Page Comparison

...

Nginx will act as a reverse - proxy and redirect users requests that come through the user's requests from port 443 to the correct destinations.

1. The Nginx configuration file can be edited using the following command:

   Code Block
   vim /etc/nginx/sites-enabled/default

2. Search for the server bracket that is listening to port 443. Certbot configuration can be found here.

3. Edit and add the locations to redirect traffic. For Tomcat:

   Code Block

   #server Default{ server configuration # server { listen 80 default_server; listen [::]:80 default_server; root /var/www/html; # Add index.php to the list if you are using PHP index index.html index.htm index.nginx-debian.html; server_name _; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; } } server { listen 80; # Redirect from HTTP to HTTPS server_name devzwe.zwe-wfa.psidigitalknowtechture.orgcom; # domain return 301 https://$host$request_uri; # redirect } server { } server { root /var/www/html; # Add index.php to the list if you are using PHP index listen 443 ssl;index.html index.htm index.nginx-debian.html; server_name 3zwe.130wfa.224knowtechture.234com; # TODO: do we need another domain. managed by Certbot location / { rewrite ^/(.*)$ /wfa/$1 break; proxy_pass http://localhost:8080; # redirect to WFA proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } ssl_certificate /etc/letsencrypt/live/dev.zwe-wfa.psidigital.org/fullchain.pem; # managed by Certbot location /connectTranslation { proxy_pass http://localhost:8080/connectTranslation; # redirect to WFA proxy_set_header Host $host; sslproxy_certificateset_key /etc/letsencrypt/live/dev.zwe-wfa.psidigital.org/privkey.pem; # managed by Certbotheader X-Real-IP $remote_addr; include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbotproxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; sslproxy_set_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server {header X-Forwarded-Proto $scheme; } location /connectGitConfig { root /var/www/html proxy_pass http://localhost:8080/connectGitConfig; # redirect to WFA # Add index.php to the list if you are using PHP proxy_set_header Host $host; index index.html index.htm index.nginx-debian.html; proxy_set_header X-Real-IP $remote_addr; # serverproxy_set_name dev.zwe-wfa.psidigital.org; # managed by Certbotheader X-Forwarded-For $proxy_add_x_forwarded_for; serverproxy_set_nameheader dev.zwe-wfa.psidigital.org; # domainX-Forwarded-Proto $scheme; } location /routeWs { rewrite ^/(.*)$ /wfa/$1 break;proxy_pass http://localhost:8080/routeWs; # redirect to WFA proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /dws { proxy_pass http://localhost:8080/dws; # redirect to WFA proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # Commented. to have 2 domains listen [::]:443 ssl ipv6only=on; # managed by Certbot listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/devzwe.zwe-wfa.psidigitalknowtechture.orgcom/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/devzwe.zwe-wfa.psidigitalknowtechture.orgcom/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { if ($host = devzwe.zwe-wfa.psidigitalknowtechture.orgcom) { return 301 https://$host$request_uri; } # managed by Certbot listen 80 ; listen [::]:80 ; #serverserver_name dev.zwe-wfa.psidigital.org; server_name dev.zwe-wfa.psidigitalknowtechture.orgcom; # domain return 404; # managed by Certbot }

...

systemctl restart nginx