Hello everyone,
My issue:
I’m trying to use NGINX as a reverse proxy for my Tomcat server (Oracle APEX version 23.1.0), so as to hide the clear URL containing /ords/r//… from the user.
I use Tomcat as the application server in both the test and production environments.
I chose the NGINX server. I installed it locally on my Windows PC, and the goal is to reverse proxy the application in the test environment.
(after reading the conf file)
myserver.domain.fr is declared in local Windows hosts file, pointing to the localhost IP, as my NGINX server is running on localhost.
On the test server, Tomcat is listening on port 443.
When I open my browser locally on my PC, and type myserver.domain.fr I get on a standard index page, which is not the expected behavior. I was supposed to get on the login page of my app. I don’t know why, as in the nginx.conf file, / location is supposed to reverse proxy my appex app.
I tried to modify the / location by /app and it changed something, but now I get a white screen.
Hidding the clear URL (with …/ords/r/theworkspacename/app) is a security concern.
How I encountered the problem:
When I go on the targeted page, I get a fully white screen, but no error in the log file.
Version of NGINX or NGINX adjacent software (e.g. NGINX Gateway Fabric):
Windows 1.28.0
Deployment environment:
My personal Windows 10 laptop (for the test phase; later, I expect to use Windows Server 2016)
NGINX config (formatted in a code block):
# configuration file C:\Users\ABC\Desktop\nginx-1.28.0\nginx-1.28.0/conf/nginx.conf:
#user nobody;
worker_processes auto;
error_log logs/error.log;
pid logs/nginx.pid;
events {
worker_connections 2048;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log;
server_tokens off;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
gzip on;
gzip_comp_level 3;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
server {
listen 80;
server_name myserver.domain.fr;
return 301 https://$host$request_uri;
}
#SERVEUR HTTPS
server {
listen 443 ssl;
http2 on;
server_name myserver.domain.fr;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
#ssl_certificate certificat\certificate.crt;
#ssl_certificate_key certificat\private.key;
ssl_certificate "C:/Users/ABC/Desktop/nginx-1.28.0/nginx-1.28.0/certificat/certificate.crt";
ssl_certificate_key "C:/Users/ABC/Desktop/nginx-1.28.0/nginx-1.28.0/certificat/private.key";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ecdh_curve X25519:prime256v1:secp384r1;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000" always;
# uncomment to enable if ssl_protocols includes TLSv1.2 or earlier;
# see also ssl_session_ticket_key alternative to stateful session cache
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets on;
#charset koi8-r;
access_log logs/access_app.log;
#location / {
# root html;
# index index.html index.htm;
#}
#location / {
# #root html;
# #index index.html index.htm;
# return 302 https://google.fr;
#}
location / {
add_header proxied nginx;
proxy_pass https://testserver.domain.fr/ords/r/workspace/app_dev/;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
}
# configuration file C:\Users\ABC\Desktop\nginx-1.28.0\nginx-1.28.0/conf/mime.types:
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/avif avif;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
font/woff woff;
font/woff2 woff2;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/wasm wasm;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}
NGINX access/error log: (Tip → You can usually find the logs in the /var/log/nginx directory.)
Nothing as an error
Thank you for your light !