08 Jun 2013

Configuring Nginx as reverse proxy SSL to tomcat

11:59 AM Ubuntu/linux 0 Comment

Configuring Nginx as reverse proxy SSL to tomcat

Install nginx
sudo apt-get install nginx

Do the below changes in tomcat $TOMCAT_HOME/conf/server.xml

Add adress=”127.0.0.1″, proxyname, proxy port as shown below

	<Connector address="127.0.0.1" port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443"
		proxyname="phonebook.nbostech.com"
		proxyport="443" />

Add under Host name=”localhost” appBase=”webapps”

<Valve className="org.apache.catalina.valves.RemoteIpValve" protocolHeader="X-Forwarded-Proto"  protocolHeaderHttpsValue="https" />

Now create site in Nginx:
Add the site as shown below under /etc/nginx/sites-enabled

upstream phonebook.nbostech.com {
           server 127.0.0.1:8080;
}

server {
 listen 80;
 server_name phonebook.nbostech.com;
 access_log /var/log/nginx/access.log;
 error_log /var/log/nginx/error.log;
 rewrite_log on;

  location /phonebook {
            proxy_pass http://phonebook.nbostech.com/phonebook;
            proxy_set_header X-Forwarded-Proto  https;
            proxy_set_header Host $http_host;
             }

  location / {
            proxy_pass http://phonebook.nbostech.com/phonebook;
            proxy_set_header X-Forwarded-Proto  https;
            proxy_set_header Host $http_host;
             }

      }

server {
   listen   443;
   server_name  phonebook.nbostech.com;
   access_log  /var/log/nginx/access.log;
   error_log /var/log/nginx/error.log;
   ssi on;
   ssl  on;
   ssl_certificate  /etc/ssl/certs/nbserver20.crt;
   ssl_certificate_key  /etc/ssl/certs/nbserver20.key;
   ssl_session_timeout  5m;
   ssl_protocols  SSLv2 SSLv3 TLSv1;
   ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
   ssl_prefer_server_ciphers   on;

  location  = / {
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_set_header X-Forwarded-Proto https;
            proxy_connect_timeout      240;
            proxy_send_timeout         240;
            proxy_read_timeout         240;
            proxy_pass http://phonebook.nbostech.com/phonebook;
            }

  location /phonebook {
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
	    proxy_set_header X-Forwarded-Proto https;
            proxy_connect_timeout      240;
            proxy_send_timeout         240;
            proxy_read_timeout         240;
            proxy_pass http://phonebook.nbostech.com/phonebook;
            }
       }

Restart the nginx and tomcat

Leave a Reply