Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
O
O
Oleg Tarakanov2014-08-15 17:31:56
Nginx
Oleg Tarakanov, 2014-08-15 17:31:56

How to set up SSL for linking nginx (front-end) with tomcat 7 (back-end)?

Actually a subject.
Tomcat server.xml:

<Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               URIEncoding="UTF-8"
               redirectPort="8443" proxyPort="443"/>

Nginx:
server {
   server_name  site.domain.ru;
   listen       443;


   ssl on;
   ssl_certificate /etc/ssl/certs/ssl-bundle.crt;
   ssl_certificate_key /etc/ssl/private/private.key;

   # You can configure to some "sub-url" (ex.: /youtrack/) instead of domain (or sub-domain)
   location / {
       proxy_pass        http://127.0.0.1:8080;
       proxy_set_header  Host             $http_host;
       proxy_set_header  X-Real-IP        $remote_addr;
       proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;
       proxy_set_header  X-Forwarded-Proto  http;
   }
}

I get:
400 Bad Request

The plain HTTP request was sent to HTTPS port
nginx/1.4.6 (Ubuntu)

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
V
Vladimir Smirnov, 2014-11-13
@druoleg

Do I understand correctly that in the topology of your servers, Nginx "looks at the world", and access to Tomcat (s) from the outside is not supposed? That is, the standard approach: balancer outside, server insideapplications to which the balancer redirects requests? In such cases, Tomcats must be completely closed from any access from the outside at the network / proxy level, i.e. they are located in the so-called "demilitarized zone" and do not require protection at the level of the data exchange protocol (HTTPS). Moreover, when receiving a connection via HTTPS, the balancer usually "undresses" it, decrypts it, and does not have the means to re-encrypt it, and this is not necessary. Usually, a balancer that receives data via an HTTPS connection passes it on to the backends using the AJP protocol, which is designed just for the balancer to communicate with the backends, because. compared to regular HTTP, it has the means to ping the availability of nodes on the backend. So your Nginx configuration should be something like:

proxy_pass        http://127.0.0.1:8009; #8009 - default AJP port on Tomcat

Report
A
Andrey Burov, 2014-08-15
@BuriK666

proxyPort="443"
specify 8080

Similar questions
N
nano_e_t_42016-09-25 01:21:57
How to write a config for a custom error_page page in nginx? 2Reply
V
vekozlov2016-09-25 22:33:18
How to set up subdomain redirection to another server? 4Reply
J
Jekson2019-02-25 12:25:07
How to avoid 502 server error when executing a heavy script? 1Reply
A
AlexanderSuz2014-09-22 14:55:42
Is it possible to translate ReWrite into nginx this code? 2Reply
T
Tarakkolya2014-09-23 21:55:08
How to configure nginx so that it listens to requests by ip address and gives the page of my site instead of a welcome page? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question