changeset 1698:7e4396e467de

Add documentation about running Tomcat behind a proxy.
author Robert Casties <casties@mpiwg-berlin.mpg.de>
date Tue, 18 Dec 2018 11:35:41 +0100
parents fc8e4f893db1
children 79b95ce5d315
files doc/src/site/markdown/server-setup.md
diffstat 1 files changed, 21 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/doc/src/site/markdown/server-setup.md	Sun Dec 16 18:49:16 2018 +0100
+++ b/doc/src/site/markdown/server-setup.md	Tue Dec 18 11:35:41 2018 +0100
@@ -71,7 +71,8 @@
 
     # do not forward-proxy!
     ProxyRequests off
-    # set proxy proto header
+    # set proxy headers
+    ProxyPreserveHost On
     RequestHeader set X-Forwarded-Proto "https"
     # digilib instances 
     <Proxy balancer://digilibs>
@@ -96,4 +97,22 @@
 then you should make sure that Jetty processes the `X-Forwarded-*` headers from the proxy server to derive the 
 correct request URL for the servlets.
 
-Please see [this information for Jetty 9.4](http://www.eclipse.org/jetty/documentation/9.4.x/configuring-connectors.html#_proxy_load_balancer_connection_configuration) or [this information for Jetty 8 and earlier versions](https://wiki.eclipse.org/Jetty/Tutorial/Apache#Configuring_mod_proxy_http).
+Please see [this information for Jetty 9.4](http://www.eclipse.org/jetty/documentation/9.4.x/configuring-connectors.html#_proxy_load_balancer_connection_configuration)
+or [this information for Jetty 8 and earlier versions](https://wiki.eclipse.org/Jetty/Tutorial/Apache#Configuring_mod_proxy_http).
+
+## Tomcat behind a proxy
+
+When you are using [Tomcat](https://tomcat.apache.org) as a servlet container behind an Apache or nginx proxy then 
+you should make sure that Tomcat processes the `X-Forwarded-*` headers from the proxy server to derive the 
+correct request URL for the servlets.
+
+Please see the Tomcat documentation about the [Remote IP Valve](https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Remote_IP_Valve).
+You basically need to add the following XML tag with your proxy's IP numbers to the `Host` tag of your `server.xml` file:
+```
+  <Valve className="org.apache.catalina.valves.RemoteIpValve"
+    internalProxies="127\.0\.0\.1|123\.45\.67\.89"
+    remoteIpHeader="x-forwarded-for" 
+    proxiesHeader="x-forwarded-by" 
+    protocolHeader="x-forwarded-proto" />
+```
+and make sure `ProxyPreserveHost` is set to `on`.