0

This may be a noob question but I'm still learning about web servers and reverse proxy setups. I have two servers running on the same network - one Tomcat and another one Nginx which I intend to use a reverse proxy server for similar Tomcat servers. My idea of introducing a reverse proxy server came up after I understood that they can be used to hide the identity of the real web server and can be used to avail other advantages like better performance and load balancing.

The issue I am facing is, the tomcat server is accessible through both IP addresses - if I use the Nginx IP, it redirects to the Tomcat FQDN (expected) but if I ping using the FQDN tomcat.domain.com, it reveals the real IP of the Tomcat server and not that of Nginx server. Effectively, my Nginx server is not serving any purpose. What am I missing here?

Chethan S.
  • 103
  • 1
  • 11

1 Answers1

1

Don't expose the Tomcat server directly to the Internet. Put the web server into a DMZ (ie behind a firewall), then put the Tomcat server behind another firewall. You can use software firewalls provided by the operating system, or hardware firewalls, but you haven't said what OS you're using so I can't give more advice. Something like IPTables or Windows Firewall. If you're running in AWS you can use their VPC system.

You don't want to redirect from nginx to Tomcat, you want to use Nginx as a reverse proxy. Use the proxy_pass directive so requests go into the web server, the web server requests the page from Tomcat, gets the response, then sends that back to the web browser.

Tim
  • 31,888
  • 7
  • 52
  • 78
  • My Tomcat server is on Red Hat Enterprise. So, based on your answer I can probably use IPTables. Both my servers are on intranet. These won't be exposed to the outside world. Can I still use the IPTables approach? Yes, I want Nginx as the reverse proxy. I used the word redirect to point out that the site on Tomcat was showing up fine on the browser. – Chethan S. Apr 20 '16 at 05:56
  • Yes this will work fine on an Intranet. You have plenty of options, just talk to your network person it's easy for them. – Tim Apr 20 '16 at 06:59
  • Happy to help, comment or start a new questions if you need anything else. – Tim Apr 20 '16 at 07:26
  • 1
    Thanks, Tim. I tried a slightly different approach and have posted a new question http://serverfault.com/questions/771658/connect-to-a-tomcat-server-from-nginx-as-reverse-proxy. My observations made there was derived based on this article https://www.digitalocean.com/community/tutorials/how-to-optimize-your-tomcat-installation-on-ubuntu-14-04 (a little lengthy). – Chethan S. Apr 20 '16 at 10:01