Re: [jetty-users] HTTP forwarding to HTTPS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-users] HTTP forwarding to HTTPS

From: Thomas Becker <tbecker@xxxxxxxxxxx>
Date: Tue, 24 Apr 2012 10:50:13 +0200
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:11.0) Gecko/20120327 Thunderbird/11.0.1

Hi,

I'd personally use iptables for redirecting 80 to 8443 as well. But ifyou want to do it on the server side, then have a look at how to definea security-constraint in web.xml of your application:


http://docs.oracle.com/cd/E13222_01/wls/docs81/webapp/web_xml.html#1019727

If you for some reason can't or don't want to edit the web.xml of everywebapp you need to run on the confidential port, then you can overridethe webapp's web.xml by using jetty's override-web.xml feature (prettycool feature):


http://wiki.eclipse.org/Jetty/Reference/override-web.xml

If you still need to stick to your RewriteHandler config, then run theserver in debug mode and see why your rules don't match/work as youexpect them to.


Hope that helps.

Cheers,
Thomas

On Mon Apr 23 19:50:50 2012, racketeer wrote:

Hi,
I've got jetty up and running with a ssl certificate on port 8443. I used
iptables to forward 443 to 8443. I'm trying to have any traffic to port 80
get redirected to 8443 (which I could do with iptables), but also return as
https. I've seen the snippet

<Item>
              <New id="Rewrite"
class="org.eclipse.jetty.rewrite.handler.RewriteHandler">
                 <Set name="rewriteRequestURI">true</Set>
                 <Set name="rewritePathInfo">false</Set>
                 <Set name="originalPathAttribute">requestedPath</Set>

                 <Call name="addRule">
                         <Arg>
                                 <New id="forwardedHttps"
class="org.eclipse.jetty.rewrite.handler.ForwardedSchemeHeaderRule">
                                         <Set
name="header">X-Forwarded-Scheme</Set>
                                         <Set name="headerValue">https</Set>
                                         <Set name="scheme">https</Set>
                                 </New>
                         </Arg>
                 </Call>
              </New>
            </Item>

which should be used as a handler. I've got that plugged in, but when i go a
wget it seems like the forwardscheme is not doing what i expect. Basically,
the experience I want is to hit http://mywebsite (port 80 implied) and be
redirected to https://mywebsite (443 implied). from there the user will be
in https the whole time. Any help? Thanks in advance!

--
View this message in context: http://jetty.4.n6.nabble.com/HTTP-forwarding-to-HTTPS-tp4911082p4911082.html
Sent from the Jetty User mailing list archive at Nabble.com.
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-users


--
thomas becker
tbecker@xxxxxxxxxxx

http://webtide.com / http://intalio.com
(the folks behind jetty and cometd)

References:
- [jetty-users] HTTP forwarding to HTTPS
  - From: racketeer

Prev by Date: [jetty-users] Redirect / to /index.jsp when deployed to root
Next by Date: Re: [jetty-users] Redirect / to /index.jsp when deployed to root [SOLVED]
Previous by thread: [jetty-users] HTTP forwarding to HTTPS
Next by thread: [jetty-users] Serving static files w/ embedded Jetty
Index(es):
- Date
- Thread

Breadcrumbs