Nginx + Tomcat7 for single webapp and multiple alias domain

dubstep · September 14, 2011, 1:26pm

I am thinking about using NGINX instead of Apache to deliver a Tomcat7
webapp on Port :80 to the enduser.

I have the following requirements:

There is a single web-app in the root with any urls (its own
internal urlrewriting). It has various URLs pointing to it for several
languages (and partially other content)
Another admin-webapp exists

My questions are:

(a) would it be a good idea to use NGINX a without Apache Http server,
just with Apache Tomcat7 ?
(b) how can I set this up so that the Tomcat App always know the domain
name the user was using when calling the page?
(c) will the tomcat app still be able to know the IPs of every user?

Thanks!

Tobias

Posted at Nginx Forum:

tm1978 · September 15, 2011, 5:47am

Yes, It is good for you to NGINX in front of your application server,
for that you will gain extra features, ie. load-control and DoS
tolerance for your stability.

And it is simple for you to configure NGINX to use tomcat as backend.
When your tomcat listens localhost:8080, the nginx configuration may be
like this:

location / {
proxy_pass 127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
}

so you will get the clients’ real IP from the HTTP header “X-Real-IP”

hope this helps

Posted at Nginx Forum:

tm1978 · September 15, 2011, 11:31am

2011/9/14 tm1978 [email protected]:

My questions are:

(a) would it be a good idea to use NGINX a without Apache Http server,
just with Apache Tomcat7 ?
(b) how can I set this up so that the Tomcat App always know the domain
name the user was using when calling the page?
(c) will the tomcat app still be able to know the IPs of every user?

For this you will have to setup a RemoveIpValve 1 in your
context.xml/server.xml/context.xml.default like this:

<Valve
    className="org.apache.catalina.valves.RemoteIpValve"
    remoteIpHeader="X-Forwarded-For"
    protocolHeader="X-Forwarded-Proto" />

In nginx you may use configuration provided by cfsego but don’t forget
to add X-Forwarded-Proto if you use https on nginx. Also you may
remove X-Real-IP header because it’s not used in this setup:

location / {
proxy_pass 127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header $remote_addr;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

}

This way Tomcat will be aware of https and will use secure cookies for
sessions.