Nginx Configuration
| Note |
|---|
It is recommended to install the SSL certificate using Certbot before going through this section of the configuration. |
Nginx will act as a reverse proxy and redirect the user's requests from port 443 to the correct destinations.
The Nginx configuration file can be edited using the following command:
Code Block vim /etc/nginx/sites-enabled/defaultSearch for the server bracket that is listening to port 443. Certbot configuration can be found here.
Edit and add the locations to redirect traffic. For Tomcat:
Code Block server { listen 80 default_server; listen [::]:80 default_server; root /var/www/html; # Add index.php to the list if you are using PHP index index.html index.htm index.nginx-debian.html; server_name _; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; } } server { listen 80; # Redirect from HTTP to HTTPS server_name zwe.wfa.knowtechture.com; # domain return 301 https://$host$request_uri; # redirect } server { root /var/www/html; # Add index.php to the list if you are using PHP index index.html index.htm index.nginx-debian.html; server_name zwe.wfa.knowtechture.com; # managed by Certbot location / { rewrite ^/(.*)$ /wfa/$1 break; proxy_pass http://localhost:8080; # redirect to WFA proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /connectTranslation { proxy_pass http://localhost:8080/connectTranslation; # redirect to WFA proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /connectGitConfig { proxy_pass http://localhost:8080/connectGitConfig; # redirect to WFA proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /routeWs { proxy_pass http://localhost:8080/routeWs; # redirect to WFA proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /dws { proxy_pass http://localhost:8080/dws; # redirect to WFA proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # Commented. to have 2 domains listen [::]:443 ssl ipv6only=on; # managed by Certbot listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/zwe.wfa.knowtechture.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/zwe.wfa.knowtechture.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { if ($host = zwe.wfa.knowtechture.com) { return 301 https://$host$request_uri; } # managed by Certbot listen 80 ; listen [::]:80 ; server_name zwe.wfa.knowtechture.com; return 404; # managed by Certbot }
Remember that after any modification to a nginx configuration file, its is required to restart the service.
| Code Block |
|---|
systemctl restart nginx |
| Note |
|---|
If the domain changes, remember to update the config file. Right now the domain is zwe.wfa.knowtechture.com |