Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

You have nginx at the front end and tomcat hosted internally at port 8080 and you would like to bring Tomcat to the front end accessible via tomcat.sampledomain.com.

In Tomcat's server.xml, modify to add proxyName and proxyPort to the Connector node.

...

Code Block
titleserver.xml
linenumberstrue
<Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">
        <!-- SingleSignOn valve, share authentication between web applications
             Documentation at: /docs/config/valve.html -->
        <!--
        <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
        -->
        <Context path="" docBase="jw">
           <!-- Default set of monitored resources -->
           <WatchedResource>WEB-INF/web.xml</WatchedResource>
       </Context>
        <!-- Access log processes all example.
             Documentation at: /docs/config/valve.html
             Note: The pattern used is equivalent to using pattern="common" -->
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />
      </Host>

In addition to this, you may start to notice in Joget's log file that you are getting local IP address instead of client's real IP address. We will need to add this configuration into server.xml under the host node earlier.

Code Block
linenumberstrue
<Valve className="org.apache.catalina.valves.RemoteIpValve"
             internalProxies="\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}"
             remoteIpHeader="x-forwarded-for"
             proxiesHeader="x-forwarded-by"
             protocolHeader="x-forwarded-proto" />

Here is the complete host node in server.xml now.

Code Block
linenumberstrue
<Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">

        <!-- SingleSignOn valve, share authentication between web applications
             Documentation at: /docs/config/valve.html -->
        <!--
        <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
        -->
        
        <Valve className="org.apache.catalina.valves.RemoteIpValve"
             internalProxies="\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}"
             remoteIpHeader="x-forwarded-for"
             proxiesHeader="x-forwarded-by"
             protocolHeader="x-forwarded-proto" />

	 <Context path="" docBase="jw">
           <!-- Default set of monitored resources -->
           <WatchedResource>WEB-INF/web.xml</WatchedResource>
       </Context>
        <!-- Access log processes all example.
             Documentation at: /docs/config/valve.html
             Note: The pattern used is equivalent to using pattern="common" -->
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t "%r" %s %b" />

      </Host>


Credit: https://qiita.com/tkprof/items/2ff334b27002c101d022

Credit: https://community.alfresco.com/thread/212564-ssl-nginx-reverse-proxy-configuration-and-csrf-attack

...