Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

NGINX HTTP Server

Appendix

search

Appendix

Configure NGINX

Configure the following in the nginx.conf file located at the NGINX installation directory.

  1. Declare environment variables globally.

    ssl_engine kengine;
env NAE_Properties_Conf_Filename;
env IngrianNAE_Properties_Conf_Slot_ID_Max;
env IngrianNAE_Properties_Conf_SessionID_Max;

  2. Assuming that SSL is configured with kengine and the CipherTrust Manager, add the SSL redirection by NGNIX.

    return 301 https://$server_name$request_uri;
charset koi8-r;

Sample SSL Configuration

server {
    // Define the SSL port
    listen       443 ssl;
    server_name  localhost;
    ssl_certificate      /opt/nginx/conf/server.crt;
    ssl_certificate_key  /opt/nginx/conf/server.key;
    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;
    // Set the SSL ciphers as described below
    ssl_ciphers  ALL:!ADH:!EXPORT56:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXP:!MD5;
    ssl_prefer_server_ciphers  on;
    location / {
        root   html;
        index  index.html index.htm;
    }
}

Troubleshooting

IssueRemediation
nginx doesn't start up• There can be a error in nginx.conf. Try running nginx -t before running NGINX.
• NGINX's configuration depends on kengine and its proper installation. Check the kengine installation if you have verified other configurations.
nginx starts but isn't reachable by the browser• Check that the nginx process is running.
• Check the platform firewall. Check that the http/https service or port is enabled.
• Check for stale entries of the browser. Clear the browser cache or retry it with a different browser.
Server.key & server.crt are not getting created• Check that the kengine is installed properly.
• Check that a connection to the CipherTrust Manager is established for your keys to be created on the server.
• Check that the IngrianNAE.properties file is configured properly and has correct entries.
'openssl version' doesn't show the version installed by you• Check that you’ve included the openssl installation in the $PATH variable.
• Try putting the openssl installation directory as a prefix to the $PATH variable.
• Try uninstalling previously installed openssl.
'openssl engine kengine -v' doesn't give a proper output• Check that libkengine.so is placed in the engines folder of the openssl installation.
• Check that the /etc/Chrystoki.conf file is configured properly.
HTTPS redirection happens but the browser doesn't show nginxCheck the log files for granular report that you might have configured in IngrianNAE.properties.
Provider log files are not visible after key creation or nginx process start• Check that you have configured Log_File and Log_Level in the IngrianNAE.properties file.
• Check that the path provided has appropriate permissions to write the log file.
Unable to establish connection with CipherTrust Manager• Check that the CipherTrust Manager is up and running.
• Check that the required environment variables are provided for the functioning of the application as a whole.
• Check that the credentials provided in the 'passfile' are correct and the user exists on the CipherTrust Manager with appropriate permissions.

On this page