Making Tomcat accessible only through nginx reverse proxy

gischethans nginx-forum at forum.nginx.org
Wed Apr 20 11:19:55 UTC 2016


I have a Tomcat server serving a web application and I have a Nginx server
running in front of it as a reverse proxy. Both the servers are on Intranet,
in the same domain network. The issue I am facing is, the tomcat server is
accessible through both IP addresses - if I use the Nginx IP, it redirects
to the Tomcat FQDN (expected) but if I ping using the FQDN
tomcat.domain.com, it reveals the real IP of the Tomcat server and not that
of Nginx server. Effectively, my Nginx server is not serving any purpose. I
was suggested to firewall the Tomcat instance, but based on my findings from
different forums, limiting Tomcat to listen to localhost seemed to be the
way to go. In order to prevent Tomcat from listening to other IPs, I added
"address=127.0.0.1" to the connector configuration. The entire connector
block is like this -

<Connector port="8080" 
address="127.0.0.1" 
maxThreads="150" 
minSpareThreads="25" 
connectionTimeout="20000" 
enableLookups="false" 
maxHttpHeaderSize="8192" 
protocol="HTTP/1.1" 
useBodyEncodingForURI="true" 
redirectPort="8443" 
acceptCount="100" 
disableUploadTimeout="true"
proxyName=<FQDN> 
proxyPort="80"/> 

In the Nginx server, I have these lines for the server configuration.

server {
        listen  80 default_server;
        listen  [::]:80 default_server ipv6only=on;

        server_name <FQDN>;
        location / {
        proxy_pass <FQDN>;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
}
}
Now, if I try to use the FQDN to access the web application, Chrome reports
ERR_CONNECTION_REFUSED. My Nginx configuration seems to be the culprit based
on what I understood. How can it be corrected?

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,266297,266297#msg-266297



More information about the nginx mailing list