Re: Proxying SSL on Apache to HTTP on Jetty

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: Re: Proxying SSL on Apache to HTTP on Jetty
From: "plot.lost" <plot.lost@xxxxxxxxx>
Date: Mon, 09 Jan 2012 12:20:45 +0000
In-reply-to: <4F0964D7.1020707@gmail.com>
Reply-to: users@xxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows NT 6.1; rv:8.0) Gecko/20111105 Thunderbird/8.0

On 08/01/2012 09:41, plot.lost wrote:

Apologies in advance for sending this to the apache mailing list, I know it's not really the right place for this question but I though it was maybe worth a try just in case there is someone on this list who has already done this and could maybe help....

The question is as follows:

I'm looking at more information on how proxy SSL on Apache to HTTP on Jetty - I've seen the following page:

http://irc.codehaus.org/display/JETTY/Configuring+mod_proxy

where it says:

You can do that by extending the Connector class of your choice, eg the SelectChannelConnector, and implement the customize(EndPoint, Request) method to force the scheme of the Request to be https like so ( don't forget to call super.customize(endpoint,request)!

but can someone explain to a complete newbie exactly how this is done, i.e. what files need to be edited etc.

This is actually for running an instance of mifos (supplied as a .war file) in Jetty via an existing apache https system, using mod proxy as the connection method (ProxyPreserveHost On has been set). The proxy is working as expected, connecting to Jetty just fine, but redirects are loosing the https part and just being sent as http.

Thanks, and sorry again for sending the question to this list.

I have now found a solution to this, so though I should post it here as well just in case this turns up in a future search...

Turns out that you can do this without having to actually write any code - which is what the link on codehaus above was implying you need to do. I though it would be odd that code would bee needed for this and not just some config options. Even the 'more -up-to-date' docs at http://wiki.eclipse.org/Jetty/Howto/Configure_mod_proxy describe the method of writing code extensions.

Jetty does look at the X-Forwarded fields to pick up the details it needs, but one field it looks at is not actually set by mod-proxy and thats X-Forwarded-Proto. So simply adding:

RequestHeader set X-Forwarded-Proto "https"

to the apache config solves that problem. (just make sure that jetty has <Set name="forwarded">true</Set> in the connector config so that it uses the X-Forwarded fields)

That to me is a much better approach from a server admin point of view - nothing more than a few config changes, no need to actually write/compile/install new code!

References:
- Proxying SSL on Apache to HTTP on Jetty
  - From: plot.lost

Prev by Date: Re: can not send
Next by Date: Re: can not send
Previous by thread: Proxying SSL on Apache to HTTP on Jetty
Next by thread: Multilanguage sites and configuration
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]