Setting up a Tomcat behind a reverse proxy

There are various good reasons to place your Java web application that is running in the Apache Tomcat behind a reverse proxy: Load balancing, implementing a TLS termination proxy or adding a web application firewall to the mix are some examples.

The setup

Let’s have a look at the setup first. The requests from the Internet are passed through the proxy and to our destination server that is handling the request. In this example I will be working with an Apache Web Server acting as a reverse proxy and the actual node that is serving the content is an Apache Tomcat.

Configuring the reverse proxy

The Tomcat is listening on port 8090 for HTTP requests here. If the reverse proxy serves the content with HTTPS have a look at the scheme, proxyName and proxyPort attributes in the Connector element as you may have to add those.

Before configuring the reverse proxy part make sure that the Apache Webserver has the proxy module enabled. On a Debian Linux you can check this with the a2enmod command. Alternatively you can have a look inside the /etc/apache2/mods-enabled directory and if you find proxy.conf, proxy.load and proxy_http.load files you should be good to go.

Inside your VHost configuration you have to define the ProxyPass and ProxyPassReverse directives. Here you use the localhost address and the port – 8090 in this example – that your Tomcat application server runs on. If you wanted to encrypt the communication between the reverse proxy and the Tomcat as well you would have to set this up in the Tomcat and use HTTPS here instead. But this might not be necessary.