Tomcat server behind nginx reverse proxy - how to block direct access to the server?

This may be a noob question but I'm still learning about web servers and reverse proxy setups. I have two servers running on the same network - one Tomcat and another one Nginx which I intend to use a reverse proxy server for similar Tomcat servers. My idea of introducing a reverse proxy server came up after I understood that they can be used to hide the identity of the real web server and can be used to avail other advantages like better performance and load balancing.

The issue I am facing is, the tomcat server is accessible through both IP addresses - if I use the Nginx IP, it redirects to the Tomcat FQDN (expected) but if I ping using the FQDN tomcat.domain.com, it reveals the real IP of the Tomcat server and not that of Nginx server. Effectively, my Nginx server is not serving any purpose. What am I missing here?


Don't expose the Tomcat server directly to the Internet. Put the web server into a DMZ (ie behind a firewall), then put the Tomcat server behind another firewall. You can use software firewalls provided by the operating system, or hardware firewalls, but you haven't said what OS you're using so I can't give more advice. Something like IPTables or Windows Firewall. If you're running in AWS you can use their VPC system.

You don't want to redirect from nginx to Tomcat, you want to use Nginx as a reverse proxy. Use the proxy_pass directive so requests go into the web server, the web server requests the page from Tomcat, gets the response, then sends that back to the web browser.