ColdFusion with Nginx Reverse Proxy: AJP Configuration, Load Balancing, and SSL Termination

Putting Nginx in front of ColdFusion is a proven way to get SSL/TLS termination, load balancing, and HTTP/2 in front of your CFML application. But there’s a critical fact most articles get wrong: Nginx does not support the AJP protocol in its standard build. Adobe’s own documentation states the AJP connector is “a module not provided in Nginx by default.” So while ColdFusion connects to IIS and Apache over AJP (via isapi_redirect and mod_jk respectively), the realistic, production-recommended way to use Nginx with ColdFusion is as an HTTP reverse proxy to ColdFusion's built-in Tomcat HTTP port (typically 8500) — not over AJP. AJP-over-Nginx is possible only with a third-party module compiled from source, and given the Ghostcat vulnerability (CVE-2020-1938), the security-preferred direction is HTTP/HTTPS proxying anyway. This guide covers all three: the AJP reality, HTTP reverse proxy load balancing, and SSL termination.
Read More