Running Camunda behind NGINX reverse proxy

Camunda 7 Topics Discussion & Questions
1

Hi,

I have a spring boot/ platform run version 7.16 of Camunda that I’m struggling to setup w/ an NGINX reverse proxy.

Here’s my NGINX configuration as a reverse proxy for Camunda:

 upstream sieve-tm {
      zone sieve-tm 64K;
      server sieve-tm:8080 max_fails=1 fail_timeout=2s;
      keepalive 2;
 }

 server {
      # NGINX-CAMUNDA proxy access log
      access_log /var/log/nginx/camunda-access.log tm_log;
      error_log /var/log/nginx/tm_error.log;

      # NGINX-CAMUNDA SSL port listen (ipv4 and ipv6)
      listen 8080 ssl http2;
      listen [::]:8080 ssl http2;
      keepalive_timeout 70s; # indicates how long the server has to wait to get requests from a client. It indicates the number of seconds an idle keepalive connection will stay open.

      #ssl_handshake_timeout 10s;

      location / {
           proxy_pass http://sieve-tm;
      }
 }

However when I try to access the Camunda app using https://localhost:8080 (I have SSL setup for NGINX) I always end up having an ERR_CONNECTION_REFUSED.

image
image928×462 8.49 KB

Does anybody have an idea what I can possibly be missing? I am running a docker environment.

Also whenever I try to access Camunda using an exposed port (not going through NGINX) it works just fine.

Thank you!

2

What do your access log and error log say?
It’s an issue with NGINX configuration… but exactly what the error is, I’m not sure.

You might need a trailing / on the proxy_pass line… I’ve heard more than a few people say that that solves the issues.

3

Hi!

thank you for the response. weird enough there are no errors being logged.

image

but in the access log, I’m getting a status 302

image
image1038×189 6.57 KB

Tried adding a trailing / as well but did not work.

image

4

Unfortunately, I’m not an NGINX expert (I’ve run it a few times, but nothing complicated)
302 is a redirect, which makes sense, since your Camunda site would be redirecting you to a login page… but that overall redirect should be proxied back to the client…

5

You need https tls key + public certificates to add in server section of nginx config. Https2 ssl nginx endpoing doesnt work without certificates.