nginx managed SSL with Tomcat 7

Question

What is the proper configuration in server.xml to have nginx manage SSL? My current configuration results in a \"redirect loop\" unless I mark the tomcat standard connection \"

Answer 1

Changes I made so that Tomcat/Spring would set the proper Secure cookie flags:

Make sure Tomcat had SSL (443) redirect port running in server.xml:

  ...
  
  ...

Ensure your RemoteIpValve is setup inside your host in server.xml:

  ...
  
    ...
    
      ...
      
      
    
  

Ensure that the protocol is being forwarded from it's termination point in nginx.conf:

# Tomcat we're forwarding to
upstream tomcat_server {
  server 127.0.0.1:9090 fail_timeout=0;
}

# Main server proxy
server {
  listen 443 ssl;
  server_name  sample.com;

  # HTTPS setup
  ssl on;
  ssl_session_timeout 10m;
  ssl_session_cache shared:SSL:10m;

  #ssl cyphers
  ... 
  #ssl certs
  ... 

  location / {

    # Forward SSL so that Tomcat knows what to do
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass http://tomcat_server;
    proxy_set_header X-Forwarded-Proto https;

    proxy_redirect off;
    proxy_connect_timeout      240;
    proxy_send_timeout         240;
    proxy_read_timeout         240;

    # Show error pages from S3 when down
    proxy_next_upstream error timeout http_502 http_503 http_504;
    error_page   502 503 504   https://s3.amazonaws.com/sample.com/maint;
}

Most of my proxy/SSL nginx conf is included above for completeness. Hope that helps someone.