Re: [jetty-users] regular https and proxied htps at the same time

[Greg Wilkins <gregw@xxxxxxxxxxx>]

Paul,

You are correct that the jetty module system issetup to support only a single instance of each type of connector.

To have your setup, you will need to at least right an XML file and perhaps a custom module to make it easy to enable.

You need to copy/paste/edit the files:

${jetty.home}/etc/jetty-ssl.xml

 ${jetty.home}/etc/jetty-https.xml

 ${jetty.home}/etc/jetty-proxy-protocol-ssl.xml

to ${jetty.base} and call them jetty-sslB.xml, jetty-httpsB.xml & jetty-proxy-protocol-sslB.xml.  Edit them so that they refer to the id `sslConnectorB`

You then can create a custom module in ${jetty.base}/modules/httpsB.mod with contents like:

[description]
Adds alternate HTTPS  Connector
[depend]
ssl
[xml] 

etc/jetty-sslB.xml 

etc/jetty-httpsB.xml 

etc/jetty-proxy-protocol-sslB.xml

You can replace `B` everywhere with something more descriptive... I tried `2` but that is confusing with `http2`.  You could also merge these files into a single XML if you liked.

So, in summary, you need your own XML to create the second SSL connector with the different configuration.

cheers

On Tue, 9 Mar 2021 at 02:46, Paul B. Henson <henson@xxxxxxx> wrote:

I'm going to be running an instance of jetty in AWS. I'd like it to
listen on the standard port 443 for internal https traffic, and then on
port 4443 with proxy protocol enabled behind an ELB.

I'm not clear how to accomplish that? It seems adding the proxy protocol
module just turns it on on the default SSL port. I need to have jetty
listen on the alternative port as well and have the proxy protocol only
enabled on that one.

Any guidance on the proper configuration for this would be greatly
appreciated, thanks…
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users

--

Greg Wilkins <gregw@xxxxxxxxxxx> CTO http://webtide.com