrite ^/.*$ https://$host$request_uri? permanent;

}

server {
# server port and name
listen 443 default;
server_name erp.example.com;

# Specifies the maximum accepted body size of a client request,
# as indicated by the request header Content-Length.
client_max_body_size 200m;

# ssl log files
access_log    /var/log/nginx/openerp-access.log;
error_log    /var/log/nginx/openerp-error.log;

# ssl certificate files
ssl on;
ssl_certificate        /etc/ssl/nginx/server.crt;
ssl_certificate_key    /etc/ssl/nginx/server.key;

# add ssl specific settings
keepalive_timeout    60;

limit ciphers

ssl_ciphers            HIGH:!ADH:!MD5;
ssl_protocols            SSLv3 TLSv1;
ssl_prefer_server_ciphers    on;

# increase proxy buffer to handle some ERP web requests
proxy_buffers 16 64k;
proxy_buffer_size 128k;

allow 10.8.8.0/24;
allow 10.9.8.0/24;
deny all;

error_page   403  /error403.html;
location = /index.html {
 index       index.html;
    root   /usr/share/nginx/www;
    allow all;
}

location / {
    proxy_pass    http://webserver;
    # force timeouts if the backend dies
    proxy_next_upstream error timeout invalid_header http_500 

http_502
http_503;

    # set headers
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;

    # Let the OpenERP web service know that we're using HTTPS,

otherwise
# it will generate URL using http:// and not https://
proxy_set_header X-Forwarded-Proto https;

    # by default, do not forward anything
    proxy_redirect off;
    allow all;
}

# cache some static data in memory for 60mins.
# under heavy load this should relieve stress on the ERP web 

interface a
bit.
location ~* /web/static/ {
proxy_cache_valid 200 60m;
proxy_buffering on;
expires 864000;
proxy_pass http://webserver;
}

}

For your information, 10.8.8.0/24 is tunnel vpn that I allowed and
10.9.8.0/24 is server subnet also allowed.

Posted at Nginx Forum: