Versions Compared

Old Version 6

changes.mady.by.user Hugo

Saved on

compared with

New Version 11

changes.mady.by.user Hugo

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

You have nginx at the front end and tomcat hosted internally at port 8080 and you would like to bring Tomcat to the front end accessible via tomcat.sampledomain.com.

In Tomcat's server.xml, modify to add proxyName and proxyPort to the Connector nodeadd the following connector.

Code Block
titleserver.xml
linenumberstrue
     <Connector port="80809090" protocol="HTTP/1.1"
               connectionTimeout="20000" maxThreads="2000"
               redirectPortscheme="8443https"
  proxyName="tomcat.sampledomain.com" proxyPort="80" />

In nginx's configuration, add this new site configurations.

Code Block
titlenginx site file
linenumberstrue
server {
  listen        proxyPort="443"
  80;
  server_name     tomcat.sampledomain.com;
  root    redirectPort="443" />

This is how the new connector looks like below the original connector for 8080.

Code Block
titleserver.xml
linenumberstrue
    <Connector   /opt/tomcat/webapps/;port="8080" protocol="HTTP/1.1"
  underscores_in_headers on;
  location / {
        proxy_pass  http://localhost:8080/;
		proxy_set_headerconnectionTimeout="20000"
   X-Real-IP        $remote_addr;
    redirectPort="8443" />
   proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
       
 proxy_set_header   X-NginX-Proxy <Connector port="9090"  true;
protocol="HTTP/1.1"
         proxy_set_header   Host   connectionTimeout="20000" maxThreads="2000"
         $http_host;
      scheme="https"
  proxy_set_header   Upgrade          $http_upgrade;
proxyPort="443"
         proxy_redirect     off;
  }
} redirectPort="443" />

In nginx's configuration, add this new site configurations.Optionally, if you want to make Joget Workflow to load by default (as the root for Tomcat), in server.xml, add the Context node into the Host node. Look at line 8-11.

Code Block
titleserver.xmlnginx site file
linenumberstrue
<Host name="localhost"  appBase="webapps"server {
  listen          unpackWARs="true" autoDeploy="true">80;
  server_name      <!-- SingleSignOn valve, share authentication between web applicationstomcat.sampledomain.com;
  root           Documentation at: /docs/config/valve.html -->/opt/tomcat/webapps/;
  underscores_in_headers on;

  location /  <!--{
        <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
        -->
proxy_pass  http://localhost:9090/;
		proxy_set_header   X-Real-IP        <Context path="" docBase="jw">$remote_addr;
        proxy_set_header   <!X-Forwarded-For Default set of monitored resources --> $proxy_add_x_forwarded_for;
        proxy_set_header   <WatchedResource>WEB-INF/web.xml</WatchedResource>
X-NginX-Proxy       </Context>
true;
		proxy_set_header        <!-- Access log processes all example.X-Forwarded-Proto $scheme;
        proxy_set_header   Host  Documentation at: /docs/config/valve.html
           $http_host;
  Note: The pattern used is equivalent toproxy_set_header using pattern="common" -->
 Upgrade        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" $http_upgrade;
        proxy_redirect       prefix="localhost_access_log" suffix=".txt"off;	
		proxy_http_version 1.1;
        proxy_set_header       pattern="%h %l %u %t &quot;%r&quot; %s %b" />
      </Host>Connection "upgrade";
  }
}

In addition to this, you may start to notice in Joget's log file that you are getting local IP address instead of client's real IP address. We will need to add this configuration into server.xml under the host node earlier.

...

Code Block
linenumberstrue
<Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">

        <!-- SingleSignOn valve, share authentication between web applications
             Documentation at: /docs/config/valve.html -->
        <!--
        <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
        -->
        
        <Valve className="org.apache.catalina.valves.RemoteIpValve"
             internalProxies="\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}"
             remoteIpHeader="x-forwarded-for"
             proxiesHeader="x-forwarded-by"
             protocolHeader="x-forwarded-proto" />

	 <Context path="" docBase="jw">
           <!-- Default set of monitored resources -->
           <WatchedResource>WEB-INF/web.xml</WatchedResource>
       </Context>
        <!-- Access log processes all example.
             Documentation at: /docs/config/valve.html
             Note: The pattern used is equivalent to using pattern="common" -->
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t "%r" %s %b" />

      </Host>

...