Skip to main content
Skip table of contents

Configure Reverse Proxy and Audit Logging

A reverse proxy is a type of proxy server that typically sits behind the firewall in a private network and directs client requests to the appropriate backend server. A typical deployment of SuperWEB2 would use a reverse proxy to direct requests to the Tomcat instance where SuperWEB2 is installed. Using a reverse proxy allows you to implement SSL encryption so that your SuperWEB2 instance is served over a secure HTTPS connection.

This page provides some guidance on configuration of your reverse proxy with SuperWEB2. It is important to ensure that the reverse proxy is configured correctly so that:

  • User registration can correctly generate full external links (scheme and host) without anything having to be configured or hard-coded separately.
  • Audit logging will correctly record end-user IP addresses in logs. If this is not set up then the audit logs will record the IP address of the gateway or reverse proxy instead. 


To configure a reverse proxy for SuperWEB2 you will need:

  • NGINX installed on an internet facing machine that has a public IP. This can be your SuperWEB2 machine, but we recommend using an independent VM. Your DNS server should point to this machine. 
  • An SSL certificate and the relevant key files.

Configure Reverse Proxy

Configure NGINX

  1. In a text editor, open <nginx_home>\conf\nginx.conf.
  2. Add or edit the following lines of text in the http {} block.


    http { 
        server {
            listen 443 ssl http2;   
            ssl_certificate /etc/ssl_certs/; 
            ssl_certificate_key /etc/ssl_certs/;
            proxy_http_version 1.1; 
            proxy_read_timeout 20m; 
            location / { 
                proxy_pass http://internal.superweb2.address:8080 
                proxy_set_header   Host             $http_host; 
                proxy_set_header   X-Real-IP        $remote_addr; 
                proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for; 

    Update server and file entries with details of your configuration.

    server_nameHost name of your NGINX server.



    Path to the locations of your key and certificate files.


    Path to your SuperWEB2 instance. This could be http://localhost:8080/webapi if hosted on the same machine, or if hosted elsewhere.


  3. Save your changes and restart NGINX.

Configure Tomcat

  1. In a text editor, open <tomcat_home>\conf\server.xml.
  2. Add the following lines of text.

    <Connector port="8080" connectionTimeout="20000" redirectPort="8443" 
                       maxThreads="48" minSpareThreads="10" 
                       enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8" 
                       scheme="https" secure="true" proxyName="" proxyPort="443"/> 

  3. At proxyName, enter the domain name of the URL that SuperWEB2 will be accessed from.
  4. Save your changes and restart the Tomcat service.

Configure Audit Logging

Complete this step when configuring Audit Logging to configure Tomcat to use the built-in Remote IP Valve feature to replace the remote host, address and scheme values.

This step ensures that your audit logs will record the end user's IP address. Without this configuration, your audit logs will record the IP address of the reverse proxy instead. 

  1. In a text editor, open <tomcat_home>\conf\server.xml.
  2. Locate the block beginning with  <Engine name="Catalina" defaultHost="localhost">.

  3. Add the following lines of text to this block.

        <Valve className="org.apache.catalina.valves.RemoteIpValve"
  4. Save your changes and restart the Tomcat service.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.