Pre-reg won't show publicly

karlxix · October 24, 2023, 3:00am

Hi here is the gateway configuration for prereg

but when acccessing it

but if we change the istio: ingressgateway to ingressgateway-internal then we can access it privately. Any idea what causing this?

https://prereg.epldtcloudlab.com/

sanchi-singh24 · October 25, 2023, 8:59am

@aihamh Please help @karlxix with gateway configuration for the pre-registration module.

Best Regards,
Team MOSIP

syed.salman · October 25, 2023, 11:03am

@karlxix, Kindly verify whether the preregistration DNS entry is specified within the public IP section of the Nginx configuration. In the event that the issue persists, please provide the Nginx configuration for further analysis and resolution.

karlxix · October 25, 2023, 11:12am

Hi @syed.salman

Here is the current nginx configuration
192.168.60.9 is the private IP of nginx, other IP are the mosip clusters.
our updated prereg domain: prereg.mosipnginx.epldtcloudlab.com

user www-data;
worker_processes auto;
pid /run/nginx.pid;
#include /etc/nginx/modules-enabled/*.conf;
load_module modules/ngx_stream_module.so;

events {
    worker_connections 768;
    multi_accept on;
}

http {

    ##
    # Basic Settings
    ##
    proxy_buffer_size  128k;
    proxy_buffers  4 256k;
    proxy_busy_buffers_size 256k;
    client_max_body_size 30m; # Biometrics may there in the request.

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    server_tokens off;

    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    #include /etc/nginx/mime.types;
    #default_type application/octet-stream;

    ##
    # SSL Settings
    ##

    #ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
    #ssl_prefer_server_ciphers on;

    ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log error;

    ##
    # Gzip Settings
    ##

    gzip on;

    # gzip_vary on;
    # gzip_proxied any;
    # gzip_comp_level 6;
    # gzip_buffers 16 8k;
    # gzip_http_version 1.1;
    # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    ##
    # Virtual Host Configs
    ##

    # Comment out these lines, otherwise the default servers and settings in these locations will also get imported
    #include /etc/nginx/conf.d/*.conf;
    #include /etc/nginx/sites-enabled/*;

    upstream myPublicIngressUpstream {
        server 192.168.60.10:30080;
                server 192.168.60.11:30080;
                server 192.168.60.12:30080;
                server 192.168.60.13:30080;
                server 192.168.60.14:30080;
                server 192.168.60.15:30080;
                server 125.5.228.67:30080;
    }

    upstream myInternalIngressUpstream {
        server 192.168.60.10:31080;
                server 192.168.60.11:31080;
                server 192.168.60.12:31080;
                server 192.168.60.13:31080;
                server 192.168.60.14:31080;
                server 192.168.60.15:31080;

    }

    upstream myMinioIngressUpstream {
        server 192.168.60.10:30900;
                server 192.168.60.11:30900;
                server 192.168.60.12:30900;
                server 192.168.60.13:30900;
                server 192.168.60.14:30900;
                server 192.168.60.15:30900;

    }

    ssl_certificate /etc/letsencrypt/live/mosipnginx.epldtcloudlab.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mosipnginx.epldtcloudlab.com/privkey.pem;

    server{
        listen 192.168.60.9:9000 ssl;

        location / {
            proxy_pass                      http://myMinioIngressUpstream;
            proxy_http_version              1.1;
            proxy_set_header                Upgrade $http_upgrade;
            proxy_set_header                Connection "upgrade";
            proxy_set_header                Host $host;
            proxy_set_header                Referer $http_referer;
            proxy_set_header                X-Real-IP $remote_addr;
            proxy_set_header                X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header                X-Forwarded-Proto $scheme;
            proxy_pass_request_headers      on;
        }
    }

    server{
        listen 192.168.60.9:443 ssl default;

        location /v1/packetcreator/ {
            proxy_pass                      http://myInternalIngressUpstream;
            proxy_http_version              1.1;
            proxy_set_header                Upgrade $http_upgrade;
            proxy_set_header                Connection "upgrade";
            proxy_set_header                Host $host;
            proxy_set_header                Referer $http_referer;
            proxy_set_header                X-Real-IP $remote_addr;
            proxy_set_header                X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header                X-Forwarded-Proto $scheme;
            proxy_pass_request_headers      on;
            proxy_connect_timeout           600;
            proxy_send_timeout              600;
            proxy_read_timeout              600;
            send_timeout                    600;
        }

