We're upgrading from a https 502 single install to a http distributed install (one server per app).

Our new network topology will allow for external access to jazz via VPN to our customers.

To that end we have a:

- External perimeter security box from F5. This does the ssl offload for users accessing jazz a https string.   Requests are then forwarded to our reverse proxy server (nginx) on another subnet. The F5 box is dns registered as jazz.navcan.ca 

- reverse proxy server (nginx) - forwards requests to the applicable JAZZ server. Entries are in the form http:// ip_address/jts  . IP/hostnames to each jazz server and f5 box in local hosts file.  Note no dns on this dmz.

- Each jazz server has  IP/hostnames to each jazz server and f5 & proxy in local hosts file.

In our initial JAZZ access testing in this topology we used a single http install and were able to access the apps.

In our distributed setup however we are having access problems and are a little stumped in trying to resolve the issue.

Currently if we try to access the apps we get the login screen and input the admin account/password then get:

"You have followed a direct link to log in to a Jazz server. This page has been presented to ensure that a malicious website cannot use cleverly crafted content to circumvent security. Please log in if you would like to access the server."

We can log into jts/admin but note that the discovery services to the apps fails.

Any ideas/suggestions?