plot.lost at gmail
Jan 9, 2012, 4:20 AM
Post #2 of 2
On 08/01/2012 09:41, plot.lost wrote:
Re: Proxying SSL on Apache to HTTP on Jetty
[In reply to]
> Apologies in advance for sending this to the apache mailing list, I
> know it's not really the right place for this question but I though it
> was maybe worth a try just in case there is someone on this list who
> has already done this and could maybe help....
> The question is as follows:
> I'm looking at more information on how proxy SSL on Apache to HTTP on
> Jetty - I've seen the following page:
> where it says:
> /You can do that by extending the Connector class of your choice,
> eg the SelectChannelConnector, and implement the
> customize(EndPoint, Request) method to force the scheme of the
> Request to be https like so ( don't forget to call
> but can someone explain to a complete newbie exactly how this is done,
> i.e. what files need to be edited etc.
> This is actually for running an instance of mifos (supplied as a .war
> file) in Jetty via an existing apache https system, using mod proxy as
> the connection method (ProxyPreserveHost On has been set). The proxy
> is working as expected, connecting to Jetty just fine, but redirects
> are loosing the https part and just being sent as http.
> Thanks, and sorry again for sending the question to this list.
I have now found a solution to this, so though I should post it here as
well just in case this turns up in a future search...
Turns out that you can do this without having to actually write any code
- which is what the link on codehaus above was implying you need to do.
I though it would be odd that code would bee needed for this and not
just some config options. Even the 'more -up-to-date' docs at
http://wiki.eclipse.org/Jetty/Howto/Configure_mod_proxy describe the
method of writing code extensions.
Jetty does look at the X-Forwarded fields to pick up the details it
needs, but one field it looks at is not actually set by mod-proxy and
thats X-Forwarded-Proto. So simply adding:
RequestHeader set X-Forwarded-Proto "https"
to the apache config solves that problem. (just make sure that jetty has
<Set name="forwarded">true</Set> in the connector config so that it uses
the X-Forwarded fields)
That to me is a much better approach from a server admin point of view -
nothing more than a few config changes, no need to actually
write/compile/install new code!