I posted this on stackoverflow by mistake (https://stackoverflow.com/questions/65942820/nginx-proxy-to-tomcat) and I'm putting it here as well in hope of finding some solution.
I went through dozens of tutorials and I can't figure out following (althougt it should be pretty basic):
I have my compiled vue application in /var/www/mydomain.com and I want it to be shared as static content.
My backend running on 8080 by tomcat with public APIs on /api/something... URLs. The URLs are hardcoded including the "api" part.
I'd like to configure nginx to proxy mydomain.com/api/something... requests to tomcat and rest be served statically from /var/www/mydomain.com. Everything served through SSL.
I litterally don't need anything else.
Can you help me configure the nginx and tomcat to achieve that? Thank you!
nginx config /etc/nginx/sites-available/mydomain.com
upstream tomcat {
server 127.0.0.1:8080 fail_timeout=0;
}
server {
listen 443 ssl default_server;
#listen [::]:443 ssl default_server;
root /var/www/mydomain.com;
index index.html index.htm index.nginx-debian.html;
server_name _ mydomain.com www.mydomain.com;
location /api/ {
include proxy_params;
proxy_set_header Host $server_name;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://tomcat;
}
location / {
try_files $uri $uri/ /index.html;
}
ssl_certificate /etc/letsencrypt/live/www.mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.mydomain.com/privkey.pem; # managed by Certbot
}
server {
if ($host = www.mydomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = mydomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name _ mydomain.com www.mydomain.com;
return 404; # managed by Certbot
}
(1) Alternative location block I'm experimenting with
location /api/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://localhost:8080/api/;
}
(2) Alternative block suggested by Praveen Premaratne.
This way I get "GET /api/docs HTTP/1.0" 302 - and static files work as well. Going to /api/docs makes redirect to domain:8443/api/docs where I get ERR_CONNECTION_REFUSED.
location /api/ {
include proxy_params;
proxy_pass http://tomcat;
}
location / {
try_files $uri $uri/ /index.html;
}
(3) Alternative using subdomain.
I was able to create subdomain api.mydomain.com and configure nginx to go to index page from there (adding following block). No idea how to do the proxing afterwards.
server {
listen 443 ssl;
root /var/www/www.mydomain.com; <- redundand I guess?
index index.html index.htm index.nginx-debian.html; <- redundand I guess?
server_name api.mydomain.com
ssl_certificate /etc/letsencrypt/live/www.mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.mydomain.com/privkey.pem; # managed by Certbot
}
Tomcat config server.xml
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
address="127.0.0.1"
redirectPort="8443" />
<Engine name="Catalina" defaultHost="localhost">
...
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="localhost_access_log" suffix=".txt"
requestAttributesEnabled="true"
pattern="%h %l %u %t &quot;%r&quot; %s %b" />
<Valve className="org.apache.catalina.valves.RemoteIpValve"
protocolHeader="X-Forwarded-Proto" />
...
Current situation is that when I go to mydomain.com/api/docs where swagger should be running, I get redirected back to mydomain.com or get 500 or 502 error.
