Configure Nginx proxy to Tomcat for multi-site properly
Replacing Apache with Nginx as a frontend proxy server to Tomcat is something I wanted to do for some time. However, I always had some issues with the multi-site (wildcard domain) setup.
Setting up a wildcard domain entry with proxy forward to Tomcat is something that simply worked in Apache. Especially, the host was simply forwarded to Tomcat. In Nginx this is different as one has to set “proxy_headers”. Furthermore, setting the “root” parameter was crucial in my case. In my research I’ve found that some people suggest to add a “nameProxy” parameter to the connector part in the Tomcat server.xml. However that approach does not work for me as I have multiple sites also within the same Tomcat container.
In any case, with the below configuration there is no change needed in the Tomcat configuration and it works with multiple sites in Nginx and Tomcat. Here is one of my site configuration in Nginx.
[code]server {
listen 80;
server_name *.domain.com;
access_log off;
root /var/www/myapp;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_pass https://localhost:8080;
proxy_redirect off;
proxy_buffering off;
}
}
[/code]
There you go. Multi-site setup in Nginx with a proxy to Tomcat which in return can also host multiple sites. With this it is easy to add another server configuration pointing to the same Tomcat serving another site (like a static page or even another dynamic app).
Hope this helps anyone out there.
Nginx error with Tomcat - upstream sent too big header while reading response header from upstream
Nginx is our favorite web server currently as it is fast, lean and easy to configure. Performance is just outstanding and if you haven't take a look at it. One thing that I noticed while we deployed Nginx with Tomcat is that their default size for the buffers are very…
Tomcat AJP vulnerability and Razuna
We got notified that there is an AJP security vulnerability with all Apache Tomcat releases. The issue is discussed as CVE-2929-1938. A remote, unauthenticated/untrusted attacker could exploit this AJP configuration to read web application files from a server exposing the AJP port to untrusted clients. That said, the default Tomcat…
Setting the correct Java version under MacOS X
My favorite scripting language is CFML, or as some know it as ColdFusion. I like it because it is very very powerful, easy to use and can do just about everything your xyz language can do. For many years, ColdFusion was a closed sourced system, where the former Macromedia and…
How to create a virtual machine server image from a physical CentOS server
I run a couple of servers over at a server farm. All of those machines run VMWare ESX, so today I wanted to move my last physical server to a VMWare image. If you want to convert a physical Windows machine then your task is quite easy. Start up the…
Why Coldfusion / CFML has its place and is worth to learn it
I actually never indulge in conversations why one programming language is better then another, because what is right to you, does not automatically mean, it is right for someone else. So, for me ColdFusion, or as we call the language itself - CFML, works very well. Nevertheless, in this post…
Updating Confluence and Jira is a nightmare and keeps you hunting for solutions
First off, I really like Jira and Confluence and we have been using them successfully for all our open source applications. We also use HipChat for our IM communication and use SourceTree for managing code on Github. Just realised that Atlassian has become a company to depend on... This post…
