Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Apache: Users

Proxying SSL on Apache to HTTP on Jetty

 

 

Apache users RSS feed   Index | Next | Previous | View Threaded


plot.lost at gmail

Jan 8, 2012, 1:41 AM

Post #1 of 2 (1527 views)
Permalink
Proxying SSL on Apache to HTTP on Jetty

Apologies in advance for sending this to the apache mailing list, I know
it's not really the right place for this question but I though it was
maybe worth a try just in case there is someone on this list who has
already done this and could maybe help....

The question is as follows:

I'm looking at more information on how proxy SSL on Apache to HTTP on
Jetty - I've seen the following page:

http://irc.codehaus.org/display/JETTY/Configuring+mod_proxy

where it says:

/You can do that by extending the Connector class of your choice, eg
the SelectChannelConnector, and implement the customize(EndPoint,
Request) method to force the scheme of the Request to be https like
so ( don't forget to call super.customize(endpoint,request)!
/


but can someone explain to a complete newbie exactly how this is done,
i.e. what files need to be edited etc.

This is actually for running an instance of mifos (supplied as a .war
file) in Jetty via an existing apache https system, using mod proxy as
the connection method (ProxyPreserveHost On has been set). The proxy is
working as expected, connecting to Jetty just fine, but redirects are
loosing the https part and just being sent as http.

Thanks, and sorry again for sending the question to this list.


plot.lost at gmail

Jan 9, 2012, 4:20 AM

Post #2 of 2 (1504 views)
Permalink
Re: Proxying SSL on Apache to HTTP on Jetty [In reply to]

On 08/01/2012 09:41, plot.lost wrote:
> Apologies in advance for sending this to the apache mailing list, I
> know it's not really the right place for this question but I though it
> was maybe worth a try just in case there is someone on this list who
> has already done this and could maybe help....
>
> The question is as follows:
>
> I'm looking at more information on how proxy SSL on Apache to HTTP on
> Jetty - I've seen the following page:
>
> http://irc.codehaus.org/display/JETTY/Configuring+mod_proxy
>
> where it says:
>
> /You can do that by extending the Connector class of your choice,
> eg the SelectChannelConnector, and implement the
> customize(EndPoint, Request) method to force the scheme of the
> Request to be https like so ( don't forget to call
> super.customize(endpoint,request)!
> /
>
>
> but can someone explain to a complete newbie exactly how this is done,
> i.e. what files need to be edited etc.
>
> This is actually for running an instance of mifos (supplied as a .war
> file) in Jetty via an existing apache https system, using mod proxy as
> the connection method (ProxyPreserveHost On has been set). The proxy
> is working as expected, connecting to Jetty just fine, but redirects
> are loosing the https part and just being sent as http.
>
> Thanks, and sorry again for sending the question to this list.
>
>
I have now found a solution to this, so though I should post it here as
well just in case this turns up in a future search...

Turns out that you can do this without having to actually write any code
- which is what the link on codehaus above was implying you need to do.
I though it would be odd that code would bee needed for this and not
just some config options. Even the 'more -up-to-date' docs at
http://wiki.eclipse.org/Jetty/Howto/Configure_mod_proxy describe the
method of writing code extensions.

Jetty does look at the X-Forwarded fields to pick up the details it
needs, but one field it looks at is not actually set by mod-proxy and
thats X-Forwarded-Proto. So simply adding:

RequestHeader set X-Forwarded-Proto "https"

to the apache config solves that problem. (just make sure that jetty has
<Set name="forwarded">true</Set> in the connector config so that it uses
the X-Forwarded fields)

That to me is a much better approach from a server admin point of view -
nothing more than a few config changes, no need to actually
write/compile/install new code!

Apache users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.