Blank screen - just loading

derMOE · September 18, 2018, 3:07pm

Hi,

our Zammad runs on a server with nginx. Now we have an additional nginx in our dmz running.

When I tryed to access Zammad from intern (no dmz, just the zammad server with nginx) everything works fine. But when I try to reach our Zammad from extern (internet - nginx - zammad with another nginx) - I only geht a blank site with the text loading.

I’ve established 2 tunnel from zammd+nginx to our dmz nginx and the tunnel are stable and running.

Config:

 server {
     listen 192.208.xxx.xx:80;
     server_name zammad.company.de;
     return 301 https://$host$request_uri;
 }

 # Added - HTTPS configuration for Zammad
 server {
     listen 192.208.xxx.xx:443 http2 ssl;

     ssl_certificate /etc/letsencrypt/live/zammad.company.de/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/zammad.company.de/privkey.pem; # managed by Certbot

ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    ssl_prefer_server_ciphers  on;
    ssl_dhparam /etc/nginx/ssl/dhparams.pem;

      ssl_ecdh_curve secp384r1;
    # ssl_session_tickets off;
     ssl_stapling on;
     ssl_stapling_verify on;
     resolver 8.8.8.8 8.8.4.4 valid=300s;
     resolver_timeout 5s;
     add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
     add_header X-Frame-Options DENY;
     add_header X-Content-Type-Options nosniff;

     # replace 'localhost' with your fqdn/domain name if you want to use zammad from remote
     server_name zammad.company.de;


     access_log /var/log/nginx/zammad.access.log;
     error_log  /var/log/nginx/zammad.error.log;

     client_max_body_size 50M;

     location /ws {
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "Upgrade";
         proxy_set_header CLIENT_IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_read_timeout 86400;
         proxy_pass http://localhost:6042;
     }


     location / {
         proxy_set_header Host $http_host;
         proxy_set_header CLIENT_IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_read_timeout 180;
         proxy_pass http://localhost:3000;

         gzip on;
         gzip_types text/plain text/xml text/css image/svg+xml application/javascript application/x-javascript application/json application/xml;
         gzip_proxied any;

 }

Maybe some assets are not able to get through the reverse proxy?!

MrGeneration · September 18, 2018, 4:24pm

If the configuration file you provided is the config from your DMZ, then I doubt that localhost is the correct place to proxy to or are you running two instances.

Also check logfiles, they might contain useful information (especially those of nginx)

derMOE · September 19, 2018, 1:18pm

I think I did something wrong or missing in my nginx configs.

Here is a part from the code from the 1. NGINX using as reverse proxy:

location /ws {
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "Upgrade";
         proxy_set_header CLIENT_IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_read_timeout 86400;
         proxy_pass http://localhost:6042;
     }


     location / {
         proxy_set_header Host $http_host;
         proxy_set_header CLIENT_IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_read_timeout 180;
         proxy_pass http://localhost:3000;

         gzip on;
         gzip_types text/plain text/xml text/css image/svg+xml application/javascript application/x-javascript application/json application/xml;
         gzip_proxied any;
     }

================================================================

Here is a part from the code from the 2. NGINX where Zammad is running:

 location /ws {
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "Upgrade";
         proxy_set_header CLIENT_IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_read_timeout 86400;
         proxy_pass http://zammad-websocket;
     }


     location / {
         proxy_set_header Host $http_host;
         proxy_set_header CLIENT_IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_read_timeout 180;
         proxy_pass http://zammad;

         gzip on;
         gzip_types text/plain text/xml text/css image/svg+xml application/javascript application/x-javascript application/json application/xml;
         gzip_proxied any;
     }

===================================================================

The part with proxy_pass http://localhost:6042 and proxy_pass http://localhost:3000 is needed because of the 2 tunnels I use for the reverse proxy.

The connection (and way through the two nginxs) are running and I get the following:

zammad

The DeveloperTools from Internet Explorer shows me:

So I think, Zammad needs more ressources which are not get through the tunnels (reverse proxy)?!
After a long search I found this one:

location ~ /assets/(?<section>.+) {
      proxy_pass http://127.0.0.1:3000/assets/$section/;
      proxy_set_header Host $host;
    }

But it doesn’t work for me…

I’ve tried to add the code into my 1. nginx and my second…

derMOE · September 20, 2018, 9:28am

I’ve found the error.

Erase or comment out this line:

location ~ ^/(assets/|robots.txt|humans.txt|favicon.ico) {
         expires max;
     }

system · January 18, 2019, 9:28am

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.