Hello Everyone,

I am really facing challenges to setup nginx ssl reverse proxy for apache-tomcat. We have a need to apply self-signed ssl certificate on a reporting application built on jaspersoft. The jasper reports can be accessed on port 8080 but we want to change that port into 443 and apply self-signed ssl certificate. To achieve that, i installed nginx on the server and i can get the nginx welcome page. I created already the certificate to be deployed but the issue i am getting is to redirect the request to the apache-tomcat web server. Can someone help me please?

Below is what have done.

i edited /etc/nginx/nginx.config and I added the following

include /etc/nginx/sites-enabled/*.conf;
server_names_hash_bucket_size 64;
in the /etc/nginx/sites-available/jasper I added this;
server {
listen 80;
server_name 192.168.1.128;
location / {
root /home/jasper/apache-tomcat/webapps/jasperserver;
index index.html index.htm;
try_files $uri $uri/ =404;
} error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}

upstream tomcat_server {
# Tomcat is listening on default 8081 port
server 127.0.0.1:8081 fail_timeout=0;
}
server { listen 443 ssl;
server_name localhost;

ssl on;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv2 TLSv1;

ssl_certificate /etc/pki/tls/certs/ca.crt;
ssl_certificate_key /etc/pki/tls/private/bi.key;

root /home/jasper/apache-tomcat/webapps/jasperserver;
index index.html index.htm index.xml;
ssl_session_cache shared:SSL:10m;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;
# note, there is not SSL here! plain HTTP is used
proxy_pass http://192.168.1.128:8081;
}
}

On the apache-tomcat site I applied the following changes in /home/jasper/apache-tomcat/conf/server.xml:

<Connector port="8081" URIEncoding="UTF-8" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="443" proxyName="localhost" proxyPort="443" scheme="https"/>



But when i browser to the page https://192.168.1.128/jasperserver

i get the error message the page can't be displayed. But when i browse to http://192.168.1.128 i get a welcome page to nginx.

please let me know where the issue is.

This is a IE error.
I'm not using windows nor its browser but after reading this, it could be that the protocols you use using are not supported by IE.
Not to mention that SSLv2 is unsecure. So are SSLv3, TLSv1, TLSv1.1.
Try to use TLSv1.2 (along with some secure ciphers) and see if it helps:

Thank you for your kind response.
However i don't think it's something related to the incompatibility of the ssl certificate with the browser because even without using the ssl certificate i still struggle. Please see the configurations made without encryption and see the error i am getting maybe it can give you a clue of what issue i am really facing.

Hello Everyone,

I am really facing challenges to setup nginx ssl reverse proxy for apache-tomcat. We have a need to apply self-signed ssl certificate on a reporting application built on jaspersoft. The jasper reports can be accessed on port 8080 but we want to change that port into 443 and apply self-signed ssl certificate. To achieve that, i installed nginx on the server and i can get the nginx welcome page. I created already the certificate to be deployed but the issue i am getting is to redirect the request to the apache-tomcat web server. Can someone help me please?

Below is what have done.

the configuration for /etc/nginx/nginx.config is as follow:
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
worker_connections 1024;
}

http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
#include /etc/nginx/mime.types;
default_type application/octet-stream;

# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*.conf;
server_names_hash_bucket_size 64;
}

Below is configuration of my proxy reverse in /etc/nginx/sites-available/jasper which is soft linked with /etc/nginx/sites-enabled/jasper

upstream tomcat_server {
# Tomcat is listening on default 8081 port
server 127.0.0.1:8080 weight=100 max_fails=5 fail_timeout=5;
}
server { listen 80;
server_name localhost;

# ssl on;
# ssl_session_timeout 5m;
# ssl_protocols SSLv2 SSLv2 TLSv1;

# ssl_certificate /etc/pki/tls/certs/ca.crt;
# ssl_certificate_key /etc/pki/tls/private/bi.key;

root /opt/jasperreports-server-cp-6.2.1/apache-tomcat/webapps/jasperserver;
access_log /var/log/nginx/somesite.org.access.log;

# index index.html index.htm index.xml;
# ssl_session_cache shared:SSL:10m;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080/jasperserver;
}
}


On the apache-tomcat site I applied the following changes in /home/jasper/apache-tomcat/conf/server.xml:

<Connector port="8080" URIEncoding="UTF-8" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="80" proxyName="localhost" proxyPort="80" scheme="http"/>



But when i browser to the page http://192.168.1.128/jasperserver

i get the error message the page can't be displayed. But when i browser to http://192.168.1.128 i get the nginx welcome page which means nginx is okay as well as

The access log is as below:
Myipaddress - - [17/Apr/2018:11:00:34 +0200] "GET /jasperserver/login.html HTTP/1.1" 404 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 OPR/52.0.2871.40" "-"
Myipaddress - - [17/Apr/2018:11:01:16 +0200] "GET /jasperserver/login.html HTTP/1.1" 404 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 OPR/52.0.2871.40" "-"
Myipaddress- - [17/Apr/2018:11:01:38 +0200] "GET /jasperserver/login.html HTTP/1.1" 404 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 OPR/52.0.2871.40" "-"
Myipaddress - - [17/Apr/2018:11:01:39 +0200] "GET /jasperserver/login.html HTTP/1.1" 404 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 OPR/52.0.2871.40" "-"
Myipaddress - - [17/Apr/2018:11:10:37 +0200] "GET /jasperserver HTTP/1.1" 404 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0" "-"
Myipaddress - - [17/Apr/2018:11:10:44 +0200] "GET /jasperserver HTTP/1.1" 404 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0" "-"


please let me know where the issue is.

