Perspective behind nginx proxy generates "undefined" url when try to login

Hello,

I have many Perspective projects running on a local server. I'm triying to use a Nginx reverse proxy to use different domains.

For example I want to use:

• https://myproject1.com and it must be proxied to http://local-ignition:8088/data/perspective/client/project1
• https://myproject2.com and it must be proxied to http://local-ignition:8088/data/perspective/client/project2

And so on...

I configured nginx using the manual page.
https://docs.inductiveautomation.com/display/DOC81/Defining+SSL+on+a+Perspective+Reverse+Proxy

Also this thread has some caveats:

Reverse-proxy/rewrite for Perspective with Nginx, stuck on "Authenticating..."

And finally, another thread has the same problem:

Perspective Login Button 404 Error

If I access to https::/myproject1.com I get the login page like this:

image1081×578 52.6 KB

But as soon I click the button I get this:

image807×237 20.2 KB

The nginx error logs shows nothing, but access log shows this:

image1762×41 17.9 KB

As I can see, is that the button redirects to an url not defined "undefined" but after this, the gateway serves a css from the "res" subfolder. Then this give the information that some parts of the proxy are working correct.

My nginx configuration is this:

server {
	listen 443 ssl;
	listen [::]:443 ssl;
 	include /etc/nginx/perspective_params;
	include /etc/nginx/proxy_params;
        server_name myproject1.com;
	underscores_in_headers on;

    # The next few location contexts define how to process resources required by the Perspective session.
    # If the longest matching prefix location has the “^~” modifier then regular expressions are not checked.
    location ^~ /data/ {
        proxy_pass http://192.168.1.123:8088/data/;
        include /etc/nginx/perspective_params;
        include /etc/nginx/perspective_location_params;
    }
 
    location ^~ /system/ {
        proxy_pass http://192.168.1.123:8088/system/;
	    include /etc/nginx/perspective_params;
        include /etc/nginx/perspective_location_params;
    }
 
    location ^~ /res/ {
        proxy_pass http://192.168.1.123:8088/res/;
	    include /etc/nginx/perspective_params;
	    include /etc/nginx/perspective_location_params;
    }
 
    location ^~ /idp/ {
        proxy_pass http://192.168.1.123:8088/idp/;
	    include /etc/nginx/perspective_params;
	    include /etc/nginx/perspective_location_params;
    }
 
    location ^~ /.well-known/ {
        proxy_pass http://192.168.1.123:8088/.well-known/;
	    include /etc/nginx/perspective_params;
	    include /etc/nginx/perspective_location_params;
    }   
 
    # Here we are setting the protocol type, address, port, and uri (optional) that will be the destination of our proxied server:
    location / {
        proxy_pass http://192.168.1.123:8088/data/perspective/client/project1/;
	    include /etc/nginx/perspective_params;
	    include /etc/nginx/perspective_location_params;
    }
    ssl_certificate /etc/letsencrypt/live/myproject1.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/myproject1.com/privkey.pem; # managed by Certbot

}

server {
    if ($host = myproject1.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    server_name myproject1.com;
}

proxy_http_version 1.1;                    
proxy_set_header Upgrade $http_upgrade;        
proxy_set_header Connection "upgrade";         

proxy_set_header Host $host;
proxy_pass_request_headers on;
proxy_cache_bypass $http_upgrade;

proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_intercept_errors on;

Anyone can help me.

Regards

You're going to struggle with the fact that Perspective accesses a lot of resources that aren't project specific, but browsers expect to be in the same domain. I'll be shocked if you get separate domains per project to work.

Sorry but my english is not as good as i wanted,
then are you saying that it will be hard to acomplish or it will be imposible ?

Maybe changing referers or any parameter in the headers.

I have this solution working but with vision and the web module and subdomains.

Thanks.

Not familiar with using Nginx as a reverse proxy, but I would think it would be possible. I personally use HAProxy, but the way I do it is the subdomains (abc.servername.com, xyz.servername.com, etc) all just redirect to the project URL on the parent server domain (ignition.servername.com). So while they're not entirely masked from the end user knowing they're using a common server, this is how I've made it work. I don't think I've tried doing it any other way with HAProxy as I was just looking for an easy way for end users to hit the project while on the go.

How did you get this to work with subdomains ?

Hello,

I'm trying to use subdomains, now i have:
https://project1.example.com
https://project2.example.com

But the same result.

If i use nginx rewrite directive:
rewrite ^ /data/perspective/client/project1 permanent;

i can access project, but the url then changes from:
http://project1.example.com
to
http://project1.example.com/data/perspective/client/project1

And that is what I want to hide to the client.

@pturmel @michael.flagler any ideas.

Regards

I don't use nginx, but I also don't think that's possible. The subdomains I use are for ease-of-use and don't involve rewrites to try to strip off the URL path. For example:

https://site1.customerdomain.com
redirects to something like
https://scada.customerdomain.com/data/perspective/client/site1

and

https://site2.customerdomain.com
redirects to something like
https://scada.customerdomain.com/data/perspective/client/site2

This just makes it easier for that customer to get to those different projects without having to remember the full path or going to the home page and clicking on the site they want. My Ignition server base subdomain name (in this case scada though is always different than the redirected subdomain (site1 and site2).

You cannot, as far as I know.