        location / {
            proxy_pass                      http://myInternalIngressUpstream;
            proxy_http_version              1.1;
            proxy_set_header                Upgrade $http_upgrade;
            proxy_set_header                Connection "upgrade";
            proxy_set_header                Host $host;
            proxy_set_header                Referer $http_referer;
            proxy_set_header                X-Real-IP $remote_addr;
            proxy_set_header                X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header                X-Forwarded-Proto $scheme;
            proxy_pass_request_headers      on;
        }
    }


     # this server section is for  accessing MOSIP API's publically over the internet.
     # initially the same remains commented till the testing and improvement and customisation is in progress.
     # once after go-live call the same section neded to be  uncommented
    server{
        listen 443 ssl;
        server_name mosipnginx.epldtcloudlab.com;

        location / {
            proxy_pass                      http://myPublicIngressUpstream;
            proxy_http_version              1.1;
            proxy_set_header                Upgrade $http_upgrade;
            proxy_set_header                Connection "upgrade";
            proxy_set_header                Host $host;
            proxy_set_header                Referer $http_referer;
            proxy_set_header                X-Real-IP $remote_addr;
            proxy_set_header                X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header                X-Forwarded-Proto $scheme;
            proxy_pass_request_headers      on;
        }
    }
}

stream {
    # this section of servers is for tcp proxying
    # add multiple servers one for each port, and proxy them to mosip cluster internal loadbalancer
    # like postgres, activemq, etc
    upstream myPostgresIngressUpstream {
      server 192.168.60.10:31432;
                server 192.168.60.11:31432;
                server 192.168.60.12:31432;
                server 192.168.60.13:31432;
                server 192.168.60.14:31432;
                server 192.168.60.15:31432;

    }

    upstream myActivemqIngressUpstream {
      server 192.168.60.10:31616;
                server 192.168.60.11:31616;
                server 192.168.60.12:31616;
                server 192.168.60.13:31616;
                server 192.168.60.14:31616;
                server 192.168.60.15:31616;

    }

    server{
        listen 192.168.60.9:5432;
        proxy_pass myPostgresIngressUpstream;
    }
    server{
        listen 192.168.60.9:61616;
        proxy_pass myActivemqIngressUpstream;
    }
}

syed.salman · October 25, 2023, 11:41am

@karlxix, Please add a correct prereg domain in the public IP section of nginx config. and restart nginx service

    server{
        listen 443 ssl;
        server_name mosipnginx.epldtcloudlab.com prereg.mosipnginx.epldtcloudlab.com;

sudo systemctl restart nginx

karlxix · October 25, 2023, 12:38pm

Hi @syed.salman

Already added the prereg dns, prereg still not accessible.

pods status

syed.salman · October 25, 2023, 1:12pm

@karlxix public IP not provided for this section

server{
        listen **<PUBLIC-IP>**:443 ssl;
        server_name mosipnginx.epldtcloudlab.com prereg.mosipnginx.epldtcloudlab.com resident.mosipnginx.epldtcloudlab.com;

karlxix · October 25, 2023, 4:04pm

Hi @syed.salman

Since our VM is hosted in Microsoft Azure, if we add a Public IP we get a “can’t bind the ip address error” in nginx.

syed.salman · October 27, 2023, 2:13pm

@karlxix

please share the error and network interfaces

karlxix · October 31, 2023, 10:36am

Hi Team,
this is now okay, it seems we need to input the private IP instead of making nginx listen to all interface.

sanchi-singh24 · November 7, 2023, 2:36pm

Great to hear that you found the right solution!

Topic		Replies	Views
Accessing pre-registration services outside the cluster pre-registration	3	298	September 28, 2022
MOSIP cluster - NGINX VMs, DNS Requirements, Istio ...using RKE/Rancher Platform	6	1720	August 17, 2022
Pre Registration Support pre-registration	44	979	October 11, 2023
Need access to the registration client on the collab environment Support regclient	11	72	April 24, 2025
Prereg-BatchJob Deployment Support	4	33	August 19, 2024

Pre-reg won't show publicly

Related topics