Geoserver in tomcat behind NGINX Reverse Proxy and SSL

Assuming the Geoserver war file is running inside tomcat in port 7000 like: localhost:7000/geoserver

Also a valid SSL certificate has configured in NGINX.

First you need to change Tomcat port and add proxyPort in server.xml  :

sudo vim /etc/tomcat8/server.xml


Then search for “Connector port” and change the port number and also proxyPort to 443:



<Connector port="7000" protocol="HTTP/1.1"
           scheme="https" secure="true"


Then you need to restart tomcat :

sudo service tomcat8 restart


Then in Nginx add below reverse proxy inside server { } block:


location /geoserver {
                    proxy_pass http://localhost:7000/geoserver;
                    proxy_set_header X-Forwarded-Host $host;
                    proxy_set_header Host $http_host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header X-Forwarded-Proto $scheme;
                    proxy_set_header X-Forwarded-Port 443;
                    proxy_redirect off;

Then you need to restart NGINX :

sudo service NGINX restart


Also you might need to add your domain name in GEOSERVER_CSRF_WHITELIST as below :

vim /var/lib/tomcat8/webapps/geoserver/WEB-INF/web.xml

/* add domain name */
  <param-value> </param-value>

Then you need to restart Tomcat :
sudo service tomcat8 restart

Leave a Reply

Your email address will not be published. Required fields are marked *