Pre-reg won't show publicly

Support
1

Hi here is the gateway configuration for prereg

image
image755Ă—510 22.8 KB

but when acccessing it

image
image1179Ă—526 11.4 KB

but if we change the istio: ingressgateway to ingressgateway-internal then we can access it privately. Any idea what causing this?

https://prereg.epldtcloudlab.com/

2

@aihamh Please help @karlxix with gateway configuration for the pre-registration module.

Best Regards,
Team MOSIP

3

@karlxix, Kindly verify whether the preregistration DNS entry is specified within the public IP section of the Nginx configuration. In the event that the issue persists, please provide the Nginx configuration for further analysis and resolution.

4

Hi @syed.salman

Here is the current nginx configuration
192.168.60.9 is the private IP of nginx, other IP are the mosip clusters.
our updated prereg domain: prereg.mosipnginx.epldtcloudlab.com

user www-data;
worker_processes auto;
pid /run/nginx.pid;
#include /etc/nginx/modules-enabled/*.conf;
load_module modules/ngx_stream_module.so;

events {
    worker_connections 768;
    multi_accept on;
}

http {

    ##
    # Basic Settings
    ##
    proxy_buffer_size  128k;
    proxy_buffers  4 256k;
    proxy_busy_buffers_size 256k;
    client_max_body_size 30m; # Biometrics may there in the request.

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    server_tokens off;

    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    #include /etc/nginx/mime.types;
    #default_type application/octet-stream;

    ##
    # SSL Settings
    ##

    #ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
    #ssl_prefer_server_ciphers on;

    ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log error;

    ##
    # Gzip Settings
    ##

    gzip on;

    # gzip_vary on;
    # gzip_proxied any;
    # gzip_comp_level 6;
    # gzip_buffers 16 8k;
    # gzip_http_version 1.1;
    # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    ##
    # Virtual Host Configs
    ##

    # Comment out these lines, otherwise the default servers and settings in these locations will also get imported
    #include /etc/nginx/conf.d/*.conf;
    #include /etc/nginx/sites-enabled/*;

    upstream myPublicIngressUpstream {
        server 192.168.60.10:30080;
                server 192.168.60.11:30080;
                server 192.168.60.12:30080;
                server 192.168.60.13:30080;
                server 192.168.60.14:30080;
                server 192.168.60.15:30080;
                server 125.5.228.67:30080;
    }

    upstream myInternalIngressUpstream {
        server 192.168.60.10:31080;
                server 192.168.60.11:31080;
                server 192.168.60.12:31080;
                server 192.168.60.13:31080;
                server 192.168.60.14:31080;
                server 192.168.60.15:31080;

    }

    upstream myMinioIngressUpstream {
        server 192.168.60.10:30900;
                server 192.168.60.11:30900;
                server 192.168.60.12:30900;
                server 192.168.60.13:30900;
                server 192.168.60.14:30900;
                server 192.168.60.15:30900;

    }

    ssl_certificate /etc/letsencrypt/live/mosipnginx.epldtcloudlab.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mosipnginx.epldtcloudlab.com/privkey.pem;

    server{
        listen 192.168.60.9:9000 ssl;

        location / {
            proxy_pass                      http://myMinioIngressUpstream;
            proxy_http_version              1.1;
            proxy_set_header                Upgrade $http_upgrade;
            proxy_set_header                Connection "upgrade";
            proxy_set_header                Host $host;
            proxy_set_header                Referer $http_referer;
            proxy_set_header                X-Real-IP $remote_addr;
            proxy_set_header                X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header                X-Forwarded-Proto $scheme;
            proxy_pass_request_headers      on;
        }
    }

    server{
        listen 192.168.60.9:443 ssl default;

        location /v1/packetcreator/ {
            proxy_pass                      http://myInternalIngressUpstream;
            proxy_http_version              1.1;
            proxy_set_header                Upgrade $http_upgrade;
            proxy_set_header                Connection "upgrade";
            proxy_set_header                Host $host;
            proxy_set_header                Referer $http_referer;
            proxy_set_header                X-Real-IP $remote_addr;
            proxy_set_header                X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header                X-Forwarded-Proto $scheme;
            proxy_pass_request_headers      on;
            proxy_connect_timeout           600;
            proxy_send_timeout              600;
            proxy_read_timeout              600;
            send_timeout                    600;
        }

        location / {
            proxy_pass                      http://myInternalIngressUpstream;
            proxy_http_version              1.1;
            proxy_set_header                Upgrade $http_upgrade;
            proxy_set_header                Connection "upgrade";
            proxy_set_header                Host $host;
            proxy_set_header                Referer $http_referer;
            proxy_set_header                X-Real-IP $remote_addr;
            proxy_set_header                X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header                X-Forwarded-Proto $scheme;
            proxy_pass_request_headers      on;
        }
    }


     # this server section is for  accessing MOSIP API's publically over the internet.
     # initially the same remains commented till the testing and improvement and customisation is in progress.
     # once after go-live call the same section neded to be  uncommented
    server{
        listen 443 ssl;
        server_name mosipnginx.epldtcloudlab.com;

        location / {
            proxy_pass                      http://myPublicIngressUpstream;
            proxy_http_version              1.1;
            proxy_set_header                Upgrade $http_upgrade;
            proxy_set_header                Connection "upgrade";
            proxy_set_header                Host $host;
            proxy_set_header                Referer $http_referer;
            proxy_set_header                X-Real-IP $remote_addr;
            proxy_set_header                X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header                X-Forwarded-Proto $scheme;
            proxy_pass_request_headers      on;
        }
    }
}

stream {
    # this section of servers is for tcp proxying
    # add multiple servers one for each port, and proxy them to mosip cluster internal loadbalancer
    # like postgres, activemq, etc
    upstream myPostgresIngressUpstream {
      server 192.168.60.10:31432;
                server 192.168.60.11:31432;
                server 192.168.60.12:31432;
                server 192.168.60.13:31432;
                server 192.168.60.14:31432;
                server 192.168.60.15:31432;

    }

    upstream myActivemqIngressUpstream {
      server 192.168.60.10:31616;
                server 192.168.60.11:31616;
                server 192.168.60.12:31616;
                server 192.168.60.13:31616;
                server 192.168.60.14:31616;
                server 192.168.60.15:31616;

    }

    server{
        listen 192.168.60.9:5432;
        proxy_pass myPostgresIngressUpstream;
    }
    server{
        listen 192.168.60.9:61616;
        proxy_pass myActivemqIngressUpstream;
    }
}
5

@karlxix, Please add a correct prereg domain in the public IP section of nginx config. and restart nginx service

    server{
        listen 443 ssl;
        server_name mosipnginx.epldtcloudlab.com prereg.mosipnginx.epldtcloudlab.com;


sudo systemctl restart nginx
6

Hi @syed.salman

Already added the prereg dns, prereg still not accessible.

image
image931Ă—349 17.4 KB

image
image1210Ă—677 14.7 KB

pods status

image
image1154Ă—142 6.62 KB

7

@karlxix public IP not provided for this section

server{
        listen **<PUBLIC-IP>**:443 ssl;
        server_name mosipnginx.epldtcloudlab.com prereg.mosipnginx.epldtcloudlab.com resident.mosipnginx.epldtcloudlab.com;
1 Like
8

Hi @syed.salman

Since our VM is hosted in Microsoft Azure, if we add a Public IP we get a “can’t bind the ip address error” in nginx.

10

@karlxix

please share the error and network interfaces

1 Like
11

Hi Team,
this is now okay, it seems we need to input the private IP instead of making nginx listen to all interface.

12

Great to hear that you found the right solution!