I have set up Crowd + NGINX for reverse proxy and doing SSL.
Nginx:
server {
listen 80;
server_name crowd.cloud.domain.nl;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name crowd.cloud.domain.nl;
ssl_certificate /etc/pki/tls/certs/cloud.domain.nl.crt;
ssl_certificate_key /etc/pki/tls/private/cloud.domain.nl.key;
location / {
proxy_pass http://localhost:8095;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $remote_addr;
port_in_redirect off;
proxy_redirect http://localhost:8095 https://crowd.cloud.domain.nl/;
}
}
server.xml:
<Connector URIEncoding="UTF-8" acceptCount="100" compressableMimeType="text/html,text/xml,application/xml,text/plain,text/css,application/json,application/javascript,application/x-javascript" compression="on" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8095" redirectPort="8443" sendReasonPhrase="true" useBodyEncodingForURI="true" proxyName="crowd.cloud.domain.nl" proxyPort="443" scheme="https"/>
<Engine defaultHost="localhost" name="Catalina">
<Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true">
<Context path="" docBase="../../crowd-webapp" debug="0">
<Manager pathname="" />
</Context>
</Host>
</Engine>
build.properties:
# Modify the attributes of this file to quickly adjust the deployment values of Crowd.
# The Hibernate database dialect to use. See https://confluence.atlassian.com/display/CROWD/Connecting+Crowd+to+a+Database
hibernate.dialect=org.hibernate.dialect.HSQLDialect
# The http port you wish to run crowd from, ie: http://localhost:8095/crowd
crowd.tomcat.connector.port=8095
# Tomcat requires a unique port for shutdown
crowd.tomcat.shutdown.port=8020
# Crowd context root
crowd.url=http://localhost:8095/
# Demo context root
demo.url=http://localhost:8095/demo
# OpenID server context root
openidserver.url=http://localhost:8095/openidserver
I can access the login page using HTTPS, but when I try to log in I am getting in a loop.
What is wrong with my configuration? Thanks!
I found the answer myself: https://confluence.atlassian.com/crowdkb/setting-up-crowd-behind-nginx-causes-a-redirect-loop-724404195.html
I'm running into the exact same issue, only with httpd with reverse proxy instead of nginx.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
For anyone running into this same problem with apache (httpd), I was able to solve it with the following changes:
In your vhost file:
ProxyRequests off
ProxyPass / http://127.0.0.1:8095/
ProxyPassReverse / http://127.0.0.1:8095/
ProxyPreserveHost on
In your server.xml file, add:
address="127.0.0.1"
to your Connector.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.