DEV Community

Tek Bahadur Kshetri
Tek Bahadur Kshetri

Posted on

Using NGINX to put Geoserver HTTPS

I recently tried to install the SSL certificate to my NGINX using cartbot. I was overwhelming and I spend one full day to figure out the actual error. I will explain everything in this article.

After installation of the SSL certificate on NGINX, we have to set the proxy settings in nginx.conf file (For me, It is located inside /etc/nginx/nginx.conf directory),

location /geoserver {
            proxy_pass http://127.0.0.1:8080/geoserver;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_redirect off;
         }

Enter fullscreen mode Exit fullscreen mode

I consider that you deployed the geoserver on the tomcat server using the 8080 port. The above proxy setting will help to redirect the geoserver link from http://localhost:8080/geoserver to http://localhost/geoserver. For detail information about the proxy setting please read reference 2.

After adding the geoserver proxy, you may face some problem in the Web-interface of the geoserver. To get it to work, I also added my domain name under Settings > Global > Proxy Base URL in the GeoServer admin site:

https://mydomain.com
Enter fullscreen mode Exit fullscreen mode

Make sure to check, Use headers for Proxy URL.

After that I reloaded the configuration Server Status > Reload, Reload the NGINX settings, sudo service nginx reload and restart the tomcat server sudo service tomcat restart.

If you are still facing some issue in web-interface of geoserver, this might be due to Cross-Site Request Forgery (CORS) problem. This can be solved by adding the following code in web.xml (For me, it is located inside /usr/share/tomcat/webapps/geoserver/WEB-INF/web.xml directory,

<context-param>
  <param-name>GEOSERVER_CSRF_WHITELIST</param-name>
  <param-value>example.org</param-value>
</context-param>
Enter fullscreen mode Exit fullscreen mode

Also, you might need to add the CORS header setting. There are two possible way to do that.

1. Update the geoserver web.xml file. (You just need to uncomment the following code from web.xml file),

<filter>
      <filter-name>cross-origin</filter-name>
      <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
      <init-param>
        <param-name>cors.allowed.origins</param-name>
        <param-value>*</param-value>
      </init-param>
      <init-param>
        <param-name>cors.allowed.methods</param-name>
        <param-value>GET,POST,PUT,DELETE,HEAD,OPTIONS</param-value>
      </init-param>
      <init-param>
        <param-name>cors.allowed.headers</param-name>
        <param-value>*</param-value>
      </init-param>
 </filter>
Enter fullscreen mode Exit fullscreen mode
 <filter-mapping>
        <filter-name>cross-origin</filter-name>
        <url-pattern>/*</url-pattern>
 </filter-mapping>
Enter fullscreen mode Exit fullscreen mode

2. Update the web.xml file of tomcat ($CATALINA_HOME/conf/web.xml). You need to add following line of code to your web.xml file,

<filter>
  <filter-name>CorsFilter</filter-name>
  <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
  <init-param>
    <param-name>cors.allowed.origins</param-name>
    <param-value>*</param-value>
  </init-param>
</filter>
<filter-mapping>
  <filter-name>CorsFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>
Enter fullscreen mode Exit fullscreen mode

Great!!! Now you successfully setup HTTPS in geoserver. This work can be done by updating the tomcat settings without using the NGINX proxy. If you are interested to install the SSL certificate for tomcat, checkout this geoserver documentation: Configure Tomcat for SSL. ( I never tried this method, give it a try and let me know 😄)

I tried the geoserver-rest library which has a pycurl dependency for testing the geoserver REST operation. I found that it was not working with the https geoserver URL but working fine with the python request library. So, only for the REST operation, I used the geoserver URL without proxy as http:localhost:8080/geoserver. If you found, why it is not working on pycurl please let me know 😜.

References

  1. Digital ocean: How To Secure Nginx with Let's Encrypt on CentOS 8

  2. Understanding Nginx HTTP Proxying, Load Balancing, Buffering, and Caching

  3. Stackoverflow: GeoServer behind Nginx: web admin crashes

  4. Stackoverflow: Use Nginx with Tomcat to put GeoServer under HTTPS

  5. GeoServer documentation: CSRF Protection

Discussion (0)