So I figured out what the issue is. Now I need help figuring out the solution.
After several days of playing around with the FQDN settings and trying to figure out how to utilize the system, I figured out that the client com server URL under the Admin Settings > Client Com Servers > "My Com Server" > URL - is where you program in the TOEC Client URL. I knew this before but I don't think I explained it very well in my previous post.
My problem is the Certificates that the server requires for the Toec API clients to connect. When you go though the setup process you generate a set of certificates (A Trusted and an Intermediate) that you then install on the Server Host in their respective places. Unfortunately, when using NGINX PM or Cloudflare, the connection string is changed in the routing process which prevents the connection due to the certificates being provided by the server not matching the ones being provided by the NGINX PM and not matching the specified URL when using Cloudflare proxy. I've also noticed that they don't work with SSL ports like 443 either.
My problem now is that I need to figure out a way to tell "TheOpenEM" server that it doesn't need to care about SSL connections/certs. Below is an example of how the SSL connection will work and why TheOpenEM server doesn't need to care about them.
When you enter in "theopenem.mydomain.com" it's routed through Cloudflare on port 443 and proxied. Next it's sent via proxy to the WAN/Router of the building the server is housed in still on port 443. Then it is sent from the WAN/Router to the NGINX PM Server still on port 443 because all port 443 and port 80 traffic of the WAN/Router is forwarded to NGINX by design. Once at NGINX the NGINX server verifies the SSL connection using a certificate at that point. Then the traffic is based on using that certificate to the internal IP address and port of the OpenEM server Toec client API address. The only connection from the OpenEM server to the outside world is through the NGINX PM Server which is also where the SSL happens.
So basically I need to allow any and all connections to the OpenEM Server regardless of certificates/keys or whatever because the protection and SSL of the traffic happens elsewhere.
- Is there a way to turn off the requirement for certs on the server and if so, how is that accomplished?
I know this seems like a silly way to do this but when you're running 10+ services/servers and need a quick and easy way to launch new ones securely over SSL, this is the easiest and best method I've found so far that works for my needs.