[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [jetty-users] regular https and proxied htps at the same time
|
Never mind on this, sorry. I was being lazy and doing some initial
testing without using the proxy module to make sure redirects were going
to work. After I actually went to the trouble of setting up the front
end proxy and testing via it, I discovered that the proxy module does
the necessary magic and the redirects are generated based on the port
it's using, not the local jetty port.
Sorry for the noise.
On Wed, Mar 10, 2021 at 04:53:53PM -0800, Paul B. Henson wrote:
> Ok, I have this working and have a second SSL instance on port 8443. But
> I'm having an issue with redirects; when I issue a request to the
> instance on port 8443 that results in a redirect, it includes the port
> 8443 in the URL:
>
> curl -v -k https://server:8443/images
> [...]
> < HTTP/1.1 302 Found
> < Location: https://server:8443/images/
>
> The instance on 8443 is behind the proxy/lb which listens on 443. It needs
> to redirect to 443. I already had this in my config:
>
> start.d/server.ini:jetty.httpConfig.securePort=443
>
> But it seems that's only taken into account when redirecting from http
> to https, not for redirects when already using https? Unless I need to
> modify more stuff in what I copied.
>
> Thanks again...
>
>
> On Tue, Mar 09, 2021 at 09:20:13AM +0100, Greg Wilkins wrote:
> > Paul,
> >
> > You are correct that the jetty module system issetup to support only a
> > single instance of each type of connector.
> > To have your setup, you will need to at least right an XML file and perhaps
> > a custom module to make it easy to enable.
> >
> > You need to copy/paste/edit the files:
> >
> > ${jetty.home}/etc/jetty-ssl.xml
> > ${jetty.home}/etc/jetty-https.xml
> > ${jetty.home}/etc/jetty-proxy-protocol-ssl.xml
> >
> >
> > to ${jetty.base} and call them jetty-sslB.xml, jetty-httpsB.xml
> > & jetty-proxy-protocol-sslB.xml. Edit them so that they refer to the id
> > `sslConnectorB`
> >
> > You then can create a custom module in ${jetty.base}/modules/httpsB.mod
> > with contents like:
> >
> > > [description]
> > > Adds alternate HTTPS Connector
> > > [depend]
> > > ssl
> > > [xml]
> >
> > etc/jetty-sslB.xml
> >
> > etc/jetty-httpsB.xml
> >
> > etc/jetty-proxy-protocol-sslB.xml
> >
> >
> > You can replace `B` everywhere with something more descriptive... I tried
> > `2` but that is confusing with `http2`. You could also merge these files
> > into a single XML if you liked.
> >
> > So, in summary, you need your own XML to create the second SSL connector
> > with the different configuration.
> >
> > cheers
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > On Tue, 9 Mar 2021 at 02:46, Paul B. Henson <henson@xxxxxxx> wrote:
> >
> > > I'm going to be running an instance of jetty in AWS. I'd like it to
> > > listen on the standard port 443 for internal https traffic, and then on
> > > port 4443 with proxy protocol enabled behind an ELB.
> > >
> > > I'm not clear how to accomplish that? It seems adding the proxy protocol
> > > module just turns it on on the default SSL port. I need to have jetty
> > > listen on the alternative port as well and have the proxy protocol only
> > > enabled on that one.
> > >
> > > Any guidance on the proper configuration for this would be greatly
> > > appreciated, thanks…
> > > _______________________________________________
> > > jetty-users mailing list
> > > jetty-users@xxxxxxxxxxx
> > > To unsubscribe from this list, visit
> > > https://www.eclipse.org/mailman/listinfo/jetty-users
> > >
> >
> >
> > --
> > Greg Wilkins <gregw@xxxxxxxxxxx> CTO http://webtide.com
>
> > _______________________________________________
> > jetty-users mailing list
> > jetty-users@xxxxxxxxxxx
> > To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
>
> _______________________________________________
> jetty-users mailing list
> jetty-users@xxxxxxxxxxx
> To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
