Nginx SSL + Tomcat (for Confluence)

Feb 12, 2010 - tomcat confluence nginx

I have an Nginx frontend to serv everything but confluence which was not happy with my SSLized conf, here is the solution !

This doc is related to confluence but will works with any java apps in a tomcat

First don’t use the standalone version of confluence (which is a Tomcat 5.5), use the EAR/WAR tar gz archive.

We need Tomcat 6 cause we will use a “Valve” [RemoteIPValve](http://tomcat.apa che.org/tomcat-6.0-doc/api/org/apache/catalina/valves/RemoteIpValve.html) that will check for a header (X-Forwarded-Proto) to see if the source request was secured by SSL.

Inside tomcat server.xml simply add a Valve configuration in your Host definition:

<Valve className="org.apache.catalina.valves.RemoteIpValve"
protocolHeader="X-Forwarded-Proto"  protocolHeaderHttpsValue="https" />

In your nginx.conf, just forward the header:

location /confluence {
proxy_pass  http://localhost:8010;
proxy_set_header X-Forwarded-Proto  https;
proxy_set_header Host $http_host;
}

This is the same mechanism you will find with rails or Django and Nginx.

Remember to listen only on localhost with Tomcat or your nginx proxy is useless:

<Connector address="127.0.0.1" port="8010" protocol="HTTP/1.1"
connectionTimeout="20000"
URIEncoding="UTF-8"  />

Happy SSL !

Thanks to Super Chinois for the java mess.