How to use NGINX to proxy requests for Crowd

Still need help?

The Atlassian Community is here for you.

Ask the community

The content on this page relates to platforms that are not supported for Confluence. Consequently, Atlassian can not guarantee providing any support for the steps described on this page. Please be aware that this material is provided for your information only, and that you use it at your own risk.

Purpose

This page describes a possible way to use NGINX to proxy requests for Crowd running in a standard Tomcat container. You can find additional documentation that explains how to use Apache mod_proxy for the very same purpose.

In this example, we want a setup where Crowd can be accessed at the address http://www.example.com/crowd (on standard HTTP port 80) while Crowd itself listens on port 8095 with context path /crowd as default.

Solution

Configure Tomcat

Configure the default connector in <crowd-install>/apache-tomcat/conf/server.xml and add Tomcat proxy redirection attributes as shown below:

<Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" 
	enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" 
	port="8095" redirectPort="8443" useBodyEncodingForURI="true" URIEncoding="UTF-8" 
	proxyName="www.example.com" proxyPort="80" scheme="http" />

Configure NGINX

You will need to specify a listening server in NGINX like in the example below. Add the following to your NGINX configuration:

server {
    listen www.example.com:80;
    server_name www.example.com;
    location / {
            proxy_pass http://localhost:8095;
            proxy_set_header    Host            $host;
            proxy_set_header    X-Real-IP       $remote_addr;
            proxy_set_header    X-Forwarded-for $remote_addr;
            port_in_redirect off;
            proxy_redirect     http://localhost:8095            http://www.example.com/
    }
}

Set base URL

For normal operation of Crowd, you will also need to set the base URL accordingly. In this example, the base URL shall be set to http://www.example.com/

So, the crowd.properties of your Crowd instance should look like the following one (replacing the www.example.com with your domain):

#Tue Mar 25 09:20:06 BRT 2014
session.lastvalidation=session.lastvalidation
application.password=To7CfmPz
session.isauthenticated=session.isauthenticated
application.name=crowd
crowd.server.url=http\://www.example.com/crowd/services/
session.validationinterval=0
session.tokenkey=session.tokenkey
application.login.url=http\://www.example.com

(info) In Crowd 3.0 and later, the base URL can be configured in the web interface by going to:  > General.

Configuring trusted proxies in Crowd

Follow the instructions in Configuring Trusted Proxy Servers to make Crowd trust the NGINX proxy.

For the settings above to take effect, you need to restart both Crowd and NGINX.



Last modified on May 10, 2018

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.