cancel
Showing results for 
Search instead for 
Did you mean: 

How to set up NGINX to act as reverse proxy?

Former Member
0 Kudos

Hello.

We are trying to set up our NGINX instance to act as reverse proxy. When a customer tries to login to web shop account (for example, during checkout process), hybris server sends redirects, based on an absolute path, containing its own FQDN (hyb.dmz.test.com). This works fine, as long as we are in internal network but of course does not work out of the Internet. Is there some way to change hybris behavior? What is wrong with our NGINX config snippet?

Our NGINX config sniplet:

server {

     listen XXX.XXX.XXX.XXX:443 ssl;
     server_name hybrisdemo.test.com;

     access_log  /var/log/nginx/ hybrisdemo.test.com.access.log;
     error_log  /var/log/nginx/ hybrisdemo.test.com.error.log;

     location /login {
             proxy_pass  https:// hyb.dmz.test.com:9002;
             }

     location / {
             proxy_pass  http:// hyb.dmz.test.com:9001;
             }

}

Best regards.

Accepted Solutions (1)

Accepted Solutions (1)

andyfletcher
Active Contributor
0 Kudos

This is what I've used in the past

 server {
   listen 80;
   server_name localhost;

    location / {
      proxy_pass http://localhost:9001;
      proxy_set_header Host $http_host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   }
 }

 server {
   listen 443;
   server_name localhost;
   ssl on;
   ssl_certificate /etc/nginx/ssl/server.crt;
   ssl_certificate_key /etc/nginx/ssl/server.key;
   location / {
     proxy_pass http://localhost:9001;
     proxy_set_header Host $http_host;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto https;
     proxy_redirect off;
   }
 }

Then in Tomcat's server.xml get it to pick up on whether the connection is http or https with a valve e.g.

 <Valve className="org.apache.catalina.valves.RemoteIpValve"
    internalProxies="127\.0\.0\.1"
    protocolHeader="x-forwarded-proto" />

This does mean that ssl is terminated at Nginx rather than Tomcat and that traffic between Nginx and Tomcat is unencrypted, but then I'm assuming that they are on the same box, or at least in the same secured network. Also I've haven't used this in a production environment before, only for dev but didn't experience any issues.

Former Member
0 Kudos

Very useful answer, thanks man!

Answers (1)

Answers (1)

Former Member
0 Kudos

Hello Andrew.

Thank you for your help. We made changes in our nginx config according to your example. Everything is ok now.

Best regards. .