Nginx as Reverse Proxy for Tomcat + SSL

Maxim Dounin mdounin at mdounin.ru
Thu Nov 19 15:00:35 MSK 2009


Hello!

On Thu, Nov 19, 2009 at 06:50:02AM -0500, himesh wrote:

> Thanks Maxim,
> 
> So i tried the setup, SSL connection between the client and Nginx ( ssl terminating at nginx) and then unencrypted from Nginx to Tomcat.
>  
> This is what my nginx.conf file looks like....
> 
> user www-data;
> worker_processes  1;
> 
> error_log  /var/log/nginx/error.log;
> pid        /var/run/nginx.pid;
> 
> events {
>     worker_connections  1024;
> }
> 
> http {
>     include       /etc/nginx/mime.types;
>     default_type  application/octet-stream;
> 
>     access_log  /var/log/nginx/access.log;
> 
>     sendfile        on;
>     #tcp_nopush     on;
> 
>     #keepalive_timeout  0;
>     keepalive_timeout  65;
>     tcp_nodelay        on;
> 
>     gzip  on;
> 
>     include /etc/nginx/sites-enabled/*;
> 
> 
> 
> server {
> 
>       server_name himesh.com;
>       listen 192.168.1.118:443;
>       ssl on;
>       ssl_certificate /etc/pound/himesh_com.crt;
>       ssl_certificate_key /etc/pound/himesh.key;
> 
>       access_log /etc/pound/access.log;
> 
>       location / {
>             proxy_set_header X-Forwarded-Host $host;
>             proxy_set_header X-Forwarded-Server $host;
>             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>             proxy_pass   http://10.10.1.113:8080/;
>             proxy_redirect off;
>             }
> }
> 
> }
> 
> 
> Now form the client when i try https://himesh.com i get the the tomcat default page, that is all good.
> 
> But https://himesh.com/abc ( abc is an application deployed in tomcat), the browser returns http://himesh.com/abc but now i don't have nginx listening on 80, so there is no answer . This only happens with https. It works fine when iam using just http..
> 
> Please advice..

Depending on backend software you may need various quirks to make 
this working.  Usually correctly configured proxy_redirect is 
enough.

See

http://wiki.nginx.org/NginxHttpProxyModule#proxy_redirect

for details.

Maxim Dounin





More information about the nginx mailing list