Using the syntax above, you should go to http://192.168.1.128/ and you'll get whatever is running on tomcat URL: http://127.0.0.1:8080/jasperserver
Otherwise you'll need:

I am sorry my dear but i get the same result even after adding the suggested change!

I guess you restart nginx and clear your browser cache before testing.

Hi Bathory,

Yes I did restart nginx by runing the command /etc/init.d/nginx restart. I cleared the web cache as well and I tested for on 3 different brwosers: Firefox, Chrome and Opera.

Regards,

Frank

Where do you get this 404 error from? I see the 404 page has 0 bytes size, so I guess it's from nginx and not from tomcat.

If that's the case, nginx does not work as a reverse proxy, because it's not loading the /etc/nginx/sites-available/jasper.
You need to rename it to /etc/nginx/sites-available/jasper.conf, because in only includes files with a .conf extension

Hi Bathory,

I really appreciate your effort to help me fixing the issue. I captured the logs from /var/log/nginx/access.log. As for the change you suggested on file naming, I've done it as you can see it below.

/etc/nginx/sites-available/jasper.conf

But still no changes.

Best regards,

Frank

Yes, but this 404 is it from nginx, or tomcat? I guess the former.


Sorry to ask dumb questions, but did you change the symlink afterwards?
Of course restart nginx and clear browser cache before testig.
Also use http://localhost/jasperserver instead of http://192.168.1.128/jasperserver, because the server_name is localhost in nginx.conf

Bathory,

Yes I did recreate the soft symbolic link. Of course i am clearing the cache before testing. The reseason why i am browsing to http://192.168.1.128/jasperserver instead of http://localhost/jasperserver is because i am accessing the server through ssh. I am not physically connected to the server. I think now i have some evolution. When i browse to http://192.168.1.128/jasperserver i am being redirected to http://localhost/jasperserver but no content is displayed. Instead, I get this error message on the browser: Firefox can’t establish a connection to the server at localhost.. When I check the logs on /var/log/nginx/access.log I get the following error;

"GET / HTTP/1.1" 302 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0"

What does this error mean?

Then use:

This means that the webserver is not running, or not listening on 127.0.0.1 port 80.


It's not an error. The 302 status code means a temporary redirect (probably due to proxy). If you use Shift-Reload in your browser, you'll get a fresh copy of the webpage.
But if you're testing your reverse proxy setup, it should be "GET /jasperserver HTTP/1.1" ..." and not "GET / HTTP/1.1" ..."

Sorry Dear,

I've disturbed so much, i am so sorry for that but i really need a solution. after I renamed the server_name to 192.168.1.128 localhost; I am getting this log now which is different to the previous ones.
"GET /jasperserver HTTP/1.1" 404 1053 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0"

While on the browser side I get the following when I browser to http://192.168.1.128/jasperserver:

Status HTTP 404 - /jasperserverjasperserver
type Report status

message /jasperserverjasperserver

Why does it display jasperserver twice while in the nginx configuration file it's put once?

upstream tomcat_server {
# Tomcat is listening on default 8080 port
server 127.0.0.1:8080 weight=100 max_fails=5 fail_timeout=5;
}
server { listen 8083;
server_name 192.168.1.128 localhost;

# ssl on;
# ssl_session_timeout 5m;
# ssl_protocols SSLv2 SSLv2 TLSv1;

# ssl_certificate /etc/pki/tls/certs/ca.crt;
# ssl_certificate_key /etc/pki/tls/private/bi.key;

root /opt/jasperreports-server-cp-6.2.1/apache-tomcat/webapps;
access_log /var/log/nginx/access.log;

# index index.html index.htm index.xml;
# ssl_session_cache shared:SSL:10m;
location /{
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8080/jasperserver;
}
}

I am really new to this stuff, anyone with the right response can help me to fix this mater.

Thanks

Add a trailing slash to the proxied URL:

Bathory,

I don't know how to thank you my dear for being very supportive. I think now we are on the right track, see below the logs i am getting.

GET /jasperserver/optimized-scripts/bower_components/requirejs/require.js HTTP/1.1" 404 47536 "http://192.168.1.128:8083/jasperserver" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0"

on the browser side I get this:



Search
Page Not Found

Specified page not found

About TIBCO JasperReports Server

Copyright © 2005-2016 TIBCO Software Inc.

Organization

Full Name

Full Name

Organization

Name:

Path:

Save As
Name (required): Description:

Please Wait

Loading…
Error Details
Heartbeat Data Collection

Please help us build better products by opting in to the Heartbeat.

By allowing the Heartbeat to collect data, you confirm consent, where relevant, from all individual users in your organization.

The Heartbeat enables TIBCO Jaspersoft to collect anonymous system information and may be disabled at any time. The Heartbeat data is used for the purposes set forth in the TIBCO Jaspersoft Heartbeat Privacy Policy web page at www.jaspersoft.com/heartbeat.

Our privacy policy is at www.jaspersoft.com/privacy.
Opt in for JasperReports Server Heartbeat
About TIBCO JasperReports Server

Product Version: 6.2.1

Build: 20160330_2253

What else next?