httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "plot.lost" <plot.l...@gmail.com>
Subject [users@httpd] Re: Proxying SSL on Apache to HTTP on Jetty
Date Mon, 09 Jan 2012 12:20:45 GMT
On 08/01/2012 09:41, plot.lost wrote:
> Apologies in advance for sending this to the apache mailing list, I 
> know it's not really the right place for this question but I though it 
> was maybe worth a try just in case there is someone on this list who 
> has already done this and could maybe help....
>
> The question is as follows:
>
> I'm looking at more information on how proxy SSL on Apache to HTTP on 
> Jetty - I've seen the following page:
>
> http://irc.codehaus.org/display/JETTY/Configuring+mod_proxy
>
> where it says:
>
>     /You can do that by extending the Connector class of your choice,
>     eg the SelectChannelConnector, and implement the
>     customize(EndPoint, Request) method to force the scheme of the
>     Request to be https like so ( don't forget to call
>     super.customize(endpoint,request)!
>     /
>
>
> but can someone explain to a complete newbie exactly how this is done, 
> i.e. what files need to be edited etc.
>
> This is actually for running an instance of mifos (supplied as a .war 
> file) in Jetty via an existing apache https system, using mod proxy as 
> the connection method (ProxyPreserveHost On has been set). The proxy 
> is working as expected, connecting to Jetty just fine, but redirects 
> are loosing the https part and just being sent as http.
>
> Thanks, and sorry again for sending the question to this list.
>
>
I have now found a solution to this, so though I should post it here as 
well just in case this turns up in a future search...

Turns out that you can do this without having to actually write any code 
- which is what the link on codehaus above was implying you need to do. 
I though it would be odd that code would bee needed for this and not 
just some config options. Even the 'more -up-to-date' docs at 
http://wiki.eclipse.org/Jetty/Howto/Configure_mod_proxy describe the 
method of writing code extensions.

Jetty does look at the X-Forwarded fields to pick up the details it 
needs, but one field it looks at is not actually set by mod-proxy and 
thats X-Forwarded-Proto. So simply adding:

RequestHeader set X-Forwarded-Proto "https"

to the apache config solves that problem. (just make sure that jetty has 
<Set name="forwarded">true</Set> in the connector config so that it uses 
the X-Forwarded fields)

That to me is a much better approach from a server admin point of view - 
nothing more than a few config changes, no need to actually 
write/compile/install new code!



Mime
View raw message