You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

You have nginx at the front end and tomcat hosted internally at port 8080 and you would like to bring Tomcat to the front end accessible via tomcat.sampledomain.com.

In Tomcat's server.xml, add the following connector.

server.xml
     <Connector port="9090" protocol="HTTP/1.1"
               connectionTimeout="20000" maxThreads="2000"
               scheme="https"
               proxyPort="443"
               redirectPort="443" />

This is how the new connector looks like below the original connector for 8080.

server.xml
    <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />
               
     <Connector port="9090" protocol="HTTP/1.1"
               connectionTimeout="20000" maxThreads="2000"
               scheme="https"
               proxyPort="443"
               redirectPort="443" />

In nginx's configuration, add this new site configurations.

nginx site file
server {
  listen          80;
  server_name     tomcat.sampledomain.com;
  root            /opt/tomcat/webapps/;
  underscores_in_headers on;

location /jw/web/applog/ {
    proxy_pass http://localhost:8080/jw/web/applog/;
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
}

  location / {
        proxy_pass  http://localhost:9090/;
		proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_set_header   X-NginX-Proxy    true;
        proxy_set_header   Host             $http_host;
        proxy_set_header   Upgrade          $http_upgrade;
        proxy_redirect     off;
  }
}

In addition to this, you may start to notice in Joget's log file that you are getting local IP address instead of client's real IP address. We will need to add this configuration into server.xml under the host node earlier.

<Valve className="org.apache.catalina.valves.RemoteIpValve"
             internalProxies="\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}"
             remoteIpHeader="x-forwarded-for"
             proxiesHeader="x-forwarded-by"
             protocolHeader="x-forwarded-proto" />

Here is the complete host node in server.xml now.

<Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">

        <!-- SingleSignOn valve, share authentication between web applications
             Documentation at: /docs/config/valve.html -->
        <!--
        <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
        -->
        
        <Valve className="org.apache.catalina.valves.RemoteIpValve"
             internalProxies="\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}"
             remoteIpHeader="x-forwarded-for"
             proxiesHeader="x-forwarded-by"
             protocolHeader="x-forwarded-proto" />

        <!-- Access log processes all example.
             Documentation at: /docs/config/valve.html
             Note: The pattern used is equivalent to using pattern="common" -->
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t "%r" %s %b" />

      </Host>


Credit: https://qiita.com/tkprof/items/2ff334b27002c101d022

Credit: https://community.alfresco.com/thread/212564-ssl-nginx-reverse-proxy-configuration-and-csrf-attack

Credit: https://github.com/znc/znc/issues/946

Credit: http://stackoverflow.com/questions/18936753/nginx-reverse-proxy-for-tomcat

  • No labels