Make DHIS2 listen to another port than 80/443 with a reverse proxy on Nginx

Support - Assistance technique
1

Hi everyone,

I would like to make a freshly installed DHIS2 instance listen to a non-default HTTP/HTTPS port, using the nginx reverse proxy.
Did anybody ever do this ?
In my example, I’d like to make it listen to port 9443.

This is my nginx.conf

# HTTPS server

    server {
       listen              9443 ssl;
       client_max_body_size 10M;
       ssl_certificate      cert.crt;
       ssl_certificate_key  cert.key;
       ssl_dhparam          /etc/nginx/dhparam2048.pem;
       ssl_session_cache    shared:SSL:20m;
       ssl_session_timeout  10m;
       ssl_protocols              TLSv1.2 TLSv1.3;
       ssl_ciphers              EECDH+AESGCM:EDH+AESGCM;
       ssl_prefer_server_ciphers  on;
       add_header  Strict-Transport-Security  'max-age=31536000';
       add_header Cache-Control no-cache;

    # Proxy pass to servlet container

    location / {
      proxy_pass                http://localhost:8080/;
      proxy_redirect            off;
      proxy_set_header          Host               $host;
      proxy_set_header          X-Real-IP          $remote_addr;
      proxy_set_header          X-Forwarded-For    $proxy_add_x_forwarded_for;
      proxy_set_header          X-Forwarded-Proto  https;
      proxy_buffer_size         128k;
      proxy_buffers             8 128k;
      proxy_busy_buffers_size   256k;
      proxy_cookie_path         ~*^/(.*) "/$1; SameSite=Lax";
    }
  }
}

This is part of my server.xml conf

    <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
            redirectPort="8443" />

    <Connector scheme="https" proxyPort="9443" />

When I connect to https://myhost:9443/, I get redirected to https://myhost/dhis-web-commons/security/login.action, so the 9443 gets lost in between.

Thank you for your advice!

2

Hi @Thomas

Are you using SSL? (HTTPS?)

I’m asking for support and hopefully an expert from the community can support you on this task.

Thanks!

1 Like
3

The snippets provided have a mix of different ports and probably incomplete configuration:

  1. Nginx listens for TLS connections on port 9443.
  2. Nginx proxies connection via HTTP to port 8080.
  3. DHIS itself accepts HTTP on port 8080 and redirects to port 8443.
  4. DHIS then accepts HTTPS connections on port 9443 (?) which seems to be an error.

I suggest leaving DHIS configuration on 8080 and 8443 (both localhost-only) and proxy_pass on Nginx to HTTP http://localhost:8080 (as now) or to https://localhost:8443 (a bit more secure).

2 Likes
4

Hi Michael,

thanks for the insights.
I still can’t manage to make it work on port 9443.

I reverted my changes on server.xml and put back 7443 for ProxyPort (on your point 4.)

I have the same behavior, when I reach https://myhost:9443/ I get redirected to https://myhost/dhis-web-commons/security/login.action, hence it fails

Thank you

5

Please try to comment out these lines from the configuration and restart Nginx:

3 Likes
6

Thank you, it worked :slight_smile:

1 Like
7

Also changing Host to $http_host works

proxy_redirect off;
proxy_set_header Host $http_host;

1 Like