TLS termination does not work on same server as OpenLMIS

Description

I have observed that if 1) you are terminating TLS on the same server as OpenLMIS, 2) REQUIRE_SSL=true (or, if false, port 80 is closed or unavailable in a browser), OpenLMIS does not login.

For reproducing, I have including setup commands as scripts. All use CentOS 7, have SELinux to permissive, and have a fully-qualified domain name set up and verifiable with the `hostname` command. Note, the certificates are self-signed but behavior was the same when using a Let's Encrypt certificate.

1. Nginx on host machine, OpenLMIS HTTP port 8080, REQUIRE_SSL=true

After login, the error is:

2. HAProxy on host name, OpenLMIS HTTP post 8080, REQUIRE_SSL=true

Same result:

3. Modify OpenLMIS Nginx to use TLS

This modifies the `/etc/consul-template/openlmis.conf` file to add `listen 443 ssl` and the self-signed certificates. `REQUIRE_SSL=true` results in a result loop, and `REQUIRE_SSL=false` (accessing manually both http and https) errors with:

Assignee

Unassigned

Reporter

Alan Ivey

Labels

None

Components

Priority

Minor
Configure