Welcome! Log In Create A New Profile

Advanced

Re: Making Tomcat accessible only through nginx reverse proxy

Francis Daly
April 20, 2016 02:20PM
On Wed, Apr 20, 2016 at 07:19:55AM -0400, gischethans wrote:

Hi there,

> I have a Tomcat server serving a web application and I have a Nginx server
> running in front of it as a reverse proxy.

What you need is that your users talk to nginx, and that nginx is able
to talk to tomcat.

What you additionally want, is that your users do not talk to tomcat.

All of that network setup is outside of anything that nginx can do.

> In order to prevent Tomcat from listening to other IPs, I added
> "address=127.0.0.1" to the connector configuration.

That will mean that your users cannot talk to tomcat (unless you do
something special to allow them to).

It will also mean that nginx cannot talk to tomcat, unless you do
something special to allow it to.

The easiest special thing is probably to run nginx on the same server
as tomcat.

If that is not what you want, then you will probably need some firewalling
/ ip forwarding on the tomcat machine to allow nginx connect to something
which gets sent to tomcat.

(But at that point, it may be easier to just leave tomcat listening on
the public address, and add firewalling to block anything other than
nginx from accessing it.)

> In the Nginx server, I have these lines for the server configuration.

On the nginx side, what you have looks fine. In the "proxy_pass" line, it
will probably be simpler if you use the IP:port that tomcat is listening
on (that nginx can connect to) rather than the hostname.

> Now, if I try to use the FQDN to access the web application, Chrome reports
> ERR_CONNECTION_REFUSED. My Nginx configuration seems to be the culprit based
> on what I understood. How can it be corrected?

I suspect that your request to the FQDN does not get to nginx. After
you have things configured correctly, changing name resolution (dns)
so that the FQDN corresponds to the nginx IP address instead of the
tomcat IP address will be a necessary step.

Good luck with it,

f
--
Francis Daly francis@daoine.org

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Making Tomcat accessible only through nginx reverse proxy

gischethans April 20, 2016 07:19AM

Re: Making Tomcat accessible only through nginx reverse proxy

Francis Daly April 20, 2016 02:20PM

Re: Making Tomcat accessible only through nginx reverse proxy

ron ramos April 25, 2016 10:08PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 239
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready