Tomcat RemoteIpValve as a Nuxeo 5.x Reverse Proxy solution

Tomcat RemoteIpValve would be convenient to use to solve Nuxeo 5.x WebDAV & CMIS Reverse Proxy issues. It might also eliminate the need for the custom nuxeo-virtual-host request header property in the web application.

Unfortunately, RemoteIpValve is only available in Tomcat 6.0.21+ and Nuxeo 5.5 bundles Tomcat 6.0.20. Any plans to upgrade the bundled Tomcat version in the future? Also, any plans to officially support/document RemoteIpValve as a reverse proxy solution?

2 votes

1 answers



We'll update to Tomcat 6.0.35 if no problems are encountered. And maybe even Tomcat 7.0.26 but this would probably imply some small code changes so is less certain. NXP-9131.

Note that you can probably upgrade Tomcat yourself, there aren'y many places where Nuxeo changes it (some XML and some libs, and the ROOT context for WSS). There's a forum or question somewhere where we described the changes made to a regular Tomcat during install… Or do a diff with a stock 6.0.20 to be sure.

0 votes

In the meantime, I am attempting to use the RemoteIpValve implementation that was originally contributed to Apache Tomcat and works with older Tomcat versions like the one bundled with Nuxeo 5.5. This implementation is available here:

The RemoteIpValve class has a useful debug-level logging statement that I would like to include in the logs. However, updating the $NUXEO_HOME/lib/log4j.xml does not seem to enable debug-level logging for classes within the org.apache.catalina package. (see question


FYI NXP-9131 is resolved, we've upgraded to 6.0.35 for the development version.