c# - NancyFX + SSL - how to make "this.RequireHttps()" work on Linux? -


my self-hosted* nancyfx application use ssl, , use "this.requireshttps()" mark modules "ssl only". on windows followed tutorial:

https://github.com/nancyfx/nancy/wiki/accessing-the-client-certificate-when-using-ssl

after:

netsh http add sslcert ipport=0.0.0.0:1234 certhash=303b4adb5aeb17eeac00d8576693a908c01e0b71 appid={00112233-4455-6677-8899-aabbccddeeff} clientcertnegotiation=enable

i used following code:

public static void main(string[] args) {     list<uri> uri2 = new list<uri>();     uri2.add(new uri("http://localhost:80"));     uri2.add(new uri("https://localhost:1234"));      hostconfiguration hc = new hostconfiguration()     {         enableclientcertificates = true     };      using (var host = new nancyhost(hc,uri2.toarray()))     {         host.start();          string runningon = "\n\n";         foreach(var item in uri2)         {             runningon += item+"\n";         }          console.writeline("your application running on " + runningon/*uri2.first()*/);         console.writeline("press [enter] close host.");         console.readline();     } }

and works great - unencrypted data can accessed on port 80 , ssl works on port 1234.

problem - same on linux host, can't seem find command equivalent windows "netsh".

right ended using nginx provide ssl, following tutorial:

https://github.com/nancyfx/nancy/wiki/hosting-nancy-with-nginx-on-ubuntu

then modifying nginx config following (don't mind paths, development virtual machine):

server {     listen       80;     listen       443 ssl;     ssl_certificate    /home/james/sslcert2/server.crt;     ssl_certificate_key /home/james/sslcert2/server.key;       server_name  localhost;     root /home/james/nancywebpageroot/nancywebpage.dpl.services/bin/debug/;      location /content/ {         alias /home/james/nancywebpageroot/nancywebpage.dpl.services/bin/debug/content/;         location ~*  \.(jpg|jpeg|png|gif|ico|css|js|ttf)$ {             expires 365d;         }     }      location / {             proxy_pass http://127.0.0.1:8080;     }        }

and modifying nancy code listen on port 8080.

while above works (nginx managing ssl connections , redirecting requests nancy @ port 8080), makes "this.requireshttps()" worthless - when use this:

this.requireshttps(true, 443)

chrome reports err_too_many_redirects.

so question - how to/is possible configure nancy on linux make "this.requireshttps()" ?

also nancy team, explain bit more "enableclientcertificates" host configuration option does? require enable ssl? documentation rather scarce...

thanks in advance.

*while started project self-hosted, can modified use nginx or other hosting form if necessary.

combining: nancy team, other resources , empty head managed solve this.

first - error err_too_many_redirects logical consequence of nginx configuration first post - when user tried access ssl protected resource, nancy redirected him port 443 correct behavior, nginx got request on port, established ssl connection... , send nancy @ port 8080. since nginx talking nancy on unsecured connection (http://127.0.0.1:8080) nancy had no way of knowing ssl being used, again redirected request port 443, nginx again picked up, established ssl , send http://127.0.0.1:8080 - here our endless loop. on windos worked, because there application had direct access both http , https endpoints, , managing them both.

the fix rather simple (although took me time find it) , involves 2 steps:

  1. add following line requeststartup method in nancy bootstrapper:

    sslproxy.rewriteschemeusingforwardedheaders (pipelines);

this make nancy listen x-forwarded-proto header - when it's there - method will override request url scheme https - the:

this.requirehttps()

will detect request ssl enabled.

  1. configure nginx (still - don't mind paths - development machine):

    server { listen 80;

    server_name  localhost; root /home/james/nancywebpageroot/nancywebpage.dpl.services/bin/debug/;  location /content/ {     alias /home/james/nancywebpageroot/nancywebpage.dpl.services/bin/debug/content/;     location ~*  \.(jpg|jpeg|png|gif|ico|css|js|ttf)$ {         expires 365d;     } }  location / { proxy_pass http://127.0.0.1:8080; }

    }

    server { listen 443 ssl; ssl_certificate /home/james/sslcert2/server.crt; ssl_certificate_key /home/james/sslcert2/server.key;

    server_name  localhost; root /home/james/nancywebpageroot/nancywebpage.dpl.services/bin/debug/;  location /content/ {     alias /home/james/nancywebpageroot/nancywebpage.dpl.services/bin/debug/content/;     location ~*  \.(jpg|jpeg|png|gif|ico|css|js|ttf)$ {         expires 365d;     } }  location / { proxy_pass http://127.0.0.1:8080; proxy_set_header host $host; proxy_set_header x-real-ip $remote_addr; proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for; proxy_set_header x-forwarded-proto $scheme; }

    }

note: i'm not experienced nginx - while above seem work, there may errors (if sees - please point them out) or better way - have been warned :)

so happening here? "normal" request hit port 80 , redirected nancy standard path, when nginx request on port 443, include x-forwarded-for header, nancy detect , it won't redirect anymore - should be.

i hope helps someone.

best regards.


-

Comments

Post a Comment

Popular posts from this blog

Java 8 + Maven Javadoc plugin: Error fetching URL -

i attempting generate javadoc links javadoc dependencies. have tried various means generate javadoc not produce qualified class names references classes dependencies. wanted links java doc simplified class names. however, java api classnames, no links , have qualified class names. working java 8. have following configuration: <plugin> <groupid>org.apache.maven.plugins</groupid> <artifactid>maven-javadoc-plugin</artifactid> <version>2.10.2</version> <configuration> <reportoutputdirectory>${project.basedir}/target</reportoutputdirectory> <destdir>javadoc</destdir> <windowtitle>epiphany</windowtitle> <doctitle>epiphany</doctitle> <show>private</show> <detectlinks>false</detectlinks> <detectoffline...
Read more

css - SVG using textPath a symbol not rendering in Firefox -

using textpath within symbol doesn't render in firefox. renders fine in latest chrome , ie, when try reference symbol, svg text doesn't render in firefox (37.0.1) - first box appears empty. code below (no external dependencies), there should 2 boxes word test flowing vertically in centre of each. edit: thought issue somehow involved flexbox layout, until paul pointed out issue exists without flexbox layout. the html is: <div> <svg id="not_working" viewbox="0 0 250 1200" preserveaspectratio="xmidymid meet"> <symbol id="test_symbol1" preserveaspectratio="xmidymid meet" viewbox="0 0 250 1200"> <path id="test_symbol_path" d="m 100 1200 l 100 0" /> <text font-size="100" fill="red"> <textpath text-anchor="middle" startoffset="50%" xlink:href="#test_symbol_path...
Read more

c - gcc compile error: unknown type name 'File' -

i learning how use file i/o using c. this code in file, test.c #include <stdio.h> #include <stdlib.h> int main() { file *fp; char *mode = "r"; fp = fopen("testfile", mode); if(fp == null) { fprintf(stderr, "can't open input file testfile\n"); exit(1); } } when compile code using : gcc -o test test.c i error : atria:~/471/a4> gcc -o test test.c test.c: in function ‘main’: test.c:6:5: error: unknown type name ‘file’ file *fp; ^ test.c:10:8: warning: assignment incompatible pointer type [enabled default] fp = fopen("testfile", mode); ^ i thought maybe using wrong header file have included stdio.h does have ideas why i'm getting error? thank in advance that should file , not file .
Read more