Nginx and OpenNMS configuration

Hello.

I’m looking for a little assistance. I’m not really a *nix person, but I have been able to cobble together some systems using the OS, like our OpenNMS system (CentOS7). Everything works, but I’d like the connection to be secured using SSL. I just installed a Graylog server, and used NGINX as the reverse proxy. It seemed very simple, easy and straightforward. So I installed nginx on my OpenNMS server. I stopped Apache (which I tried first as the reverse proxy). I didn’t spend too much time on Apache. Nginx just seemed alot quicker. I used the same basic config as with the Graylog server.

server
{
  listen 443 ssl;
  server_name nms.hacc.edu;
  location /
  {
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-OpenNMS-Server-URL https://nms.hacc.edu/;
    proxy_pass http://172.16.100.11:8980;
    # proxy_pass http://ip-address:9000;
  }
  ssl on;
  ssl_certificate /etc/comodo/live/wildcard/certificate.pem;
  ssl_certificate_key /etc/comodo/live/wildcard/certificate.key;
  ssl_session_timeout 5m;
  ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
  ssl_protocols TLSv1.2;
  ssl_prefer_server_ciphers on;
  access_log /var/log/nginx/opennms.access.log;
  error_log /var/log/nginx/opennms.error.log;
}

# http to https redirection
server {
  listen 80;
  server_name nms.hacc.edu;
  add_header Strict-Transport-Security max-age=2592000;
  rewrite ^ https://$server_name$request_uri? permanent;
}

But when I try to connect to https://nms.hacc.edu I get a 502 bad gateway message.

I searched Google for information on using nginx with OpenNMS and there are some older items I did uncover. I also found an OpenNMS article, but the person had installed nginx on one server and opennms on another. So I’m looking for a little help as to what I can do to fix this.

Any assistance is appreciated.

We have a wiki post how to use NGINX with OpenNMS. Verify the proxy_set_header settings with the ones described in the article. Especially this line looks suspicious to me and would investigate more in detail:

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-OpenNMS-Server-URL https://nms.hacc.edu/;

Additionally, don’t forget to set the property in Step 6 when you use SSL:

opennms.web.base-url = https://%x%c/

Hope this helps