Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Crowd + NGINX + SSL

Sinan Polat June 5, 2018

I have set up Crowd + NGINX for reverse proxy and doing SSL.

 

Nginx:

server {
listen 80;
server_name crowd.cloud.domain.nl;
return 301 https://$server_name$request_uri;
}

server {
listen 443 ssl;
server_name crowd.cloud.domain.nl;
ssl_certificate /etc/pki/tls/certs/cloud.domain.nl.crt;
ssl_certificate_key /etc/pki/tls/private/cloud.domain.nl.key;
location / {
proxy_pass http://localhost:8095;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $remote_addr;
port_in_redirect off;
proxy_redirect http://localhost:8095 https://crowd.cloud.domain.nl/;
}
}

server.xml:

 <Connector URIEncoding="UTF-8" acceptCount="100" compressableMimeType="text/html,text/xml,application/xml,text/plain,text/css,application/json,application/javascript,application/x-javascript" compression="on" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8095" redirectPort="8443" sendReasonPhrase="true" useBodyEncodingForURI="true" proxyName="crowd.cloud.domain.nl" proxyPort="443" scheme="https"/>

<Engine defaultHost="localhost" name="Catalina">
<Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true">
<Context path="" docBase="../../crowd-webapp" debug="0">
<Manager pathname="" />
</Context>
</Host>

</Engine>
 

build.properties:

# Modify the attributes of this file to quickly adjust the deployment values of Crowd.

# The Hibernate database dialect to use. See https://confluence.atlassian.com/display/CROWD/Connecting+Crowd+to+a+Database
hibernate.dialect=org.hibernate.dialect.HSQLDialect

# The http port you wish to run crowd from, ie: http://localhost:8095/crowd
crowd.tomcat.connector.port=8095

# Tomcat requires a unique port for shutdown
crowd.tomcat.shutdown.port=8020

# Crowd context root
crowd.url=http://localhost:8095/

# Demo context root
demo.url=http://localhost:8095/demo

# OpenID server context root
openidserver.url=http://localhost:8095/openidserver
 

 

I can access the login page using HTTPS, but when I try to log in I am getting in a loop.

 

What is wrong with my configuration? Thanks! 

2 answers

1 accepted

Alan Holt
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
June 21, 2018

I'm running into the exact same issue, only with httpd with reverse proxy instead of nginx.

0 votes
Alan Holt
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
June 21, 2018

For anyone running into this same problem with apache (httpd), I was able to solve it with the following changes:

In your vhost file:


ProxyRequests off
ProxyPass / http://127.0.0.1:8095/
ProxyPassReverse / http://127.0.0.1:8095/
ProxyPreserveHost on 

 

In your server.xml file, add:

address="127.0.0.1"

to your Connector.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events