Proxies and policies This page tries to show how to configure a couple of central policies, based on how TS is hosted. Tomcat on port 80/443 When running tomcat directly on port 80/443, the following policies should be set. Policy Value applicationIsBehindAReverseProxy false applicationIsHiddenBehindAReverseProxy false applicationlPort 80 applicationlPortSSL 443 securitySslPages Depends on if SSL is enabled (recommended) applicationServer A domain pointing at the server This was the default setup up untill 2025-Q2. This illustration shows how the traffic is routed. Behind a proxy (nginx) When running tomcat behind a reverse proxy (eg. nginx), the following policies should be set. Policy Value applicationIsBehindAReverseProxy true applicationIsHiddenBehindAReverseProxy false applicationlPort 80 applicationlPortSSL 443 securitySslPages Depends on if SSL is enabled (recommended) applicationServer A domain pointing at the server This is the default setup as of 2025-Q2. It helps when running SSL/TLS and multiple/changing domains. This illustration shows how the traffic is routed. Hidden behind a proxy When hiding the webapps hosted by tomcat behind a reverse proxy (eg. nginx), the following policies should be set. Policy Value applicationIsBehindAReverseProxy true applicationIsHiddenBehindAReverseProxy true applicationlPort 80 applicationlPortSSL 443 securitySslPages Depends on if SSL is enabled (recommended) applicationServer The domain pointing at the instance This setup also requires that the context file for the given webapp is modified. The following attributes have to be added to the Context opening tag. useRelativeRedirects="false" sessionCookiePath="/" All of this is handled by the ts script. This is used for shared hosting, where multiple domains are pointing to the same server, as to not expose other installations/customers. This illustration shows how the traffic is routed.