I need help with setting the junction in isva to the partner.redhat.com website.
I use nginx as my reverse proxy and have set up ibm security verify access as my authentication provider. I’ve created a junction /partner which should lead to https://partner.redhat.com, however whenever I try to connect through this junction I get the “The server of another provider is not responding”.
I’ve set the junction as SSL on port 443. as a host I used partner.redhat.com.
Some other junctions that I’ve created, like for example www.redhat.com work just fine.
The only difference that I’ve noticed is: partner.redhat.com redirects automatically to connect.redhat.com, whereas www.redhat.com doesn’t.
I’ve made sure that I’ve loaded and imported the neccessary certificates to the pdsrv database (both for partner.redhat.com and connect.redhat.com). The path to certificates is also correct.
My error message in isva reverse proxy container (I use docker as an environment) is as follows:
{“instant”:{“epochSecond”:1722247576},”threadId”:”0x7f3a1c2e8700″,”level”:”WARNING”,”loggerName”:”webseald”,”component”:”wiv.ssl”,”message_id”:”0x38AD54CC”,”source”:{“file”:”SSLConnection.cpp”,”line”:2488}, “content”:”DPWIV1228W WebSEAL could not establish a secure connection to the server, partner.redhat.com, for the /partner junction (Function call: gsk_secure_soc_init; failed error: 0x1a4 GSK_ERROR_SOCKET_CLOSED).”}
I’ve created a ticket to ibm regarding the issue but the response was that it is not WebSEAL issue.
I’ve configured my nginx.conf file as follows:
events {
worker_connections 768;
}
http {
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
and my rp conf:
server {
listen x.x.x.x:443 ssl http2;
#listen [::]:443 ssl http2;
server_name example.lala.com;
root /usr/share/nginx/html;
access_log /var/log/nginx/example-access.log;
error_log /var/log/nginx/example-error.log;
allow y.y.y.y/32;
allow z.z.z.z/32;
deny all;
ssl_certificate "/etc/ssl/fullchain.pem";
ssl_certificate_key "/etc/ssl/privkey.pem";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
ssl_prefer_server_ciphers on;
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass https://a.a.a.a:443;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# new input with gateway timeout
proxy_connect_timeout 600s;
proxy_send_timeout 600s;
proxy_read_timeout 600s;
send_timeout 600s;
}
access.log of my reverse proxy clearly shows that I’ve tried to access the wesite (i.e here:
[29/Jul/2024:11:46:02 +0200] “GET /pkmspublic/default.css HTTP/2.0” 200 1579 “https://example.lala.com/partner/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36”
but error.log is empty.
I hope it is not some stupid question, as I’m still a beginner in this area and have a lot to learn!
Any help is much appreciated!
Anna Kret is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.