Details
-
Type:
Monitor
-
Status: Closed
-
Priority:
Major
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: 2021
-
Component/s: FIWARE-TECH-HELP
-
Labels:
-
HD-Enabler:Wilma
Description
Created question in FIWARE Q/A platform on 17-01-2017 at 06:01
Please, ANSWER this question AT https://stackoverflow.com/questions/41689745/fiware-pep-proxy-configured-to-https
Question:
FIWARE - PEP Proxy configured to HTTPS
Description:
I would like to know how I configure the PEP Proxy so that I can exchange messages through HTTPS. I have an instance of Orion context broker that is accessed only after pass by the PEP Proxy. My PEP Proxy (Wilma) configuration file (config.js) has the following:
config.https = {
enabled: true,
cert_file: 'cert/idm.crt',
key_file: 'cert/idm.key',
port: 443
};
config.account_host = 'https://localhost:8000'; //account.lab.fiware.org';
config.keystone_host = 'localhost'; //'cloud.lab.fiware.org';
config.keystone_port = 5000; //4731;
config.app_host = 'https://orion'; //'localhost';
config.app_port = ''; //Nginx is configured to redirect to port 1026
// Use true if the app server listens in https
config.app_ssl = true;
config.username = 'pep_proxy_credential_obtained_at_portal';
config.password = 'password_obtained_at_portal';
I have also HTTPS to HTTP (Nginx configured as reverse proxy) so that my requests directly sent to Orion are secure. The HTTPS is working only without PEP Proxy flow. When I insert the authorization/authentication flow, I am facing problems, because the PEP Proxy does not handle with the SSL certificate. Here is the Nginx configuration:
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
- Fix the “It appears that your reverse proxy set up is broken" error.
proxy_pass http://orion:1026;
proxy_read_timeout 90;
proxy_redirect http://orion:1026 https://orion;
}
I want to integrate what I have in a way I can communicate with Orion only by HTTPS, including the PEP Proxy flow. I've searched but I did not find nothing useful related to HTTPS configuration in PEP Proxy.
EDIT: There is an error when the PEP Proxy redirects to the application:
2017-01-17 20:52:55.544 - INFO: Server - Success authenticating PEP proxy.
Proxy Auth-token: d7ec08edd87d43418edfd558df26f427
2017-01-17 20:53:49.450 - INFO: IDM-Client - Checking token with IDM...
2017-01-17 20:53:49.508 - INFO: Root - Access-token OK. Redirecting to app...
Refused to set unsafe header "accept-encoding"
Refused to set unsafe header "content-length"
The error presented by the application is:
('Connection aborted.', BadStatusLine('HTTP/1.1 0 unknown\r\n',))
Activity
| Field | Original Value | New Value |
|---|---|---|
| Component/s | FIWARE-TECH-HELP [ 10278 ] |
| Status | Open [ 1 ] | In Progress [ 3 ] |
| Resolution | Done [ 10000 ] | |
| Status | In Progress [ 3 ] | Closed [ 6 ] |
| HD-Enabler | Wilma [ 10890 ] |
| Assignee | Backlog Manager [ backlogmanager ] |
| Fix Version/s | 2021 [ 12600 ] |