I recently tried to install the SSL certificate to my NGINX using cartbot. I was overwhelming and I spend one full day to figure out the actual error. I will explain everything in this article.
After installation of the SSL certificate on NGINX, we have to set the proxy settings in nginx.conf
file (For me, It is located inside /etc/nginx/nginx.conf
directory),
location /geoserver {
proxy_pass http://127.0.0.1:8080/geoserver;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
}
I consider that you deployed the geoserver on the tomcat server using the 8080 port. The above proxy setting will help to redirect the geoserver link from
http://localhost:8080/geoserver
tohttp://localhost/geoserver
. For detail information about the proxy setting please read reference 2.
After adding the geoserver proxy, you may face some problem in the Web-interface of the geoserver. To get it to work, I also added my domain name under Settings > Global > Proxy Base URL
in the GeoServer admin site:
https://mydomain.com
Make sure to check, Use headers for Proxy URL
.
After that I reloaded the configuration Server Status > Reload
, Reload the NGINX settings, sudo service nginx reload
and restart the tomcat server sudo service tomcat restart
.
If you are still facing some issue in web-interface of geoserver, this might be due to Cross-Site Request Forgery (CORS) problem. This can be solved by adding the following code in web.xml
(For me, it is located inside /usr/share/tomcat/webapps/geoserver/WEB-INF/web.xml
directory,
<context-param>
<param-name>GEOSERVER_CSRF_WHITELIST</param-name>
<param-value>example.org</param-value>
</context-param>
You also need to enable the proxy base url as below in web.xml
file,
<context-param>
<param-name>PROXY_BASE_URL</param-name>
<param-value>https://example.com/geoserver</paramvalue>
</context-param>
Also, you might need to add the CORS header setting. There are two possible way to do that.
1. Update the geoserver web.xml
file. (You just need to uncomment the following code from web.xml
file),
<filter>
<filter-name>cross-origin</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,PUT,DELETE,HEAD,OPTIONS</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>*</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>cross-origin</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
2. Update the web.xml
file of tomcat ($CATALINA_HOME/conf/web.xml). You need to add following line of code to your web.xml
file,
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Great!!! Now you successfully setup HTTPS in geoserver. This work can be done by updating the tomcat settings without using the NGINX proxy. If you are interested to install the SSL certificate for tomcat, checkout this geoserver documentation: Configure Tomcat for SSL. ( I never tried this method, give it a try and let me know 😄)
I tried the
geoserver-rest
library which has apycurl
dependency for testing the geoserver REST operation. I found that it was not working with thehttps
geoserver URL but working fine with the pythonrequest
library. So, only for the REST operation, I used the geoserver URL without proxy ashttp:localhost:8080/geoserver
. If you found, why it is not working onpycurl
please let me know 😜.
Top comments (2)
Hello. thanks for this tutorial, I'm eager to try that. When It's installed, could I still install websites in Nginx (Wordpress, Piwigo, Opencart, and so on)?
Because that's what I want to do: I have one essential Ssl, from namecheap, basic, but I still want to use it for both wordpress and geoserver but get https and get rid of :8080 at the end of the url
Hi !
you can explain this is on movie in youtube please.
I do it not okay for my problem