so I've been trying to reverse proxy Alfresco 5.0.d Community through our Nginx reverse proxy. Currently the reverse proxy is being used to serve only our helpdesk. This is the first time I've set up a reverse proxy so please bear with me. The main goal of this reverse proxy is to TLS encrypt all of our internal web apps to the internet using Let's Encrypt issued certificates.
I've managed to have success reverse proxying Alfresco from http internally to http externally or http:// x.x.x.x:8080/share to http:// alfresco.companyname.com and this works perfectly as far as I can tell. The server block config I used for that is:
server {
listen 80;
server_name alfresco.companyname.com;
rewrite ^/$ /share;
location / {
root /share/;
proxy_pass http://x.x.x.x:8080;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
We aren't comfortable leaving the server on an un-encrypted connection so I've been trying to get TLS enabled on this set up as well but I keep getting greeted with an error page after login.
The server block with SSL enabled:
server {
listen 443 ssl;
server_name alfresco.companyname.com;
ssl on;
ssl_certificate /etc/ssl/certs/alfrescochained.pem;
ssl_certificate_key /etc/ssl/private/alfrescopriv.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_prefer_server_ciphers on;
rewrite ^/$ /share;
location / {
root /share/;
proxy_pass http://x.x.x.x:8080;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
Alfresco error logs aren't being very informative and I'm new to Nginx (I tried Apache to begin with but ran into a lot of issues). Anyone have any recommended things to try?