Can't Access SOAP Web Service Over HTTPS
I'd like to point out this is likely related to your nginx configuration and for SSL there are a couple of good spots to start looking:
- Verify your listening port on nginx is 443
- Verify your proxy location is 127.0.0.1:80 (port 80 because it's HTTP, unless you customized it)
- If you are using CentOS, I've found iptables to be the culprit of many problems. Sometimes I just forget to open up port 443 in the firewall. To configure, go to
/etc/sysconfig/iptables/
and add a firewall rule.
and last but not least....
I found this nifty guide for SOAP over SSL :) http://soapoverhttps.blogspot.ca/
user470714
Updated on June 04, 2022Comments
-
user470714 almost 2 years
What I am trying to do is hit a web service (which I built) using SSL. It doesn't seem to be working though. Some relevant information:
- Everything works fine using HTTP. The problem only happens when I use HTTPS.
- The actual error message being output is as follows:
SOAP-ERROR: Parsing WSDL: Couldn't load from ... : failed to load external entity ...
- The service is implemented in PHP.
- If I run php -m or check phpinfo() openssl appears to be installed properly.
The SSL certificate seems to be working fine otherwise. I can use HTTPS on the rest of the site; it's just the web service that's having a problem.
If I try accessing the WSDL via a browser over HTTPS, it works fine. If I try to access one of the SOAP endpoint URLs, then I get the error message.
- I wrote a minimized PHP script to try and make an actual call to the service. It will get the error message when trying to retrieve the WSDL itself.
- Web server is Apache running on Debian
- It doesn't seem to be a code issue. I have comparable code running on the dev server and it works fine there, even using HTTPS.
- Production system is running on a proxy system, with nginx in the front. It seems like this is most likely related to the issue, but no idea where to start solving that problem.
-
user470714 almost 12 yearsYour point 1 is an abbreviated version of the actual problem. For other inquiring minds, I got help from our part time server admin and he figured out that the problem was two fold: a) There's actually two proxy servers - a primary and a fail over. The fail over's keepalived configuration was wrong so it was handling requests when it shouldn't. b) Because it was a fail over it was listening on a default port and binding SSL traffic to a non-SSL port. Anyways, no sense in accepting my own answer so I'm marking your the accepted answer.