As I can see you are trying to run Admin UI but are not able to access it, I have asked @balaji-alluru to check the logs shared by you and provide you with a solution.
Best Regards,
Team MOSIP
@sanchi-singh24 /@balaji-alluru
Hellooo, Any updates po Ma’am/Sirs
Hi @paredescedric3
Please share the full logs of angular console and contents of config.json file so that we can find the issue.
Thanks and Regards,
Team MOSIP
Hello @balaji-alluru Here is the config.json
{
“baseUrl”: "https://api-internal.mosipnginx.epldtcloudlab.com/v1/",
“adminUrl”: “/”,
“primaryLangCode”: “eng”,
“secondaryLangCode”: “fra”,
“validateToken”: “authmanager/authorize/admin/validateToken”,
“login”: “admin/login/”,
“logout”: “admin/logout/user”,
“templateRepoUrl”: “/templates/”
}
and for the angular console, may we know where it is located?
The nginx log shows that it is looking for the admin-ui in
`
/usr/share/nginx/html/admin-ui
`
Your Nginx config is not correct. its not redirecting the request to the actual pod.
Hello @gsasikumar
user www-data;
worker_processes auto;
pid /run/nginx.pid;
#include /etc/nginx/modules-enabled/*.conf;
load_module modules/ngx_stream_module.so;
events {
worker_connections 768;
multi_accept on;
}
http {
##
# Basic Settings
##
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
client_max_body_size 30m; # Biometrics may there in the request.
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
#include /etc/nginx/mime.types;
#default_type application/octet-stream;
##
# SSL Settings
##
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
#ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
# Comment out these lines, otherwise the default servers and settings in these locations will also get imported
#include /etc/nginx/conf.d/*.conf;
#include /etc/nginx/sites-enabled/*;
upstream myPublicIngressUpstream {
server 192.168.60.10:30080;
server 192.168.60.11:30080;
server 192.168.60.12:30080;
server 192.168.60.13:30080;
server 192.168.60.14:30080;
server 192.168.60.15:30080;
server Public-IP:30080;
}
upstream myInternalIngressUpstream {
server 192.168.60.10:31080;
server 192.168.60.11:31080;
server 192.168.60.12:31080;
server 192.168.60.13:31080;
server 192.168.60.14:31080;
server 192.168.60.15:31080;
}
upstream myMinioIngressUpstream {
server 192.168.60.10:30900;
server 192.168.60.11:30900;
server 192.168.60.12:30900;
server 192.168.60.13:30900;
server 192.168.60.14:30900;
server 192.168.60.15:30900;
}
ssl_certificate /etc/letsencrypt/live/mosipnginx.xyz.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mosipnginx.xyz.com/privkey.pem;
server{
listen 192.168.60.9:9000 ssl;
location / {
proxy_pass http://myMinioIngressUpstream;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header Referer $http_referer;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass_request_headers on;
}
}
server{
listen 192.168.60.9:443 ssl default;
location /admin-ui/ {
alias /usr/share/nginx/html/;
try_files $uri $uri/ /index.html;
}
location /v1/packetcreator/ {
proxy_pass http://myInternalIngressUpstream;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header Referer $http_referer;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass_request_headers on;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
}
location / {
proxy_pass http://myInternalIngressUpstream;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header Referer $http_referer;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass_request_headers on;
}
}
# this server section is for accessing MOSIP API's publically over the internet.
# initially the same remains commented till the testing and improvement and customisation is in progress.
# once after go-live call the same section neded to be uncommented
server{
listen 443 ssl;
server_name mosipnginx.epldtcloudlab.com;
location / {
proxy_pass http://myPublicIngressUpstream;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header Referer $http_referer;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass_request_headers on;
}
}
}
stream {
# this section of servers is for tcp proxying
# add multiple servers one for each port, and proxy them to mosip cluster internal loadbalancer
# like postgres, activemq, etc
upstream myPostgresIngressUpstream {
server 192.168.60.10:31432;
server 192.168.60.11:31432;
server 192.168.60.12:31432;
server 192.168.60.13:31432;
server 192.168.60.14:31432;
server 192.168.60.15:31432;
}
upstream myActivemqIngressUpstream {
server 192.168.60.10:31616;
server 192.168.60.11:31616;
server 192.168.60.12:31616;
server 192.168.60.13:31616;
server 192.168.60.14:31616;
server 192.168.60.15:31616;
}
server{
listen 192.168.60.9:5432;
proxy_pass myPostgresIngressUpstream;
}
server{
listen 192.168.60.9:61616;
proxy_pass myActivemqIngressUpstream;
}
}
here is our nginx.conf
@paredescedric3 you nginx configurtaion for mosip cluster is incorrect now.
