Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] jetty-9 behind apache reverse proxy with SSL

Proxy configurations are now part of the HttpConfiguration.

https://www.eclipse.org/jetty/documentation/current/configuring-connectors.html#d0e4447

See also the distribution's etc/jetty.xml


The configuration of that is done through standard Jetty XML format.

See javadoc for details of configuration options on the ForwardRequestCustomizer




--
Joakim Erdfelt <joakim@xxxxxxxxxxx>
Expert advice, services and support from from the Jetty & CometD experts

On Sat, Dec 27, 2014 at 3:17 PM, Piotr Morgwai Kotarbinski <spam1@xxxxxxxxxx> wrote:
Hello all,
So far I've been using jetty-8 behind apache reverse proxy with SSL and
it's been working fine. I've been trying to switch to jetty-9 recently,
but I couldn't find an easy way to configure it to make use of
"X-Forwarded-Proto: https" header.
My apache virtual host config looks like this:

<VirtualHost *:443>
        SSLEngine on
(...)
        ProxyRequests Off
        ProxyVia Off
        ProxyPreserveHost On
        AllowEncodedSlashes NoDecode
        RequestHeader set X-Forwarded-Proto https
        RequestHeader set X-Forwarded-Port 443
        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>
        <Location /test>
                ProxyPass http://localhost:8666/test nocanon
        </Location>
(...)
</VirtualHost>

In jetty-8 I was adding
<Set name="forwarded">true</Set>
directive to SelectChannelConnector in jetty.xml as described here:
https://wiki.eclipse.org/Jetty/Tutorial/Apache
and here:
https://wiki.eclipse.org/Jetty/Howto/Configure_mod_proxy
and it all worked fine.
setForwarded is actually a method of AbstractConnector which is a base
class for SelectChannelConnector:
http://download.eclipse.org/jetty/stable-8/apidocs/org/eclipse/jetty/server/AbstractConnector.html#setForwarded(boolean)

However in jetty-9 this method is no longer present and I couldn't find
an easy way (except for some ugly rewriting rules) to tell jetty-9 that
it should be changing scheme to the one from X-Forwarded-Proto header.
As a result some of my applications don't work anymore (for example
gerrit among others) as they think they are accessed in an insecure way
via http and try to redirect to https. I've written a very simple
servlet to demonstrate what's going on:

        protected void service(
                        HttpServletRequest request,
                        HttpServletResponse response)
                        throws ServletException, IOException {
                ServletOutputStream output = response.getOutputStream();
                output.println("secure: " + request.isSecure());
                output.println("scheme: " + request.getScheme());
        }

in jetty-8 the result was:

secure: true
scheme: https

but now in jetty-9 I get:

secure: false
scheme: http

So my question is what is the proper way in jetty-9 to make it use
X-Forwarded-Proto header just as it used to be done in jetty-8 with <Set
name="forwarded">true</Set> directive. Using rewriting rules seems like
an ugly and unnecessary complicated hack, so I hope that there's a
better way...

Many thanks

  Morgwai


_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users


Back to the top