How to use NGINX to proxy requests for Crowd
The content on this page relates to platforms that are not supported for Confluence. Consequently, Atlassian can not guarantee providing any support for the steps described on this page. Please be aware that this material is provided for your information only, and that you use it at your own risk.
Purpose
This page describes a possible way to use NGINX to proxy requests for Crowd running in a standard Tomcat container. You can find additional documentation that explains how to use Apache mod_proxy for the very same purpose.
In this example, we want a setup where Crowd can be accessed at the address http://www.example.com/crowd (on standard HTTP port 80) while Crowd itself listens on port 8095 with context path /crowd as default.
Solution
Configure Tomcat
Configure the default connector in <crowd-install>/apache-tomcat/conf/server.xml
and add Tomcat proxy redirection attributes as shown below:
<Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true"
enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25"
port="8095" redirectPort="8443" useBodyEncodingForURI="true" URIEncoding="UTF-8"
proxyName="www.example.com" proxyPort="80" scheme="http" />
Configure NGINX
Add the following location block to your NGINX configuration:
location / {
proxy_pass http://127.0.0.1:8095;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $remote_addr;
proxy_redirect off;
}
Set base URL
For the normal operation of Crowd, you will also need to set the base URL to match the proxyName value configured on server.xml. In Crowd 3.0 and later, the base URL can be configured in the web interface by going to: Cog Icon > General.
Configuring trusted proxies in Crowd
Follow the instructions in Configuring Trusted Proxy Servers to make Crowd trust the NGINX proxy.
For the settings above to take effect, you need to restart both Crowd and NGINX.