Cannot GET acl_users/manage_main

Hello,
I have a fresh install of Plone 4.3.10. All functionality is working correctly except the acl_users object via the ZMI.

If I load <mydomain.com>/acl_users/manage_main, which uses a nginx proxy_pass to https, the error is

Cannot GET acl_users/manage_main

(Nothing is recorded in the plone event.log, and nothing hits the front-end server logs where the proxy_pass happens.)

This issue ultimately results in inability to display graceful information telling user to login to access the ZMI page for example.

Interestingly, when I navigate to the ZMI using the ip address and port, (:port/Plone/acl_users/manage_main), I can load the acl_users object.

Am I missing something in the plone configuration for acl_users?

The nginx conf contains:

upstream plone {
        server myploneip:6082;
}
server {
        listen myfrontendserverip:80;
        server_name    mydomain.com;
        root /projects/standards/docroot/;
        autoindex off;
        open_file_cache          max=1000 inactive=20s;
        open_file_cache_valid    30s;
        open_file_cache_min_uses 2;
        open_file_cache_errors   on;

        location /.well-known/acme-challenge/ {
                root /projects/prototype/challenges;
                try_files $uri =404;
        }

        location / {
               return 301 https://$server_name$request_uri;
        }
}

server {
        listen myfrontendserverip:443 ssl;

        location  / {
                proxy_set_header X-XSS-Protection "1; mode=block";
                proxy_set_header X-Content-Type-Options "nosniff";
                add_header X-Frame-Options "SAMEORIGIN";
                rewrite ^/(.*)/(.*)/at_download$ /$1/$2/view redirect; 
                proxy_set_header X-Forwarded-Host $host;
                proxy_set_header X-Forwarded-Server $host;
                proxy_set_header X-Forwarded-For $remote_addr;              
                proxy_pass http://plone/VirtualHostBase/https/tsp.prototype.doxcelerate.com:443/Plone/VirtualHostRoot/;
        } 
}

The response headers specify "Express" as server. I'm guessing that config does something weird.

< HTTP/1.1 404 Not Found
< Date: Wed, 17 Oct 2018 16:38:40 GMT
< Content-Type: text/html; charset=utf-8
< Content-Length: 34
< Connection: keep-alive
< Vary: Accept-Encoding
< X-Powered-By: Express

Thank you for your insight in troubleshooting!

I have another directive in the nginx conf, it is for "/ac", a redirect to a node app. I did not expect that this would effectively catch "/ac*" that hits the front end.... But indeed, when I changed the location directive to be "/ac/", the plone acl_users path now works. Hooray!

cheers, Clarity

Plone Foundation Code of Conduct