GeoServer – How to Put GeoServer Under HTTPS Using Nginx with Tomcat

geoservernginxtomcat

I'm trying to use HTTPS with GeoServer. I've used this steps to install Tomcat, Nginx and GeoServer on Ubuntu 20.04. At the end I've used the wizard from certbot for enable HTTPS.

I can access without problems to my webserver and to GeoServer using https://gis.domain.it.

The problems comes when I try to create something. For example if I try to create a Workspace or a Store I see this error:

HTTP Status 400 – Bad Request Type Status Report

Message Origin does not correspond to request

Description The server cannot or will not process the request due to
something that is perceived to be a client error (e.g., malformed
request syntax, invalid request message framing, or deceptive request
routing).

Apache Tomcat/9.0.37

I think that the problem is into the configuration of Nginx but I'm not sure of this. I found this solution for a problem like mine but it doesn't seem to work.

Any solutions?

I must use the OGC service under HTTPS but I've not strong skills on this field and I'm learning how to do.

FOCUS ON NGINX INSTALLATION
I've used the steps belove to install and configure Nginx

3. Configure Nginx Proxy for Tomcat

3.1 Install Nginx

apt install nginx -y

3.2 Create a new virtual host configuration file for Tomcat

nano /etc/nginx/sites-available/tomcat.conf
 Add the following lines:

server {
  listen 80;

  server_name    example.com www.example.com;
  access_log /var/log/nginx/tomcat-access.log;
  error_log /var/log/nginx/tomcat-error.log;

  location / {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.0.0.1:8080/;
  }
}

Then enable virtual host file and restart Nginx

ln -s /etc/nginx/sites-available/tomcat.conf /etc/nginx/sites-enabled/
systemctl restart nginx

Best Answer

You are experiencing a Cross-Site Request Forgery problem, GeoServer thinks that some one is spoofing your requests. This is solved by adding the proxy to a "white" or allowed list of machines that can make requests.

This is described on in the GeoServer manual

Related Question