1. Home
  2. Knowledge Base
  3. On premise
  4. Application Server
  5. How to configure a Load balancer/Proxy

How to configure a Load balancer/Proxy

In case a load balancer or proxy sits between the clients and the application Tomcat additional configuration is needed for Toolbox version >= 7.0.5.

Especially when the front end uses HTTPS and the back end plain HTTP. Otherwise the CSRF security filter will not work.


Both the load balancer or proxy and Tomcat for the application need configuration.

Load balancer

The following headers need to be set:

X-Forwarded-Byaddress of lb/proxy with port
X-Forwarded-Foraddress of client
X-Forwarded-Protoscheme of incoming request

Example for Nginx:

### proxy headers
proxy_set_header        X-Forwarded-By          $server_addr:$server_port;
proxy_set_header        X-Forwarded-For         $remote_addr;
proxy_set_header        X-Forwarded-Proto       $scheme;


Add a RemoteIPValve block in server.xml in Server -> Service -> Engine -> Host.
This is supported by Tomcat 6 and onwards. 

Specify the possible IP addresses of the load balancer(s) in the internetProxies field if they reside in private IP space. Use trustedProxies instead if they are routed from public IP space, but use that with caution.


To find out which IP is used to access Tomcat from the load balancer take a look at the Tomcat logging. Without the valve in place all authentication attempts will come from a single IP address, the one you need to know.

Was this article helpful?

Related Articles