Making Tomcat accessible only through nginx reverse proxy

ron ramos nhadie at gmail.com
Tue Apr 26 02:07:09 UTC 2016


please check your proxy_pass parameter, it should point to your tomcat
endpoint:
http://www.mkyong.com/nginx/nginx-apache-tomcat-configuration-example/

hope this helps.

On Wed, Apr 20, 2016 at 7:19 PM, gischethans <nginx-forum at forum.nginx.org>
wrote:

> I have a Tomcat server serving a web application and I have a Nginx server
> running in front of it as a reverse proxy. Both the servers are on
> Intranet,
> in the same domain network. The issue I am facing is, the tomcat server is
> accessible through both IP addresses - if I use the Nginx IP, it redirects
> to the Tomcat FQDN (expected) but if I ping using the FQDN
> tomcat.domain.com, it reveals the real IP of the Tomcat server and not
> that
> of Nginx server. Effectively, my Nginx server is not serving any purpose. I
> was suggested to firewall the Tomcat instance, but based on my findings
> from
> different forums, limiting Tomcat to listen to localhost seemed to be the
> way to go. In order to prevent Tomcat from listening to other IPs, I added
> "address=127.0.0.1" to the connector configuration. The entire connector
> block is like this -
>
> <Connector port="8080"
> address="127.0.0.1"
> maxThreads="150"
> minSpareThreads="25"
> connectionTimeout="20000"
> enableLookups="false"
> maxHttpHeaderSize="8192"
> protocol="HTTP/1.1"
> useBodyEncodingForURI="true"
> redirectPort="8443"
> acceptCount="100"
> disableUploadTimeout="true"
> proxyName=<FQDN>
> proxyPort="80"/>
>
> In the Nginx server, I have these lines for the server configuration.
>
> server {
>         listen  80 default_server;
>         listen  [::]:80 default_server ipv6only=on;
>
>         server_name <FQDN>;
>         location / {
>         proxy_pass <FQDN>;
>         proxy_set_header X-Forwarded-Host $host;
>         proxy_set_header X-Forwarded-Server $host;
>         proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
> }
> }
> Now, if I try to use the FQDN to access the web application, Chrome reports
> ERR_CONNECTION_REFUSED. My Nginx configuration seems to be the culprit
> based
> on what I understood. How can it be corrected?
>
> Posted at Nginx Forum:
> https://forum.nginx.org/read.php?2,266297,266297#msg-266297
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20160426/faf09bf8/attachment.html>


More information about the nginx mailing list