I have a Tomcat server serving a web application and I have a Nginx server running in front of it as a reverse proxy. Both the servers are on Intranet, in the same domain network. The issue I am facing is, the tomcat server is accessible through both IP addresses - if I use the Nginx IP, it redirects to the Tomcat FQDN (expected) but if I ping using the FQDN tomcat.domain.com, it reveals the real IP of the Tomcat server and not that of Nginx server. Effectively, my Nginx server is not serving any purpose. I was suggested to firewall the Tomcat instance, but based on my findings from different forums, limiting Tomcat to listen to localhost seemed to be the way to go. In order to prevent Tomcat from listening to other IPs, I added "address=127.0.0.1" to the connector configuration. The entire connector block is like this -
<Connector port="8080"
address="127.0.0.1"
maxThreads="150"
minSpareThreads="25"
connectionTimeout="20000"
enableLookups="false"
maxHttpHeaderSize="8192"
protocol="HTTP/1.1"
useBodyEncodingForURI="true"
redirectPort="8443"
acceptCount="100"
disableUploadTimeout="true"
proxyName=<FQDN>
proxyPort="80"/>
In the Nginx server, I have these lines for the server configuration.
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name <FQDN>;
location / {
proxy_pass <FQDN>;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
}
}
Now, if I try to use the FQDN to access the web application, Chrome reports ERR_CONNECTION_REFUSED. My Nginx configuration seems to be the culprit based on what I understood. How can it be corrected?