NetXMS Support Forum

Hi i have a setup runing with NetXMS server 4.4.1 on Ubuntu 22.04, tomcat9, Java 17, Mariadb server, & i am using nginx as a reverse proxy to pass thorugh localhost:8080/nxmc
When i access via http://IP-Address:8080/nxmc it works but adding the nginx to enable the ssl the tomcat gives me error

28-Aug-2023 10:52:48.571 SEVERE [http-nio-8080-exec-3] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for servlet [rwtServlet] in context with path [/nxmc] threw exception
        java.lang.IllegalArgumentException: Entry point not found: /nxmc/nxmc-light.app
[color=#000000][size=2][font=Tahoma, Arial, sans-serif][b][color=white]ype[/color][/b] Exception Report[/font][/size][/color]
[color=#000000][size=2][font=Tahoma, Arial, sans-serif][b][color=white]Message[/color][/b] Entry point not found: /nxmc/nxmc-light.app[/font][/size][/color]
[color=#000000][size=2][font=Tahoma, Arial, sans-serif][b][color=white]Description[/color][/b] The server encountered an unexpected condition that prevented it from fulfilling the request.[/font][/size][/color]
[color=#000000][size=2][font=Tahoma, Arial, sans-serif][b][color=white]Exception[/color][/b][/font][/size][/color]
[pre][color=#000000]java.lang.IllegalArgumentException: Entry point not found: /nxmc/nxmc-light.app
org.eclipse.rap.rwt.internal.lifecycle.EntryPointManager.getEntryPointRegistration(EntryPointManager.java:65)
org.eclipse.rap.rwt.internal.service.StartupPage.getCurrentEntryPointProperties(StartupPage.java:165)
org.eclipse.rap.rwt.internal.service.StartupPage.setContentSecurityPolicy(StartupPage.java:88)
org.eclipse.rap.rwt.internal.service.StartupPage.send(StartupPage.java:69)
org.eclipse.rap.rwt.engine.RWTServlet.sendStartupContent(RWTServlet.java:170)
org.eclipse.rap.rwt.engine.RWTServlet.handleValidRequest(RWTServlet.java:137)
org.eclipse.rap.rwt.engine.RWTServlet.handleRequest(RWTServlet.java:117)
org.eclipse.rap.rwt.engine.RWTServlet.doGet(RWTServlet.java:100)
javax.servlet.http.HttpServlet.service(HttpServlet.java:529)
javax.servlet.http.HttpServlet.service(HttpServlet.java:623)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)[/color][/pre]


[color=#000000][size=2][font=Tahoma, Arial, sans-serif][b][color=white]Note[/color][/b] The full stack trace of the root cause is available in the server logs.[/font][/size][/color]

here is the nginx configuration

server {
        listen 443 ssl http2;
        server_name localhost;
        ssl_certificate /etc/ssl/certs/netxms.crt;
        ssl_certificate_key /etc/ssl/private/netxms.rsa;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_dhparam /etc/nginx/dhparam.pem;
        ssl_session_timeout 10m;
        ssl_session_cache shared:SSL:10m;
        add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
        add_header X-Frame-Options DENY;
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        location / {
                proxy_pass http://localhost:8080/nxmc/;
                proxy_buffering off;
                proxy_http_version 1.1;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection $http_connection;
#                proxy_cookie_path /guacamole/ /guacamole/;
                add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-eval'; connect-src 'self'; object-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; form-action 'self'; base-uri 'self'; frame-ancestors 'self';" always;
         add_header Access-Control-Allow-Origin 'https://ip-address';
                access_log off;
    }
}



I am not an expert in nginx, but here's a config that I know is working:

server {
        listen 443 ssl http2;

        ssl_certificate /etc/ssl/certs/xxxxx.pem;
        ssl_certificate_key /etc/ssl/private/xxxxx.pem;

        server_name xxxxx nx.local;

        root /var/www/html;

        location = / {
                return 301 /nxmc-light.app;
        }

        location / {
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Forwarded-Ssl on;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Frame-Options SAMEORIGIN;
                proxy_pass http://10.10.10.10:8080/;
        }
}