nginx managed SSL with Tomcat 7

Changes I made so that Tomcat/Spring would set the proper Secure cookie flags:

Make sure Tomcat had SSL (443) redirect port running in server.xml:

<Service name="Catalina">  ...  <Connector executor="tomcatThreadPool"    port="9090" protocol="HTTP/1.1"    connectionTimeout="20000"    redirectPort="8443" />  ...</Service>

Ensure your RemoteIpValve is setup inside your host in server.xml:

<Service name="Catalina">  ...  <Engine name="Catalina" defaultHost="localhost">    ...    <Host name="localhost"  appBase="webapps"        unpackWARs="true" deployOnStartup="true" autoDeploy="true">      ...      <!-- Mark HTTP as HTTPS forward from SSL termination at nginx proxy -->      <Valve className="org.apache.catalina.valves.RemoteIpValve"        remoteIpHeader="x-forwarded-for"        remoteIpProxiesHeader="x-forwarded-by"        protocolHeader="x-forwarded-proto"        />    </Host>  </Engine></Service>

Ensure that the protocol is being forwarded from it's termination point in nginx.conf:

# Tomcat we're forwarding toupstream tomcat_server {  server 127.0.0.1:9090 fail_timeout=0;}# Main server proxyserver {  listen 443 ssl;  server_name  sample.com;  # HTTPS setup  ssl on;  ssl_session_timeout 10m;  ssl_session_cache shared:SSL:10m;  #ssl cyphers  ...   #ssl certs  ...   location / {    # Forward SSL so that Tomcat knows what to do    proxy_set_header X-Forwarded-Host $host;    proxy_set_header X-Forwarded-Server $host;    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;    proxy_pass http://tomcat_server;    proxy_set_header X-Forwarded-Proto https;    proxy_redirect off;    proxy_connect_timeout      240;    proxy_send_timeout         240;    proxy_read_timeout         240;    # Show error pages from S3 when down    proxy_next_upstream error timeout http_502 http_503 http_504;    error_page   502 503 504   https://s3.amazonaws.com/sample.com/maint;}

Most of my proxy/SSL nginx conf is included above for completeness. Hope that helps someone.

tomcat ssl nginx tomcat7

Need to handle the x-forwarded-by and x-forwarded-proto headers in Tomcat. Add the following to your server.xml:

<Valve className="org.apache.catalina.valves.RemoteIpValve"           remoteIpHeader="x-forwarded-for"           remoteIpProxiesHeader="x-forwarded-by"           protocolHeader="x-forwarded-proto"    />

CodeHunter

nginx managed SSL with Tomcat 7

Recent Posts

How can I color dots in a xy scatterplot according to column value?

How to update a claim in ASP.NET Identity?

What does {0} mean when initializing an object?

Accessing members of items in a JSONArray with Java

How to log SQL statements in Spring Boot?

Powershell Get-WebSite name parameter is ignored

How to detect scroll to bottom of html element

Java synchronized method

How to test controllers with CodeIgniter?

Detect Visual Composer

Matplotlib: Specify format of floats for tick labels

Rails join a list of strings with commas and "and" before the last