0

I have nginx with ssl in front of tomcat 8 and moqui is inside of tomcat.

The webapp part in moqui conf file is 

<webapp name="webroot" http-port="" https-enabled="false">
    <root-screen host=".*" location="component://webroot/screen/webroot.xml"/>
</webapp>

The nginx conf for ssl header 

     proxy_set_header        Accept-Encoding     "";
     proxy_set_header        X-Forwarded-For     $remote_addr;
     proxy_set_header        Host                $http_host;
     proxy_set_header        X-Forwarded-Host    $host;
     proxy_set_header        X-Forwarded-Server  $host;
     proxy_set_header        X-Real-IP           $remote_addr;
     proxy_set_header        X-Forwarded-Proto   $scheme;

     proxy_pass http://localhost:8080/;
     proxy_http_version 1.1;

Tomcat add RemoteIpValve

<Valve className="org.apache.catalina.valves.RemoteIpValve"
   internalProxies="192\.168\.1\.14|127\.0\.0\.1"
   remoteIpHeader="x-forwarded-for"
   remoteIpProxiesHeader="x-forwarded-by"
   protocolHeader="x-forwarded-proto"
/>

This should be working for tomcat (moqui) to have https:// address for all resources.

But I get a strange pattern on addresses. every 3 times refreshing a page (e.g. Login), I get once right on https:// address, the other two times get http://. If I refresh page very fast, then the pattern changes, one or two times with http://, then once with https://. When it is https:// page and links on the pages are also https, it goes to http when click through a link on the page.

I run nginx 1.8.0 and tomcat 8 with moqui 1.6.2. I don't know if anyone run into this problem as well. And I can't tell whether it is issue with nginx and tomcat, or something with moqui. Very appreciate for any idea.

Jimmy Shen
  • 240
  • 1
  • 12

1 Answers1

1

What are you trying to do, always go through HTTPS (except for screens set to not require it)?

If so webapp.@https-enabled should be true, and for best results in URL generation you should also tell it the http/https ports (if no 80/443) and the http/https hosts (all in attributes on the webapp element).

If the problem is not in URL generation or forwarding to HTTPS for non-secure requests when https is required for a screen (which is what the webapp element settings are for) then you may have issues with nginx or Tomcat configuration.

David E. Jones
  • 1,721
  • 1
  • 9
  • 8
  • I are trying to do is setup multiple (indefinite) hostname dynamically to one moqui instance. So it is not best to configure them in webapp-list which is static. and I followed the way you told me before to set up a loadbalancer in front of moqui and configure moqui with http connection. I now figured out what is wrong with the my configuration. In RemoteIpValue of tomcat configuration. I set internalProxy=".*", then it works all fine. – Jimmy Shen Feb 01 '16 at 02:12
  • My laptop's internal ip is 192.168.1.14, and nginx and tomcat both run on my laptop. I also open an VPN client, so I am not sure the multiple network adapter environment causes the 3 times redirect. I will have it deployed on server environment where network would be simple. – Jimmy Shen Feb 01 '16 at 02:12