[jetty-users] Proxying SSL on Apache to HTTP on Jetty

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[jetty-users] Proxying SSL on Apache to HTTP on Jetty

plot.lost
I'm looking at more information on how to do this - I've seen the following page:

http://irc.codehaus.org/display/JETTY/Configuring+mod_proxy

where it says:

You can do that by extending the Connector class of your choice, eg the SelectChannelConnector, and implement the customize(EndPoint, Request) method to force the scheme of the Request to be https like so ( don't forget to call super.customize(endpoint,request)!

but can someone explain to a complete newbie exactly how this is done, i.e. what files need to be edited etc.

This is actually for running an instance of mifos (supplied as a .war file) via an existing apache https system, using mod proxy as the connection method (ProxyPreserveHost On has been set)

Thanks.



_______________________________________________
jetty-users mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: [jetty-users] Proxying SSL on Apache to HTTP on Jetty

Jan Bartel-3
The more up-to-date documentation page is here:
http://wiki.eclipse.org/Jetty/Howto/Configure_mod_proxy

However, they're probably not that much different. Download the
sources of jetty and take a look at the classes that implement the
Connector interface. You probably want to extend the
SelectChannelConnector.java class.

Here's info on where to get the source from git:
http://wiki.eclipse.org/Jetty/Contributor/Building

Or you can download one of the handy aggregate bundles and matching sources, eg:
http://repo1.maven.org/maven2/org/eclipse/jetty/aggregate/jetty-all/7.6.0.RC3/


Jan

On 8 January 2012 05:34, plot.lost <[hidden email]> wrote:

> I'm looking at more information on how to do this - I've seen the following
> page:
>
> http://irc.codehaus.org/display/JETTY/Configuring+mod_proxy
>
> where it says:
>
> You can do that by extending the Connector class of your choice, eg the
> SelectChannelConnector, and implement the customize(EndPoint, Request)
> method to force the scheme of the Request to be https like so ( don't forget
> to call super.customize(endpoint,request)!
>
>
> but can someone explain to a complete newbie exactly how this is done, i.e.
> what files need to be edited etc.
>
> This is actually for running an instance of mifos (supplied as a .war file)
> via an existing apache https system, using mod proxy as the connection
> method (ProxyPreserveHost On has been set)
>
> Thanks.
>
>
>
> _______________________________________________
> jetty-users mailing list
> [hidden email]
> https://dev.eclipse.org/mailman/listinfo/jetty-users
>
_______________________________________________
jetty-users mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: [jetty-users] Proxying SSL on Apache to HTTP on Jetty

plot.lost
On 09/01/2012 02:28, Jan Bartel wrote:
The more up-to-date documentation page is here:
http://wiki.eclipse.org/Jetty/Howto/Configure_mod_proxy

However, they're probably not that much different. Download the
sources of jetty and take a look at the classes that implement the
Connector interface. You probably want to extend the
SelectChannelConnector.java class.


Thanks. I'm coming at this as a server admin, not a programmer - to me it seems very odd that you would actually have to write some code (even a small bit) to change something like this.

As it turns out, I've now found out that this does not need to be done. As well as picking up information from headers like X-Forwarded-Host, Jetty will also use X-Forwarded-Proto. mod_proxy will add all of the X-Forwarded fields you need except for this one, so simply adding:

RequestHeader set X-Forwarded-Proto "https"

into the relevant part of the apache config means that no code changes etc need to be done on jetty - and as a server admin that seems to me to be a much better approach that having to write, compile and install new clases etc... (just make sure that jetty has <Set name="forwarded">true</Set> in the connector config so that it uses the X-Forwarded fields)

This is working fine now, using Jetty 7.5.4 with nothing other than a few simple config file changes in Jetty and Apache.



_______________________________________________
jetty-users mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-users