Vaadin 7.x and nginx reverse proxy

Vaadin 6 / 7 / 8
1

Has someone the combination Vaadin 7.x/Tomcat 7 and nginx reverse proxy running?

We tested this combination without push support - works fine. With push support errors:

Nov 15, 2015 6:23:54 PM org.atmosphere.cpr.DefaultBroadcaster addAtmosphereResource WARNING: Duplicate resource c76e9e31-a1dd-452d-b282-530f56566c6e. Could be caused by a dead connection not detected by your server. Replacing the old one with the fresh one Nov 15, 2015 6:23:54 PM org.atmosphere.cpr.AtmosphereFramework doCometSupport SEVERE: AtmosphereFramework exception java.lang.IllegalStateException: Not supported. at org.apache.catalina.connector.Request.startAsync(Request.java:1664) Without the reverse proxy the Vaadin 7.x/Tomcat combination (push enabled) works fine.

Any description available according the nginx reverse proxy settings in combination with Vaadin 7.x?

with best regards
Peter

2

Hi Peter. At least
someone seems
 to have got it working, but is not mentioning anything about push.

I’m afraid there is no page providing proxy setups with Vaadin, but regarding Push there is
this wiki page
 for most common Push issues… but it is not very helpful in your case.

Have you tried setting up nginx using Tomcat 8 and/or latest Vaadin 7.6.0.beta1? Tomcat 8 is supposed to be more reliable at least with websockets and Vaadin 7.6 has improvements in the communication layer.

3

You need to proxy all PUSH calls in your nginx setup. We are using nginx to proxy 443 connections to tomcat on 8080 for multiple virtual tomcat domains. This is an example of an nginx site config

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}

server {
  server_name x.y.com;
  listen 443;
  ssl on;
  ssl_certificate /opt/tomcat/ssl/cert.pem;
  ssl_certificate_key /opt/tomcat/ssl/cert.key;
  root /opt/tomcat/appname;

  location / {
    # Forward SSL so that Tomcat knows what to do
    proxy_pass http://x.y.com:8080;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_redirect off;
  }

  location /PUSH {
        proxy_pass http://x.y.com:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;

    }
}
4

This settings worked for us (Vaadin 7.7.3, nginx 1.10.1, TomEE Plus 7.0.1 (tomcat 8)) including PUSH.

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}

server {
    listen 80;
    server_name <yourdomainname>;

    location / {
        proxy_pass http://localhost:8080/<yourappname>/;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_cookie_path /<yourappname>/ /;
        proxy_redirect off;
   }

   location /PUSH {
       proxy_pass http://localhost:8080/<yourappname>/PUSH;
       proxy_http_version 1.1;
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection $connection_upgrade;
       proxy_buffering off;
       proxy_ignore_client_abort off;
       proxy_read_timeout 84600s;
       proxy_send_timeout 84600s;
       break;
   }
}
5

There is equivalent SSL proxy settings (Vaadin 7.7.3, nginx 1.10.1, TomEE Plus 7.0.1 (tomcat 8)) including PUSH:[code]
map $http_upgrade $connection_upgrade {
default upgrade;
‘’ close;
}

server {
listen 443;
server_name ;

ssl_certificate /etc/nginx/yourcert.crt;
ssl_certificate_key /etc/nginx/yourkey.key;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;

location / {
    proxy_pass http://localhost:8080/<yourappname>/;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_cookie_path /<yourappname>/ /;
    proxy_redirect off;

}

location /PUSH {
proxy_pass http://localhost:8080//PUSH;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_buffering off;
proxy_ignore_client_abort off;
proxy_read_timeout 84600s;
proxy_send_timeout 84600s;
break;
}
}
[/code]

6

Hi, anybody solved the upload limit problem with nginx proxy?

7

Hi, we managed to make websocket work with vaadin8 + tomcat9 + nginx but the connection gets closed after 30 seconds and increasing timeouts does not help.

Has anybody managed a websocket proxy to work with vaadin?