The nginx config:
server {
listen 443 ssl;
server_name crowd.example.com;
access_log off;
client_max_body_size 10M;
ssl_certificate /etc/nginx/ssl/crowd.example.com.crt;
ssl_certificate_key /etc/nginx/ssl/crowd.example.com.key;
location / {
proxy_pass http://localhost:8095/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
port_in_redirect off;
proxy_redirect https://crowd.example.com/ /;
}
}
Crowd's relevant section from its server.xml:
<Service name="Catalina">
<Connector
acceptCount="100"
connectionTimeout="20000"
disableUploadTimeout="true"
enableLookups="false"
maxHttpHeaderSize="8192"
maxThreads="150"
minSpareThreads="25"
port="8095"
redirectPort="8443"
useBodyEncodingForURI="true"
URIEncoding="UTF-8"
proxyName="crowd.example.com"
proxyPort="443"
scheme="https"
secure="true"/>
<Engine defaultHost="localhost" name="Catalina">
<Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true"/>
</Engine>
<Connector port="8009" enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />
</Service>
Here's my crowd.properties:
session.lastvalidation=session.lastvalidation
session.tokenkey=session.tokenkey
crowd.server.url=http\://localhost\:8095/crowd/services/
application.name=crowd
http.timeout=30000
session.isauthenticated=session.isauthenticated
application.login.url=http\://localhost\:8095/crowd
session.validationinterval=0
application.password=fslLXYfj9DehGTmGjLqZbX
Going to https://crowd.example.com/crowd result in a redirect cycle after logging in. You can reach the login page. (Also, https://crowd.example.com/ works too.) Looking at it with Firebug in FF, I see it oscillating between https://crowd.commercialfire.com/crowd/console/login.action and https://crowd.commercialfire.com/crowd/console/defaultstartpage.action.
Assuming nginx is on the same machine, try this proxy config on nginx:
And add
address="127.0.0.1"to the Connector definition in the server.xml file (The main one with the proxyName)