we dont need below mentioned server section:
server{
listen 192.168.60.9:443 ssl default;
location /admin-ui/ {
alias /usr/share/nginx/html/;
try_files $uri $uri/ /index.html;
}
also you are trying to access wrong url. It should be https://admin.{your domain name}/
e.g. https://admin.collab.mosip.net/
It dont need admin-ui to be appendend at the end in default configuration.
Hello @ckm007
please advise what to check, Thanks
Hello @ckm007
Will appreciate for feedback here Thanks
after removing the admin-ui did we restart the nginx server there?
Check your nginx.xonf. Are you using the right domain name?
Looking at your first post, try
Hi @rcsampang / @ckm007
We already use the correct URL, but admin-ui still not working it has an error related to this
Hi @karlxix I hope you don’t mind If we retrace the steps you have taken.
This server is running on a separate VM and configured as a reverse proxy server as per documentation ? The global config is set and the DNS settings are mapped?
Are you doing this on-prem ?
AWS ?
If all these configurations are set and DNS settings are mapped, you have to use your main base URL / domain which in your case should be mosipnginx.epldtcloudlab.com
If you are doing this on-prem and the DNS settings are not mapped used your internal IP - IP address of your nginx reverse proxu server
Hi @rcsampang
We are doing this on-prem with DNS, I did revert it back to using the private IP of nginx mosip.
Here is the sample error when accessing admin
There is an issue with api-internal
We have open it for public, so you could test
https://admin.epldtcloudlab.com/
Is is the same error while using the private internal IP?
I noticed that the domain you opened for the public is different from the one you are previously using - admin.epldtcloudlab.com vs. mosipnginx.epldtcloudlab.com
Can you try opening to the public the domain mosipnginx.epldtcloudlab.com instead?
BTW what page is showing when you try to access the private IP or the domain on a browser? If nginx is correctly configured, this should show a page with links to MOSIP modules. It should show something similar to MOSIP Collab sandbox https://collab.mosip.net/
Hi @rcsampang
If you open this one you will be redirected to the landing page
publicly available > https://mosipnginx.epldtcloudlab.com/
Accessing via the private IP of mosip nginx fails
Okay. One possible cause of error is that there is inconsistency in your domain name settings.
Hovering over the links of the modules point to epldtcloudlab.com as your installation-domain. Try changing that to mosipnginx.epldtcloudlab.com so that it points to your nginx reverse proxy server. This is done by editing your global config map.
For example edit config map setting
k8s-infra/mosip/global_configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: global
namespace: default
data:
installation-name: mosipnginx
installation-domain: mosipnginx.epldtcloudlab.com
mosip-version: master
mosip-api-host: api.mosipnginx.epldtcloudlab.com
mosip-api-internal-host: api-internal.mosipnginx.epldtcloudlab.com
mosip-prereg-host: prereg.mosipnginx.epldtcloudlab.com
mosip-admin-host: admin.mosipnginx.epldtcloudlab.com
You might have to restart the modules config, admin, pmp, and other related modules.
In my case I restarted all MOSIP modules following the sequence stated in the documentation - same sequence followed during installation of the modules.
Another thing, aside from mosipnginx.epldtcloudlab.com SSL certificate, do you also have a wildcard domain SSL Certificate *.mosipnginx.epldtcloudlab.com that points to your nginx reverse proxy server ?
***Ignore the error when using the private IP, this is expected if you setup the domain name in your config map settings instead of the private IP.
HI @rcsampang ,
We already apply this cofig-map & restarted mosip services
but upon checking only the default config-map is changed, per module config-map didn’t change.
Can we just go to each modules and change the configmap? or is there a betterway to do this?