How to restrict tomcat just to serve nginx locally?

Hi there,

the goal is to make razuna only “visible” to nginx, but not to the “world”. That means:
http://mydomain.tld:8080/razuna is the initial url after installation

http://mydomain.tld/razuna is provided by nginx.

How to make http://mydomain.tld:8080/razuna (with port 8080, from tomcat) inaccessible for direct (browser) calls?

Please see our wiki.razuna.com for the answer to this.

Couldn’t find anything useful regarding that issue - that’s why I’m asking.

Use a firewall to restrict access to other ports than 80

I built 2 scripts to achieve that:

Block port 8080 from outside, but keep local connections through (so nginx can request) - “YOURIPHERE” means your ip to outside, e.g. 1.2.3.4
iptables -A INPUT -s YOURIPHERE -p tcp -m tcp --dport 8080 -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -p tcp -m tcp --dport 8080 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 8080 -j DROP

Unblock port 8080:
iptables -D INPUT -s YOURIPHERE -p tcp -m tcp --dport 8080 -j ACCEPT
iptables -D INPUT -s 127.0.0.1 -p tcp -m tcp --dport 8080 -j ACCEPT
iptables -D INPUT -p tcp -m tcp --dport 8080 -j DROP

If you want to allow more hosts to connect to 8080, just add lines with the corresponding IP or netmask at the beginning! The line
iptables -D INPUT -p tcp -m tcp --dport 8080 -j DROP
must be the last one in your script!