Skip to content

Commit

Permalink
Fixes #293 - although this is marked as resolved, the resolution isn'…
Browse files Browse the repository at this point in the history 
…t entirely correct (#525)

* Fix output to file directions

* Stop overwriting gwc-gs.xml every time

* Fixes #293 - although this is marked as resolved, the resolution isn't entirely correct and forces all requests to `https`. This can cause the local healthcheck to fail.
This fix is for hosting Geoserver behind an SSL layer e.g. AWS Load Balancer or Cloudfront. It will allow it to be accessed via http OR https.
1. nginx.conf: the proxy headers are passed by the Nginx reverse proxy
2. server.xml: a fix for tomcat to accept the proxy scheme (e.g. https) using RemoteIpValve
  • Loading branch information
@carderm
carderm committed May 19, 2023
1 parent a433c2d commit c7dd64d
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 3 deletions.
4 changes: 4 additions & 0 deletions scripts/start.sh
View file
Expand Up @@ -432,6 +432,10 @@ if [[ -f ${EXTRA_CONFIG_DIR}/server.xml ]]; then
else
# default value
eval "$transform"
# Add x-forwarded headers
sed -r '/\<\Host\>/ i\ \t<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="x-forwarded-for" remoteIpProxiesHeader="x-forwarded-by" protocolHeader="x-forwarded-proto" protocolHeaderHttpsValue="https"/>' ${CATALINA_HOME}/conf/server.xml > ${CATALINA_HOME}/conf/server.xml.tmp
cp ${CATALINA_HOME}/conf/server.xml ${CATALINA_HOME}/conf/server.xml.orig
cp ${CATALINA_HOME}/conf/server.xml.tmp ${CATALINA_HOME}/conf/server.xml
fi


Expand Down
8 changes: 5 additions & 3 deletions sites-enabled/nginx.conf
View file
Expand Up @@ -19,9 +19,11 @@ server {

location / {
proxy_pass http://geoserver/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $remote_addr;
proxy_set_header Host $host; # the host requested by the client
proxy_set_header X-Real-IP $remote_addr; # the real visitor IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # the client IP
proxy_set_header X-Forwarded-Host $host:$server_port; # the host used for the request
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; # the scheme used for the request, http or https
port_in_redirect off;
proxy_connect_timeout 600;
}
Expand Down

0 comments on commit c7dd64d

Please sign in to comment.