Re: [jetty-users] jetty-9 behind apache reverse proxy with SSL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-users] jetty-9 behind apache reverse proxy with SSL

From: Piotr Morgwai Kotarbinski <spam1@xxxxxxxxxx>
Date: Tue, 30 Dec 2014 14:35:05 +0700
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0

Many many thanks!
It all works now :)


On 30/12/14 03:29, Joakim Erdfelt wrote:
> Proxy configurations are now part of the HttpConfiguration.
> 
> https://www.eclipse.org/jetty/documentation/current/configuring-connectors.html#d0e4447
> 
> See also the distribution's etc/jetty.xml
> 
> https://github.com/eclipse/jetty.project/blob/jetty-9.2.6.v20141205/jetty-server/src/main/config/etc/jetty.xml#L90-L94
> 
> The configuration of that is done through standard Jetty XML format.
> 
> See javadoc for details of configuration options on the
> ForwardRequestCustomizer
> 
> http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ForwardedRequestCustomizer.html
> 
> 
> 
> --
> Joakim Erdfelt <joakim@xxxxxxxxxxx <mailto:joakim@xxxxxxxxxxx>>
> webtide.com <http://www.webtide.com/> - intalio.com/jetty
> <http://intalio.com/jetty>
> Expert advice, services and support from from the Jetty & CometD experts
> eclipse.org/jetty <http://eclipse.org/jetty/> - cometd.org
> <http://cometd.org/>
> 
> On Sat, Dec 27, 2014 at 3:17 PM, Piotr Morgwai Kotarbinski
> <spam1@xxxxxxxxxx <mailto:spam1@xxxxxxxxxx>> wrote:
> 
>     Hello all,
>     So far I've been using jetty-8 behind apache reverse proxy with SSL and
>     it's been working fine. I've been trying to switch to jetty-9 recently,
>     but I couldn't find an easy way to configure it to make use of
>     "X-Forwarded-Proto: https" header.
>     My apache virtual host config looks like this:
> 
>     <VirtualHost *:443>
>             SSLEngine on
>     (...)
>             ProxyRequests Off
>             ProxyVia Off
>             ProxyPreserveHost On
>             AllowEncodedSlashes NoDecode
>             RequestHeader set X-Forwarded-Proto https
>             RequestHeader set X-Forwarded-Port 443
>             <Proxy *>
>                     Order deny,allow
>                     Allow from all
>             </Proxy>
>             <Location /test>
>                     ProxyPass http://localhost:8666/test nocanon
>             </Location>
>     (...)
>     </VirtualHost>
> 
>     In jetty-8 I was adding
>     <Set name="forwarded">true</Set>
>     directive to SelectChannelConnector in jetty.xml as described here:
>     https://wiki.eclipse.org/Jetty/Tutorial/Apache
>     and here:
>     https://wiki.eclipse.org/Jetty/Howto/Configure_mod_proxy
>     and it all worked fine.
>     setForwarded is actually a method of AbstractConnector which is a base
>     class for SelectChannelConnector:
>     http://download.eclipse.org/jetty/stable-8/apidocs/org/eclipse/jetty/server/AbstractConnector.html#setForwarded(boolean)
> 
>     However in jetty-9 this method is no longer present and I couldn't find
>     an easy way (except for some ugly rewriting rules) to tell jetty-9 that
>     it should be changing scheme to the one from X-Forwarded-Proto header.
>     As a result some of my applications don't work anymore (for example
>     gerrit among others) as they think they are accessed in an insecure way
>     via http and try to redirect to https. I've written a very simple
>     servlet to demonstrate what's going on:
> 
>             protected void service(
>                             HttpServletRequest request,
>                             HttpServletResponse response)
>                             throws ServletException, IOException {
>                     ServletOutputStream output = response.getOutputStream();
>                     output.println("secure: " + request.isSecure());
>                     output.println("scheme: " + request.getScheme());
>             }
> 
>     in jetty-8 the result was:
> 
>     secure: true
>     scheme: https
> 
>     but now in jetty-9 I get:
> 
>     secure: false
>     scheme: http
> 
>     So my question is what is the proper way in jetty-9 to make it use
>     X-Forwarded-Proto header just as it used to be done in jetty-8 with <Set
>     name="forwarded">true</Set> directive. Using rewriting rules seems like
>     an ugly and unnecessary complicated hack, so I hope that there's a
>     better way...
> 
>     Many thanks
> 
>       Morgwai
> 
> 
>     _______________________________________________
>     jetty-users mailing list
>     jetty-users@xxxxxxxxxxx <mailto:jetty-users@xxxxxxxxxxx>
>     To change your delivery options, retrieve your password, or
>     unsubscribe from this list, visit
>     https://dev.eclipse.org/mailman/listinfo/jetty-users
> 
> 
> 
> 
> _______________________________________________
> jetty-users mailing list
> jetty-users@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from this list, visit
> https://dev.eclipse.org/mailman/listinfo/jetty-users
>

References:
- [jetty-users] jetty-9 behind apache reverse proxy with SSL
  - From: Piotr Morgwai Kotarbinski
- Re: [jetty-users] jetty-9 behind apache reverse proxy with SSL
  - From: Joakim Erdfelt

Prev by Date: Re: [jetty-users] jetty-9 behind apache reverse proxy with SSL
Next by Date: [jetty-users] Avoiding file-locking when developing with embedded Jetty
Previous by thread: Re: [jetty-users] jetty-9 behind apache reverse proxy with SSL
Next by thread: [jetty-users] Forwarding HTTPS requests to a secondary proxy?
Index(es):
- Date
- Thread

Breadcrumbs