4 Replies Latest reply on Nov 20, 2018 5:46 AM by Marc Kusters

    OData behind reverse NGINX proxy

    Marc Kusters Newbie

      We got the following situation; Our servers use NGINX as a SSL terminating reverse proxy in order to handle our SSL requests. Situation sketch:

      Outside Interwebs 443 -> NGINX -> EAP/Teiid  8080


      This works fine when accessing OData using a webbrowser. However when we use applications like Excel and PowerBI we can't get any data since they take the URL inside the odata feed which points to

      Is there a way to solve this that would only affect our OData system.


      I found the following blog but I'm unsure on how to proceed and if this will solve my predicament.



      Example of our OData feed.

      <a:feed xmlns:a="http://www.w3.org/2005/Atom" xmlns:m="http://docs.oasis-open.org/odata/ns/metadata" xmlns:d="http://docs.oasis-open.org/odata/ns/data" m:context="$metadata#*********">
              <a:link rel="edit" href="*********(emailType='*********',personIdExternal='*********')"/>
              <a:category scheme="http://docs.oasis-open.org/odata/ns/scheme" term="#*********"/>
              <a:content type="application/xml">
                      <d:createdOn m:type="DateTimeOffset">>*********</d:createdOn>
                      <d:isPrimary m:type="Boolean">>*********</d:isPrimary>
                      <d:createdDateTime m:type="DateTimeOffset">>*********</d:createdDateTime>
                      <d:lastModifiedOn m:type="DateTimeOffset">>*********</d:lastModifiedOn>
                      <d:lastModifiedDateTime m:type="DateTimeOffset">>*********</d:lastModifiedDateTime>


      Ofcourse has to be the external URL.


      Any help is welcome!

        • 1. Re: OData behind reverse NGINX proxy
          Ramesh Reddy Master

          Checkout Note on "Behind Proxy" in the documentation here OData Version 4.0 Support · GitBook  hopefully that is what you are looking for. 

          • 2. Re: OData behind reverse NGINX proxy
            Marc Kusters Newbie

            I managed to solve it partially. Not totally sure if the whole configuration is necessary:

             <subsystem xmlns="urn:jboss:domain:web:2.2" default-virtual-server="default-host" native="false">
                        <connector name="http" protocol="HTTP/1.1" scheme="https" socket-binding="http" proxy-name="dns name of webservice" proxy-port="443"/>
                        <virtual-server name="default-host" enable-welcome-root="false">
                            <alias name="localhost"/>
                            <alias name="example.com"/>
                            <access-log pattern="%h %l %u %t &quot;%r&quot; %s %b %S %T">
                                <directory path="./"/>
                        <valve name="RemoteIPValve" module="org.jboss.as.web" class-name="org.apache.catalina.valves.RemoteIpValve">
                            <param param-name="remoteIpHeader" param-value="X-Forwarded-For"/>
                            <param param-name="protocolHeaderHttpsValue" param-value="https"/>


            At leas the odata part works fine now, just need to fix the webinterface for the management console.

            • 3. Re: OData behind reverse NGINX proxy
              Ramesh Reddy Master

              Can you not do this for single context root? I would need to dig through WildFly docs for any suggestions, but you seem to be right on the way. Keep us updated, I would like to capture this into Teiid documentation.

              • 4. Re: OData behind reverse NGINX proxy
                Marc Kusters Newbie

                We got it working, for the management console no other changes in the configuration where necessary, it was a NGINX configuration thing:

                server {
                    listen      80;
                    server_name otherdnsname.com dns_name_from_previous_post.com;
                    return      301 https://$server_name$request_uri;
                server {
                    listen       443 ssl;
                    ssl_certificate /etc/pki/tls/certs/aw5144.crt;
                    ssl_certificate_key /etc/pki/tls/private/aw5144.key;
                    proxy_set_header    X-Forwarded-For    $remote_addr;
                    include /etc/nginx/default.d/*.conf;
                    location / {
                    location /console/ {
                    location /management/ {
                    location /management {
                    location /odata/ {
                        proxy_read_timeout 1800s;
                    location /odata4/ {
                        proxy_read_timeout 1800s;
                    error_page 404 /404.html;
                        location = /40x.html {
                    error_page 500 502 503 504 /50x.html;
                        location = /50x.html {