Tomcat behind reverse proxy

19. Oct 2017

Tomcat behind reverse proxy

I had to set up a system for Atlassian’s Jira and Confluence that would be accessed by at least two different URLs. The Tomcat servers are behind an NGINX server that handles the whole SSL stuff.

In the past, when such a system would have only one very specific URL I would set the proxyName=<FQDN/URL> in the connector section in the server.xml and be good. Jira or Confluence would generate the right URLs.

But in this case I ran into the problem that it would be accessed by https://url-1/ and https://url-2/. Setting the proxyName to either one of the URLs would mean that the other wouldn’t work as all the links generated by Jira or Confluence would be wrong for it.

The following config page gave me the right hint. Instead of setting the proxy in the server.xml one can just ommit it and make sure that the requests hitting the Tomcat server have the Host header set.

In NGINX I added the following line to the section where I defined the upstream proxy to the Tomcat server.

proxy_set_header Host $host;

This will make sure that with whatever URL we will access the server, it will set Host header accordingly and Tomcat, in lack of a set value, will fall back to the header.

I still keep the scheme and proxyPort in the connector settings.

proxyPort="443"
scheme="https"
Got any hints or questions? blog@aaronlauterer.com