Failure to setup nginx ssl reverse proxy for apache-tomcat

bathory · 04-23-2018, 12:54 PM

Quote:

The tomcat is listening on port 8080. In my previous texts I was trying to access jasperserver through nginx on port 8083. When everything worked fine, I then changed the nginx port from 8083 to 8443 to access jasperserver using https instead of http. After I changed that it's when complications started. In fact when i try to login into jasperserver i am getting redirected to another link as I told you earlier which is https://192.168.1.128:8443/j_spring_security_check.

You mean that it works using http (nginx port 8083) and doersn't work with https (nginx port 8443)?
Maybe it gets confused because by default if you enable ssl on tomcat, it listens on port 8443. Change the nginx ssl port (use the default 443) and see what you get.

usfrank02 · 04-24-2018, 11:02 AM

Quote:

Originally Posted by bathory

You mean that it works using http (nginx port 8083) and doersn't work with https (nginx port 8443)?
Maybe it gets confused because by default if you enable ssl on tomcat, it listens on port 8443. Change the nginx ssl port (use the default 443) and see what you get.

@Bathory,

I abandoned to setup the nginx for reverse proxy as I was not able to fix the issues i was facing. I went for apache reverse proxy which is working fine for me.
Thank you anyway for your willingness to support.

regards,

manit77 · 10-25-2023, 10:09 PM

Took me several hours to figure this out mainly because the process takes so long to restart. Hope this will help someone.

this config is for jasperreports-server-cp-8.2.0

apache-tomcat/webapps/jasperserver/WEB-INF/web.xml
// add cors filter


<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>#h#t#t#p#://localhost:8002</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,PUT,OPTIONS,DELETE,PATCH</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Cache-Control,X-Suppress-Basic,Origin,Accept,X-Requested-With,Content-Type,Pragma,accept-timezone,withCredentials,X-Remote-Domain,X-Is-Visualize,x-jrs-base-url,Content-Disposition,Content-Description</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value></param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.preflight.maxage</param-name>
<param-value>300</param-value>
</init-param>
</filter>

<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>*.woff</url-pattern>
</filter-mapping>

//Disabel CSRF
apache-tomcat/webapps/jasperserver/WEB-INF/csrf/jrs.csrfguard.properties
apache-tomcat/webapps/jasperserver/WEB-INF/csrf/Websphere.jrs.csrfguard.properties //not sure if this is needed

org.owasp.csrfguard.Enabled = false
org.owasp.csrfguard.Ajax=false

// deal with underscores with nginx
// rename all instances of OWASP_CSRFTOKEN to OWASP-CSRFTOKEN (with a dash)
// could not get this to work in nginx underscores_in_headers on;

including this file: WEB-INF/csrf/Websphere.jrs.csrfguard.properties

NGINX Config:

server {
listen 443 ssl;
ssl on;
server_name reports.xxxx.com;
underscores_in_headers on;
add_header Referrer-Policy "no-referrer-when-downgrade, origin-when-cross-origin" always;

ssl_certificate /var/www/certs/certfullchain.cer;
ssl_certificate_key /var/www/certs/cert.key;

location /jasperserver {
proxy_pass h-t-t-p://10.20.1.100;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real_IP $remote_addr;

}
}

//didn't need a CookieProcessor in META-INF/context.xml