Atlassian Crowd + Nginx + SSL Setup Not Working - Redirect Loop

Question

The nginx config:

server {
        listen          443 ssl;
        server_name     crowd.example.com;
        access_log      off;

        client_max_body_size    10M;

        ssl_certificate         /etc/nginx/ssl/crowd.example.com.crt;
        ssl_certificate_key     /etc/nginx/ssl/crowd.example.com.key;

        location / {
                proxy_pass              http://localhost:8095/;
                proxy_set_header        Host            $host;
                proxy_set_header        X-Real-IP       $remote_addr;
                proxy_set_header        X-Forwarded-For $remote_addr;
                port_in_redirect        off;
                proxy_redirect          https://crowd.example.com/ /;
        }
}

Crowd's relevant section from its server.xml:

<Service name="Catalina">

    <Connector
        acceptCount="100"
        connectionTimeout="20000"
        disableUploadTimeout="true"
        enableLookups="false"
        maxHttpHeaderSize="8192"
        maxThreads="150"
        minSpareThreads="25"
        port="8095"
        redirectPort="8443"
        useBodyEncodingForURI="true"
        URIEncoding="UTF-8"

        proxyName="crowd.example.com"
        proxyPort="443"
        scheme="https"
        secure="true"/>

    <Engine defaultHost="localhost" name="Catalina">
        <Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true"/>
    </Engine>

    <Connector port="8009" enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />
</Service>

Here's my crowd.properties:

session.lastvalidation=session.lastvalidation
session.tokenkey=session.tokenkey
crowd.server.url=http\://localhost\:8095/crowd/services/
application.name=crowd
http.timeout=30000
session.isauthenticated=session.isauthenticated
application.login.url=http\://localhost\:8095/crowd
session.validationinterval=0
application.password=fslLXYfj9DehGTmGjLqZbX

Going to https://crowd.example.com/crowd result in a redirect cycle after logging in. You can reach the login page. (Also, https://crowd.example.com/ works too.) Looking at it with Firebug in FF, I see it oscillating between https://crowd.commercialfire.com/crowd/console/login.action and https://crowd.commercialfire.com/crowd/console/defaultstartpage.action.

Answer 1

Assuming nginx is on the same machine, try this proxy config on nginx:

        location / {

          proxy_set_header X-Forwarded-Host $host;
          proxy_set_header X-Forwarded-Server $host;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_pass http://127.0.0.1:8095/;
          proxy_redirect off;
          proxy_connect_timeout 300;

    }

And add address="127.0.0.1" to the Connector definition in the server.xml file (The main one with the proxyName)