I setup my webserver in cloud and I have my ERP server running at
different
DC. The connection from cloud to DC is very fast, no interuption at all.
When my customer access www.example.com it will show the website that i
build in cloud (Webserver). Each customer have vpn access when they
subscribe with us. So, when they wat to use ERP system, they need to
connect
to vpn first and they can go through https://erp.example.com. I
configured
NGINX to allow only server subnet IP and tunnel network subnet for VPN.
The
problem is when they click to login page, it will show error 403 not my
html
error page. I want it to trigger error page that I build in HTML.
My problem is it not show the error page (html) that I build. It wil
show
error 403.
Am Montag, 16. Juni 2014, 05:14:59 schrieb mknazri:
NGINX to allow only server subnet IP and tunnel network subnet for VPN. The
problem is when they click to login page, it will show error 403 not my
html error page. I want it to trigger error page that I build in HTML.
My problem is it not show the error page (html) that I build. It wil show
error 403.
server {
# server port and name
listen 443 default;
server_name erp.example.com;
# Specifies the maximum accepted body size of a client request,
# as indicated by the request header Content-Length.
client_max_body_size 200m;
# ssl log files
access_log /var/log/nginx/openerp-access.log;
error_log /var/log/nginx/openerp-error.log;
# ssl certificate files
ssl on;
ssl_certificate /etc/ssl/nginx/server.crt;
ssl_certificate_key /etc/ssl/nginx/server.key;
# add ssl specific settings
keepalive_timeout 60;
limit ciphers
ssl_ciphers HIGH:!ADH:!MD5;
ssl_protocols SSLv3 TLSv1;
ssl_prefer_server_ciphers on;
# increase proxy buffer to handle some ERP web requests
proxy_buffers 16 64k;
proxy_buffer_size 128k;
allow 10.8.8.0/24;
allow 10.9.8.0/24;
deny all;
error_page 403 /error403.html;
location = /index.html {
index index.html;
root /usr/share/nginx/www;
allow all;
}
location / {
proxy_pass http://webserver;
# force timeouts if the backend dies
proxy_next_upstream error timeout invalid_header http_500
http_502
http_503;
# set headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
# Let the OpenERP web service know that we're using HTTPS,
otherwise
# it will generate URL using http:// and not https://
proxy_set_header X-Forwarded-Proto https;
# by default, do not forward anything
proxy_redirect off;
allow all;
}
# cache some static data in memory for 60mins.
# under heavy load this should relieve stress on the ERP web