Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 9065E18C41 for ; Wed, 20 May 2015 07:58:03 +0000 (UTC) Received: (qmail 60788 invoked by uid 500); 20 May 2015 07:58:00 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 60718 invoked by uid 500); 20 May 2015 07:58:00 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 60704 invoked by uid 99); 20 May 2015 07:58:00 -0000 Received: from Unknown (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 20 May 2015 07:58:00 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id AE957C6BEE for ; Wed, 20 May 2015 07:57:59 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1 X-Spam-Level: * X-Spam-Status: No, score=1 tagged_above=-999 required=6.31 tests=[KAM_LAZY_DOMAIN_SECURITY=1] autolearn=disabled Received: from mx1-eu-west.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id uhKYF1seH0Wh for ; Wed, 20 May 2015 07:57:57 +0000 (UTC) Received: from smtp.nspdc.no (smtp.nspdc.no [195.1.198.7]) by mx1-eu-west.apache.org (ASF Mail Server at mx1-eu-west.apache.org) with ESMTPS id 2346D25431 for ; Wed, 20 May 2015 07:57:57 +0000 (UTC) Received: from webmail.nspdc.net (unknown [10.50.152.15]) by smtp.nspdc.no (Postfix) with ESMTP id 8A6DDC04AC for ; Wed, 20 May 2015 09:56:55 +0200 (CEST) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Wed, 20 May 2015 09:56:55 +0200 From: =?UTF-8?Q?Bj=C3=B8rn_T_Johansen?= To: Tomcat Users List Subject: Re: Nginx as a proxy... Organization: Havleik Constulting In-Reply-To: <555C3BE5.3060607@apache.org> References: <20150519232529.61755be9@pennywise2.havleik.net> <555C2942.4010604@apache.org> <95cd4b7fb6ac65c1ad57d73a7b7acc30@havleik.no> <555C3BE5.3060607@apache.org> Message-ID: <83c40d491af8ca2ae3ad5c970ce98968@havleik.no> X-Sender: btj@havleik.no User-Agent: Roundcube Webmail/1.0.5 On 20.05.2015 09:46, Mark Thomas wrote: > On 20/05/2015 07:56, Bjørn T Johansen wrote: >> On 20.05.2015 08:27, Mark Thomas wrote: >>> On 19/05/2015 22:25, Bjørn T Johansen wrote: >>>> I have a small problem using nginx as a reverse proxy in front of >>>> Tomcat 8.. The problem is that sometimes the context url is set to >>>> the local ip >>>> address of the tomcat server instead of the hostname used to access >>>> the nginx server. >>>> And I know this can be solved by using proxyname and proxypost but >>>> as >>>> far as I can see, this can only be configured for the connector >>>> port, >>>> which >>>> make the setting global? Add I run 5 other web applications in the >>>> same Tomcat instance so changing this globally is not an option... >>>> >>>> Anyway to solve this? >>> >>> option 1. Configure nginx to set the host header as you wish >>> >>> option 2. Remote IP Host/Valve (still requires nginx config) >>> >>> Mark >>> >> >> Thx, was missing the HOST header... And now the url is almost >> correct... >> The remaining problem, is that the url looses the scheme used, so it >> gets redirected to http address instead of https; is that configured >> in >> the Tomcat config somewhere or? > > Set the scheme on the connector. > > If nginx is receiving both http and https traffic then the simplest way > is to have two connectors in Tomcat, one with scheme="http" and one > with > scheme="https" (and secure="true"). > > Note that scheme, secure and sslEnabled may all be set independently to > handle the various permutations of reverse proxy config. > > Mark > > Yes, just thought of having a second connector for ssl, thx for confirming it... :) BTJ --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org