Configure ood-portal.yml with Mellon Auth to be Reverse Proxied by Nginx

Hi,

I’m trying to configure ood_portal.yml for service behind an Nginx reverse proxy. Nginx will be used to terminate ssl and for throttling (eventually). Apache (ood) is running on the same host on a high port (9080).

We’re using Mellon for authorization and in its documentation describing a reverse proxy set up (or being behind a load balancer) it states the necessity of setting UseCanonicalName to On and setting the ServerName complete with scheme (protocol) and port in the following way:

ServerName https://ood.ucar.edu:443

See: mod_auth_mellon User Guide

What I find when doing this is that the resulting apache configuration for ood contains faulty rewrites that assume the ServerName is just set to the host and the vhost scheme and high port are used:

RewriteRule ^(.*) http://https://ood.ucar.edu:443:9080$1 [R=301,NE,L]

I’ve noticed when I set the servename = null in ood_portal.yml the rewrite rules are not included, which confuses me as to their purpose.

Any advise on how to best configure ood_portal.yml with this set up as a goal? Has anyone attempted a set up like this and had success?

Thanks for any advice!!

Jason

Yea I think servername in ood_portal.yml should just be the hostname then we’ll supply the scheme. All the redirects were a bit before my time, so I’m not 100% sure what they do, but I suspect it’s about ensuring that you can deploy multiple sites behind one apache instance, but if you use the rewrite rules we’ll route anything that’s not specific to OOD instead of any other vhost. I believe there’s a config to turn redirects off.

Thanks Jeff, I set

use_rewrites: false
servername: https://ood.ucar.edu:443

and fixed OOD_ALLOWED_HOSTS (to be just the host ood.ucar.edu)

and authentication via Mellon is working and I make it to the dashboard…