5.4. Proxy Configuration for Tomcat

For integration tasks, you may need a proxy server. This part describes the configuration of Nginx HTTP-server as a proxy for CUBA application.

If you set up a proxy, do not forget to set cuba.webAppUrl value.
NGINX

For Nginx there are 2 configurations described below. All examples were tested on Ubuntu 16.04.

  1. Direct Proxy

  2. Redirect to Path

For example, your web application works on http://localhost:8080/app.

Tomcat should be configured as well.
Tomcat Setup

First, add Valve to Tomcat configuration conf/server.xml, copy and paste the following code:

<Valve className="org.apache.catalina.valves.RemoteIpValve"
        remoteIpHeader="X-Forwarded-For"
        requestAttributesEnabled="true"
        internalProxies="127\.0\.0\.1"  />

and restart Tomcat:

sudo service tomcat8 restart

This is required to dispatch Nginx headers by Tomcat without modifying the web application.

Then install Nginx:

sudo apt-get install nginx

Navigate to http://localhost and ensure that Nginx works, you will see Nginx welcome page.

Now you may delete the symlink to default Nginx site:

rm /etc/nginx/sites-enabled/default

Next, configure your proxy one of the options selected below.

Direct Proxy

In this case the requests are handled by proxy, transparently passing to the application.

Create Nginx site configuration file /etc/nginx/sites-enabled/direct_proxy:

server {
    listen 80;
    server_name localhost;

    location /app/ {
        proxy_set_header Host               $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-Proto  $scheme;

        # Required to send real client IP to application server
        proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP          $remote_addr;

        # Optional timeouts
        proxy_read_timeout      3600;
        proxy_connect_timeout   240;
        proxy_http_version      1.1;

        # Required for WebSocket:
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        proxy_pass              http://127.0.0.1:8080/app/;
    }
}

and restart Nginx

sudo service nginx restart

Now you can access your site via http://localhost/app.

Redirect to Path

This example describes how to change the application’s URL path from /app to /, as if the application were deployed in the root context (similar to /ROOT). This will allow you to access the application at http://localhost.

Create Nginx site configuration file /etc/nginx/sites-enabled/root_proxy:

server {
    listen 80;
    server_name localhost;

    location / {
        proxy_set_header Host               $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-Proto  $scheme;

        # Required to send real client IP to application server
        proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP          $remote_addr;

        # Optional timeouts
        proxy_read_timeout      3600;
        proxy_connect_timeout   240;
        proxy_http_version      1.1;

        # Required for WebSocket:
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        proxy_pass              http://127.0.0.1:8080/app/;

        # Required for folder redirect
        proxy_cookie_path       /app /;
        proxy_set_header Cookie $http_cookie;
        proxy_redirect http://localhost/app/ http://localhost/;
    }
}

and restart Nginx

sudo service nginx restart

Now you can access your site via http://localhost.

Please note, that similar deployment instructions are valid for Jetty, WildFly etc. In such cases, you may need an additional configuration of those servers.