How to use NGINX to proxy requests for Crowd

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

The content on this page relates to platforms which are not supported. Consequently, Atlassian Support cannot guarantee providing any support for it. Please be aware that this material is provided for your information only and using it is done so at your own risk.

This page describes a possible way to use NGINX to proxy requests for Crowd running in a standard Tomcat container. You can find additional documentation that explains how to use Apache mod_proxy for the very same purpose.

In this example, we want a setup where Crowd can be accessed at the address http://www.example.com/crowd (on standard HTTP port 80) while Crowd itself listens on port 8095 with context path /crowd as default.

Solution

Configure Tomcat

Configure the default connector in <crowd-install>/apache-tomcat/conf/server.xml and add Tomcat proxy redirection attributes as shown below:

<Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" 
	enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" 
	port="8095" redirectPort="8443" useBodyEncodingForURI="true" URIEncoding="UTF-8" 
	proxyName="www.example.com" proxyPort="80" scheme="http" />

Configure NGINX

Add the following location block to your NGINX configuration:

  		location / {
            proxy_pass          http://127.0.0.1:8095;
            proxy_set_header    Host            $host;
            proxy_set_header    X-Real-IP       $remote_addr;
            proxy_set_header    X-Forwarded-for $remote_addr;
            proxy_redirect      off;
        }

Set base URL

For the normal operation of Crowd, you will also need to set the base URL to match the proxyName value configured on server.xml. In Crowd 3.0 and later, the base URL can be configured in the web interface by going to: Cog Icon >General.

Configuring trusted proxies in Crowd

Follow the instructions in Configuring Trusted Proxy Servers to make Crowd trust the NGINX proxy.

For the settings above to take effect, you need to restart both Crowd and NGINX.

Updated on April 8, 2025

Was this helpful?

It wasn't accurateIt wasn't clearIt wasn't relevant