TLS termination does not work on same server as OpenLMIS

Description

I have observed that if 1) you are terminating TLS on the same server as OpenLMIS, 2) REQUIRE_SSL=true (or, if false, port 80 is closed or unavailable in a browser), OpenLMIS does not login.

For reproducing, I have including setup commands as scripts. All use CentOS 7, have SELinux to permissive, and have a fully-qualified domain name set up and verifiable with the `hostname` command. Note, the certificates are self-signed but behavior was the same when using a Let's Encrypt certificate.

1. Nginx on host machine, OpenLMIS HTTP port 8080, REQUIRE_SSL=true

After login, the error is:

1 Could not extract response: no suitable HttpMessageConverter found for response type [interface java.util.Map] and content type [text/html]

2. HAProxy on host name, OpenLMIS HTTP post 8080, REQUIRE_SSL=true

Same result:

1 Could not extract response: no suitable HttpMessageConverter found for response type [interface java.util.Map] and content type [text/html]

3. Modify OpenLMIS Nginx to use TLS

This modifies the `/etc/consul-template/openlmis.conf` file to add `listen 443 ssl` and the self-signed certificates. `REQUIRE_SSL=true` results in a result loop, and `REQUIRE_SSL=false` (accessing manually both http and https) errors with:

1 {"data":{"messageKey":"notification.error.userContactDetails.notFound","message":"User contact details cannot be found."},"status":404,"config":{"method":"GET","transformRequest":[null],"transformResponse":[null],"jsonpCallbackParam":"callback","url":"/api/userContactDetails/35316636-6264-6331-2d34-3933322d3462","headers":{"Accept":"application/json, text/plain, */*","Authorization":"Bearer 07ad3942-384c-44cb-bab1-b8f715dc8170"},"timeout":{}},"statusText":"","xhrStatus":"complete","resource":{}}

Status

Assignee

Unassigned

Reporter

Alan Ivey

Labels

None

Components

Priority

Minor
Configure