| English |
|---|
You have nginx at the front end and tomcat hosted internally at port 8080 and you would like to bring Tomcat to the front end accessible via tomcat.sampledomain.com. In Tomcat's server.xml, add the following connector. |
| Code Block |
|---|
| title | server.xml |
|---|
| linenumbers | true |
|---|
|
<Connector port="9090" protocol="HTTP/1.1"
connectionTimeout="20000" maxThreads="2000"
scheme="https"
proxyPort="443"
redirectPort="443" /> |
This is how the new connector looks like below the original connector for 8080 modify to add proxyName and proxyPort to the Connector node.
| Code Block |
|---|
| title | server.xml |
|---|
| linenumbers | true |
|---|
|
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Connector port="9090" proxyNameprotocol="tomcat.sampledomain.com" proxyPort="80HTTP/1.1"
connectionTimeout="20000" maxThreads="2000"
scheme="https"
proxyPort="443"
redirectPort="443" /> |
In nginx's configuration, add this new site configurations.
| Code Block |
|---|
| title | nginx site file |
|---|
| linenumbers | true |
|---|
|
server {
listen 80;
server_name tomcat.sampledomain.com;
root /opt/tomcat/webapps/;
underscores_in_headers on;
location / {
proxy_pass http://localhost:80809090/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Connection "upgrade";
}
} |
OptionallyIn addition to this, if you want may start to make Joget Workflow to load by default (as the root for Tomcat), in server.xml, add the Context node into the Host node. Look at line 8-11.notice in Joget's log file that you are getting local IP address instead of client's real IP address. We will need to add this configuration into server.xml under the host node earlier.
| Code Block |
|---|
|
<Valve className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}"
remoteIpHeader="x-forwarded-for"
proxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto" /> |
Here is the complete host node in server.xml now.
| Code Block |
|---|
| Code Block |
|---|
title | server.xml |
|---|
|
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<Context <Valve pathclassName="org.apache.catalina.valves.RemoteIpValve" docBase="jw">
internalProxies="\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}"
<!-- Default set of monitored resources -->
remoteIpHeader="x-forwarded-for"
proxiesHeader="x-forwarded-by"
<WatchedResource>WEB-INF/web.xml</WatchedResource>
</Context>protocolHeader="x-forwarded-proto" />
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r""%r" %s %b" />
</Host> |
Credit: https://qiita.com/tkprof/items/2ff334b27002c101d022
Credit: https://community.alfresco.com/thread/212564-ssl-nginx-reverse-proxy-configuration-and-csrf-attack
...