How to block access to xwiki via port 8080

Just installed Xwiki on a Ubuntu server and configured a Nginx proxy by following this instructions:

Before I continue with the HTTPS part, I would like to know how to disable non-SSL access via port 8080 afterwards. The documentation is quite unclear about this and IMHO it makes no sense setting up SSL but keeping the unsecured port open, so for me it would be logical to describe the whole process including the final step.

This is a tomcat configuration issue.

If you don’t want to serve http traffic via tomcat and port 8080, then you need to edit the /etc/tomcat/server.xml file to bind the Connector for port 8080 to

Tomcat will still server http traffic over http, but only to clients running on the machine.

For this to work, nginx has to be running on the same machine.

Alternatively, you can use apache2 as the front end instead of nginx, and configure apache to communicate with tomcat using the AJP connector which stops tomcat responding to any public http/https requests once you’ve disabled those connectors in server.xml

Thans, that will be sufficient :+1: