I appreciate your patience to detail these answers, but I think I may not have explained myself well.
"I'd like to have nginx be the CAS and SSL endpoint and then proxy all requests to Tomcat." I mean, I want nginx in front of all my CAS-protected resources. I run CAS inside Tomcat with SSL. I have other applications in other Tomcat instances, also protected by SSL. When everything goes from Tomcat to Tomcat, it's just fine. I want to speed up performance for users by leveraging nginx+spdy support. I can get nginx working, I can get nginx+spdy working, I can even get nginx+spdy+proxy working for non-CAS protected applications. I can not get nginx working in front of a CAS-protected application. On Tue, Apr 21, 2015 at 7:33 AM, Jérôme LELEU <[email protected]> wrote: > Hi, > > You just need to run your CAS server on port 8080, using Tomcat or Jetty or > whatever applications server you want. > > A tomcat example (server.xml): > > <?xml version='1.0' encoding='utf-8'?> > > <Server port="8005" shutdown="SHUTDOWN"> > > <Listener className="org.apache.catalina.core.JasperListener" /> > <Listener > className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener" > rmiRegistryPortPlatform="8088" > rmiServerPortPlatform="8089" > useLocalPorts="false" /> > > <Service name="Catalina"> > > <Executor > name="tomcatThreadPool" > namePrefix="tomcat-http--" > maxThreads="200" > minSpareThreads="30" > maxIdleTime="10000" /> > > <Connector > protocol="org.apache.coyote.http11.Http11NioProtocol" > bindOnInit="false" > executor="tomcatThreadPool" > port="8080" > redirectPort="443" > enableLookups="false" /> > > <Engine name="Catalina" defaultHost="localhost"> > > <Valve className="org.apache.catalina.valves.AccessLogValve" > directory="${tomcat.logs.directory}/access" prefix="access_log." > suffix=".log" pattern="%t | %{X-Forwarded-For}i | %l | %r | %s | %b > | %D | %{Referer}i | %{User-Agent}i" > resolveHosts="false" fileDateFormat="yyyy-MM-dd.HH" /> > > <Host name="localhost" appBase="webapps" > unpackWARs="false" autoDeploy="false"> > > <Context path="/" docBase="/data/tomcat/mycasserver" > reloadable="false" /> > > </Host> > </Engine> > </Service> > </Server> > > Best regards, > Jérôme > > > 2015-04-21 13:16 GMT+02:00 jieryn <[email protected]>: >> >> Thanks, but this doesn't take CAS into account at all.... >> >> On Apr 21, 2015 02:39, "Jérôme LELEU" <[email protected]> wrote: >>> >>> Hi, >>> >>> I did it successfully and you'll find a lot of resources on internet >>> about Nginx configuration. >>> Here is an example: >>> >>> server { >>> >>> listen 80; >>> listen 443 ssl; >>> ssl_certificate /data/nginx/certs/ssl-bundle.crt; >>> ssl_certificate_key /data/nginx/certs/private_key_wildcard.key; >>> ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; >>> ssl_ciphers HIGH:!aNULL:!MD5; >>> >>> server_name your.example.com >>> >>> error_page 502 504 /error.html; >>> >>> location ~ ^/(error.html) { >>> root /data/nginx/www; >>> } >>> >>> location / { >>> proxy_set_header X-Forwarded-For $remote_addr; >>> proxy_set_header X-Forwarded-Host $host; >>> proxy_set_header X-Forwarded-Proto $scheme; >>> proxy_pass http://localhost:8080/; >>> proxy_read_timeout 10s; >>> proxy_send_timeout 10s; >>> } >>> } >>> >>> >>> Best regards, >>> Jérôme >>> >>> >>> 2015-04-21 0:40 GMT+02:00 jieryn <[email protected]>: >>>> >>>> Does anyone have this working? In any capacity? >>>> >>>> I'd like to have nginx be the CAS and SSL endpoint and then proxy all >>>> requests to Tomcat. >>>> >>>> I have been unsuccessful to even have nginx sit in front of an >>>> otherwise working CAS-ified application on http/https and just proxy >>>> everything straight on through. >>>> >>>> Any help is appreciated, thanks! >>>> >>>> -- >>>> You are currently subscribed to [email protected] as: >>>> [email protected] >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> >>> -- >>> You are currently subscribed to [email protected] as: >>> [email protected] >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
