Spring Boot with embedded Tomcat behind Apache proxy

by

I had the same problem the other day. After some debugging of Spring Boot 1.3 I found the following solution.

1. You have to setup the headers on your Apache proxy:

<VirtualHost *:443>
    ServerName www.myapp.org
    ProxyPass / http://127.0.0.1:8080/
    RequestHeader set X-Forwarded-Proto https
    RequestHeader set X-Forwarded-Port 443
    ProxyPreserveHost On
    ... (SSL directives omitted for readability)
</VirtualHost>

2. You have to tell your Spring Boot app to use these headers. So put the following line in your application.properties (or any other place where Spring Boots understands properties):

server.use-forward-headers=true

If you do these two things correctly, every redirect your application sends will not go to http://127.0.0.1:8080/[path] but automatically to https://www.myapp.com/[path]

Update 1. The documentation about this topic is here. You should read it at least to be aware of the property server.tomcat.internal-proxies which defines the range of IP-addresses for proxy servers that can be trusted.

Update 2021 The documentation is moved to here. The Spring Boot configuration is a litte different now.

More Related Contents:

  1. Spring Boot Security CORS
  2. Spring Boot War deployed to Tomcat
  3. Spring Boot CORS filter – CORS preflight channel did not succeed
  4. Prevent Spring Boot from registering a servlet filter
  5. Spring Boot: How to add another WAR files to the embedded tomcat?
  6. How to get custom user info from OAuth2 authorization server /user endpoint
  7. antMatchers that matches any beginning of path
  8. Spring Security: mapping OAuth2 claims with roles to secure Resource Server endpoints
  9. How to use multiple login pages one for admin and the other one for user
  10. Spring Boot: How to specify the PasswordEncoder?
  11. How can I specify my .keystore file with Spring Boot and Tomcat?
  12. How to allow a User only access their own data in Spring Boot / Spring Security?
  13. Is it possible to invalidate a spring security session?
  14. CORS issue – No ‘Access-Control-Allow-Origin’ header is present on the requested resource
  15. Spring Boot Remove Whitelabel Error Page
  16. Handle spring security authentication exceptions with @ExceptionHandler
  17. How to pass an additional parameter with spring security login page
  18. Spring Security redirect to previous page after successful login
  19. How can I have list of all users logged in (via spring security) my web application
  20. Why did Spring framework deprecate the use of Guava cache?
  21. How can I use Spring Security without sessions?
  22. Spring Boot Externalizing properties not working
  23. Failed to configure a DataSource: ‘url’ attribute is not specified and no embedded datasource could be configured
  24. Securing Spring Boot API with API key and secret
  25. What is username and password when starting Spring Boot with Tomcat?
  26. Spring Boot and how to configure connection details to MongoDB?
  27. Spring Security HTTP Basic for RESTFul and FormLogin (Cookies) for web – Annotations
  28. How to use Spring AbstractRoutingDataSource with dynamic datasources?
  29. CSS not loading in Spring Boot
  30. Spring Boot SSL Client

Leave a Comment