My project is nginx+spring boot,
,spring boot is port 8080
,After I use nginx to forward, request.getRequestURL() can only get http but not https
public static String getRootUrl(HttpServletRequest request){
StringBuffer url = request.getRequestURL();
String tempContextUrl = url.delete(url.length() - request.getRequestURI().length(), url.length()).append(request.getSession().getServletContext().getContextPath()).append("/").toString();
return tempContextUrl;
}
nginx is configured with https
server {
listen 80;
server_name xx.xxx.xx;
add_header Strict-Transport-Security max-age=15768000;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name xx.xxx.xxx;
keepalive_timeout 10m;
ssl_certificate cert.pem; #
ssl_certificate_key cert.key; #
ssl_session_timeout 24h;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
add_header Content-Security-Policy upgrade-insecure-requests;
}
}
your nginx proxy to port 8080, this application is a integrated tomcat server, you not configure ssl in this tomcat , so, inside of the application, it is http, you can configure ssl in spring boot.
Related
I try in my nginx config to use the auth_request. I have an backend running on localhost:8081/welcome. It checks the token in the cookie. If the token is invalid, the server responds with 500. If it succeeds I have a 404 not found. I don't know why because on localhost:4500 is running another service.
I try to call the /protected route and get the error.
When I call /api/application everything works fine.
This is my the part of my config:
location /api/ {
proxy_pass http://localhost:4500;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header content-type "application/json";
proxy_cache_bypass $http_upgrade;
proxy_set_header Connection 'upgrade';
}
location /api/application {
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:4500;
}
location /protected {
auth_request /auth;
auth_request_set $auth_status $upstream_status;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:4500;
}
location = /auth {
internal;
proxy_pass http://localhost:8081/welcome;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
}
Do you have any suggestions, why I get a 404 not found?
Thank you very much!
I have read the docs about how to serve springdoc behind a reverse proxy (https://springdoc.org/index.html#how-can-i-deploy-springdoc-openapi-ui-behind-a-reverse-proxy) and also checked all of the questions about the topic but still having a problem.
I'm serving a spring-boot (2.6.2 version) application in a subdirectory with nginx:
location /subdirectory/ {
proxy_pass http://127.0.0.1:8080/;
proxy_redirect off;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Prefix "/subdirectory/";
proxy_set_header X-Forwarded-Host $http_x_forwarded_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-Protocol https;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Url-Scheme https;
}
I have also configured Spring Boot as per docs:
application.properties:
server.forward-headers-strategy=framework
server.tomcat.redirect-context-root=false
When I visit my domain for a normal request to the Spring Boot API works fine, e.g.:
GET https://example.com/subdirectory/countries - OK 200 Returns the expected JSON
But when I try to visit the springdoc swagger-ui with:
GET https://example.com/subdirectory/swagger-ui/index.html - OK 200
I get a 200 OK but the .css and .js files requests return 404. I see a blank page and nothing about swagger. Am I missing something?
I think you are missing forwarding filter.
#Bean
ForwardedHeaderFilter forwardedHeaderFilter() {
return new ForwardedHeaderFilter();
}
I trying to open JSP files using docker containers and nginx server. I run spring boot app by making it as a container. But when I try to open http://152.18.5.150:8081/hello page it cannot find root path.
My app/Dockerfile
FROM openjdk:8
ADD jarfolder/docker-spring-controller.jar docker-spring-controller.jar
EXPOSE 8081
ENTRYPOINT ["java", "-jar", "/docker-spring-controller.jar"]
docker-compose.yml
version: '3'
services:
nginx:
container_name: some-nginx-control
image: nginx:1.13
restart: always
ports:
- 80:80
- 443:443
volumes:
- ./nginx/conf.d:/etc/nginx/conf.d
depends_on:
- app
app:
restart: always
build: ./app
ports:
- "8081:8081"
db:
restart: always
container_name: docker-postgresql_2
image: postgres:9.6
environment:
- POSTGRES_PASSWORD=password
- POSTGRES_USER=postgres
- POSTGRES_DB=abdu
- PGDATA=/var/lib/postgresql/data/pgdata
ports:
- "5432:5432"
/nginx/conf.d/app.conf
server {
listen 80;
charset utf-8;
access_log off;
location ~ \.jsp$ {
root app/;
expires 30d;
}
location / {
proxy_pass http://app:8081;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /hello {
proxy_pass http://app:8081/hello;
}
location /static {
access_log off;
expires 30d;
alias /app/static;
}
}
application.properties
spring.mvc.view.prefix=/WEB-INF/jsp/
spring.mvc.view.suffix=.jsp
server.port=8081
MyController.java
#Controller
public class MyController {
#RequestMapping("/welcome")
public String welcome_page() { //ModelMap map
return "welcome";
}
#RequestMapping("/hello")
public String hello_page() { //ModelMap map
return "hello";
}
}
when i run command docker ps -a
IMAGE PORTS
nginx:1.13 0.0.0.0:80->80/tcp
docker-spring-controller_app 0.0.0.0:8081->8081/tcp
.jsp files are app/src/main/webapp/WEB-INF/jsp/
Please help me. Where I am making mistake
I have spring boot application running on URL: http://localhost:8080, with two endpoints:
/endpoint1
/login2 - login page for authentication
Then I run it behind proxy server - nginx running on port 81. In the nginx configuration when I put something like this:
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header Host $host;
proxy_pass http://localhost:8080/;
}
then everything works fine: when I use http://localhost:81/endpoint1 then I'm redirected to http://localhost:81/login2.
However I'd like my nginx application URL to look like http://localhost:81/my_prefix/login2. So I've added the prefix to nginx configuration:
location /my_prefix/ {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header Host $host;
proxy_pass http://localhost:8080/;
}
But when I try with URL: http://localhost:81/my_prefix/endpoint1 then I'm redirected to: http://localhost:81/login2 - without /my_prefix.
In my Spring WebSecurityConfigurerAdapter configuration class I have some security configuration with login page for authentication:
#Override
protected void configure(final HttpSecurity http) throws Exception {
http.csrf().disable()
.addFilterBefore(authenticationFilter(), UsernamePasswordAuthenticationFilter.class)
.authorizeRequests()
.antMatchers("/", "/metadata", "/favicon.ico", "/api/**", "/*.css", "/*.js").permitAll()
.antMatchers("/admin/**").hasRole("ADMIN")
.anyRequest().hasRole("USER").and()
.formLogin().loginPage("/login2").permitAll()
.and()
.logout().logoutSuccessUrl("/");
}
Also I have property: server.use-forward-headers: true
How can I force Spring MVC to include nginx location prefix (/my_prefix) when redirecting to login page?
You need to send a header X-Forwarded-Prefix: /my_prefix from your nginx and enable forward headers in Spring Boot application.yaml
server.forward-headers-strategy: FRAMEWORK
See Running Behind a Front-end Proxy Server
You need to change this:
proxy_pass http://localhost:8080/;
to this:
proxy_pass http://localhost:8080;
I have two projects which are running on Tomcat7.
http://localhost:8080/mysite1 and http://localhost:8080/mysite2
mysite1.com and mysite2.com should work on one server.
Example nginx configuration.
server {
server_name mysite1.com;
return 301 $scheme://www.mysite1.com$request_uri;
}
server {
server_name www.mysite1.com;
root /var/lib/tomcat7/webapps/mysite1;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080/;
}
}
server {
server_name mysite2.com;
return 301 $scheme://www.mysite2.com$request_uri;
}
server {
server_name www.mysite2.com;
root /var/lib/tomcat7/webapps/mysite2;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080/mysite2/;
}
}
Please, direct me.