Closed mjdavies closed 9 years ago
paweldomas
commented
9 years ago Hey,
I'm not related with the project, but I've been using it and it's great (thanks a lot)!
On http://localhost:8080 there is your application running. It can be Java servlet or any other web application. Check HTTP headers added to the request for info about current Shibboleth session(if any).
davidjb
commented
9 years ago Looks like that URL might be incorrect -- doesn't look like a project I've ever seen.
The proxy_pass end-point is the application that's receiving the injected headers from the Shibboleth FastCGI authorizer, exactly as @paweldomas says.
The best configuration documentation is at https://github.com/nginx-shib/nginx-http-shibboleth/blob/master/CONFIG.rst & precise answer to your question at https://github.com/nginx-shib/nginx-http-shibboleth/blob/master/CONFIG.rst#notes.
I've added a note into the example config on the readme to clarify it straight up too. Want to take a look at the main readme and see what you think now? Otherwise, feel free to make suggestions or a PR!
mjdavies
commented
9 years ago Thanks for your prompt responses.
The app I'm running is a rails app, over port 443. So I'm guessing I need to use
proxy_pass https://localhost
Thanks again.
I'm writing up my experiences, and maybe(with a bit of luck) i'll have a vagrant/ansible playbook to get this working on ubuntu14. I'll share when it's done.
davidjb
commented
9 years ago The proxy_pass will be the address you'd use connect to your Rails app directly, since what you're doing here is adding the Nginx layer in front. https://localhost is probably not what you want since Nginx, rather than your Rails container, should be handling the SSL/TLS (since it's built to do that). And since Shibboleth's communications from client to server must to operate over a secure channel, your Nginx will have to handle the SSL. If your Rails container is already listening on 443 then you'll need to reconfigure it accordingly.
Also, for what it's worth, I configure my Shibboleth/Nginx/FastCGI install with Salt states (https://github.com/jcu-eresearch/shared-salt-states/blob/master/shibboleth/fastcgi.sls) so you may be able to draw on that for your Ansible setup.
Closing as resolved.
mjdavies
commented
9 years ago Thanks David
I understand now
I'm serving the rails app over port 80, and the shib stuff over port 443 now.
I'm just waiting on my IDP to add the credentials I've created then we'll see if it works.
Thanks again.
Matt
Hello there
In the docs on this page
https://github.com/nginx-shib/nginx-http-shibboleth/blob/master/CONFIG.rst
You're using a proxy_pass onto http://localhost:8080
What is supposed to be running on that port? I'd guess the 2 fastcgi elements, but that's just a guess, and I can't for the life of me work out where you are setting it to run on port 8080, unless it's in the fastcgi_params file.
You may have guessed I'm a bit new to this, so please excuse the stupid questions.