Problem: You want to put a proxy server (in this particular case it is nginx) in front of Glassfish 4 application server, but it ruins remote IP and scheme detection.
Solution consists of two main parts: (1) enabling "Auth Pass Through" property for HTTP connector and (2) configuring proxy server to add "Porxy-IP" and "Proxy-keysize" headers that will identify request scheme and remote IP address. Both header names are hard-coded and are not configurable.
First task is simple: open glassfish administration console and go to "Configurations" -> "server-config" -> "Network Config" -> "Network Listeners" -> "http-listener-1" and choose "HTTP" tab. Scroll all the way down and find "Auth Pass Through" property and enable it... "Save". No restart is needed (horray)!.
Second task - header configuration for nginx:
server { # listen 443; # ... # Glassfish-specific headers to properly resolve scheme and remote IP proxy_set_header Proxy-IP $remote_addr; proxy_set_header Proxy-keysize 256; # ... }
After changes, restart will be required. "Proxy-IP" header will be used in order to detect remote IP address, while having "Proxy-keysize" header greater than zero will force Glassfish to report schema as "https" (not "http"). It must be noted, however, that for non-SSL configuration only "Proxy-IP" header should be appended (otherwise non-SSL connections will be considered as secure):
server { # listen 80; # ... # Glassfish-specific headers to properly resolve remote IP and scheme proxy_set_header Proxy-IP $remote_addr; # ... }
Important: Also consider setting proper proxy address in "General" tab in order to avoid security risks.
BTW, here's description for Apache's mod_proxy: http://www.manorrock.com/online/wiki/glassfish/UpgradeToGlassfish3