SSL + NGINX + Tomcat

Quick guide to secure Tomcat running behind NGINX as reverse proxy/load balancer

SSL + NGINX + Tomcat

Step1: Test App built with Spring framework

Root URL with non secure session cookie

Step 2: Scaling and securing the app for production

URL is secure via https but Session cookie is still not secure

Why this happened?

STEP 3: Telling Tomcat to respect originating protocol scheme from our NGINX

<Valve className=”org.apache.catalina.valves.RemoteIpValve”
internalProxies=”127\.0\.[0–1]\.1"
remoteIpHeader=”x-forwarded-for”
requestAttributesEnabled=”true”
protocolHeader=”x-forwarded-proto”
protocolHeaderHttpsValue=”https”/>

Fully Secured SSL integration of NGINX with Tomcat

Director Of Engineering @Paytm | Entrepreneur | Strategic leader

Director Of Engineering @Paytm | Entrepreneur | Strategic leader