Re: [jetty-users] regular https and proxied htps at the same time
Never mind on this, sorry. I was being lazy and doing some initial
testing without using the proxy module to make sure redirects were going
to work. After I actually went to the trouble of setting up the front
end proxy and testing via it, I discovered that the proxy module does
the necessary magic and the redirects are generated based on the port
it's using, not the local jetty port.
Sorry for the noise.
On Wed, Mar 10, 2021 at 04:53:53PM -0800, Paul B. Henson wrote:
> Ok, I have this working and have a second SSL instance on port 8443. But
> I'm having an issue with redirects; when I issue a request to the
> instance on port 8443 that results in a redirect, it includes the port
> 8443 in the URL:
>
> curl -v -k https://server:8443/images
> [...]
> < HTTP/1.1 302 Found
> < Location: https://server:8443/images/
>
> The instance on 8443 is behind the proxy/lb which listens on 443. It needs
> to redirect to 443. I already had this in my config:
>
> start.d/server.ini:jetty.httpConfig.securePort=443
>
> But it seems that's only taken into account when redirecting from http
> to https, not for redirects when already using https? Unless I need to
> modify more stuff in what I copied.
>
> Thanks again...
>
>
> On Tue, Mar 09, 2021 at 09:20:13AM +0100, Greg Wilkins wrote:
> > Paul,
> >
> > You are correct that the jetty module system issetup to support only a
> > single instance of each type of connector.
> > To have your setup, you will need to at least right an XML file and perhaps
> > a custom module to make it easy to enable.
> >
> > You need to copy/paste/edit the files:
> >
> > ${jetty.home}/etc/jetty-ssl.xml
> > ${jetty.home}/etc/jetty-https.xml
> > ${jetty.home}/etc/jetty-proxy-protocol-ssl.xml
> >
> >
> > to ${jetty.base} and call them jetty-sslB.xml, jetty-httpsB.xml
> > & jetty-proxy-protocol-sslB.xml. Edit them so that they refer to the id
> > `sslConnectorB`
> >
> > You then can create a custom module in ${jetty.base}/modules/httpsB.mod
> > with contents like:
> >
> > > [description]
> > > Adds alternate HTTPS Connector
> > > [depend]
> > > ssl
> > > [xml]
> >
> > etc/jetty-sslB.xml
> >
> > etc/jetty-httpsB.xml
> >
> > etc/jetty-proxy-protocol-sslB.xml
> >
> >
> > You can replace `B` everywhere with something more descriptive... I tried
> > `2` but that is confusing with `http2`. You could also merge these files
> > into a single XML if you liked.
> >
> > So, in summary, you need your own XML to create the second SSL connector
> > with the different configuration.
> >
> > cheers
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > On Tue, 9 Mar 2021 at 02:46, Paul B. Henson wrote:
> >
> > > I'm going to be running an instance of jetty in AWS. I'd like it to
> > > listen on the standard port 443 for internal https traffic, and then on
> > > port 4443 with proxy protocol enabled behind an ELB.
> > >
> > > I'm not clear how to accomplish that? It seems adding the proxy protocol
> > > module just turns it on on the default SSL port. I need to have jetty
> > > listen on the alternative port as well and have the proxy protocol only
> > > enabled on that one.
> > >
> > > Any guidance on the proper configuration for this would be greatly
> > > appreciated, thanks…
> > > ___
> > > jetty-users mailing list
> > > jetty-users@eclipse.org
> > > To unsubscribe from this list, visit
> > > https://www.eclipse.org/mailman/listinfo/jetty-users
> > >
> >
> >
> > --
> > Greg Wilkins CTO http://webtide.com
>
> > ___
> > jetty-users mailing list
> > jetty-users@eclipse.org
> > To unsubscribe from this list, visit
> > https://www.eclipse.org/mailman/listinfo/jetty-users
>
> ___
> jetty-users mailing list
> jetty-users@eclipse.org
> To unsubscribe from this list, visit
> https://www.eclipse.org/mailman/listinfo/jetty-users
___
jetty-users mailing list
jetty-users@eclipse.org
To unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
Re: [jetty-users] regular https and proxied htps at the same time
Ok, I have this working and have a second SSL instance on port 8443. But
I'm having an issue with redirects; when I issue a request to the
instance on port 8443 that results in a redirect, it includes the port
8443 in the URL:
curl -v -k https://server:8443/images
[...]
< HTTP/1.1 302 Found
< Location: https://server:8443/images/
The instance on 8443 is behind the proxy/lb which listens on 443. It needs
to redirect to 443. I already had this in my config:
start.d/server.ini:jetty.httpConfig.securePort=443
But it seems that's only taken into account when redirecting from http
to https, not for redirects when already using https? Unless I need to
modify more stuff in what I copied.
Thanks again...
On Tue, Mar 09, 2021 at 09:20:13AM +0100, Greg Wilkins wrote:
> Paul,
>
> You are correct that the jetty module system issetup to support only a
> single instance of each type of connector.
> To have your setup, you will need to at least right an XML file and perhaps
> a custom module to make it easy to enable.
>
> You need to copy/paste/edit the files:
>
> ${jetty.home}/etc/jetty-ssl.xml
> ${jetty.home}/etc/jetty-https.xml
> ${jetty.home}/etc/jetty-proxy-protocol-ssl.xml
>
>
> to ${jetty.base} and call them jetty-sslB.xml, jetty-httpsB.xml
> & jetty-proxy-protocol-sslB.xml. Edit them so that they refer to the id
> `sslConnectorB`
>
> You then can create a custom module in ${jetty.base}/modules/httpsB.mod
> with contents like:
>
> > [description]
> > Adds alternate HTTPS Connector
> > [depend]
> > ssl
> > [xml]
>
> etc/jetty-sslB.xml
>
> etc/jetty-httpsB.xml
>
> etc/jetty-proxy-protocol-sslB.xml
>
>
> You can replace `B` everywhere with something more descriptive... I tried
> `2` but that is confusing with `http2`. You could also merge these files
> into a single XML if you liked.
>
> So, in summary, you need your own XML to create the second SSL connector
> with the different configuration.
>
> cheers
>
>
>
>
>
>
>
>
>
>
> On Tue, 9 Mar 2021 at 02:46, Paul B. Henson wrote:
>
> > I'm going to be running an instance of jetty in AWS. I'd like it to
> > listen on the standard port 443 for internal https traffic, and then on
> > port 4443 with proxy protocol enabled behind an ELB.
> >
> > I'm not clear how to accomplish that? It seems adding the proxy protocol
> > module just turns it on on the default SSL port. I need to have jetty
> > listen on the alternative port as well and have the proxy protocol only
> > enabled on that one.
> >
> > Any guidance on the proper configuration for this would be greatly
> > appreciated, thanks…
> > ___
> > jetty-users mailing list
> > jetty-users@eclipse.org
> > To unsubscribe from this list, visit
> > https://www.eclipse.org/mailman/listinfo/jetty-users
> >
>
>
> --
> Greg Wilkins CTO http://webtide.com
> ___
> jetty-users mailing list
> jetty-users@eclipse.org
> To unsubscribe from this list, visit
> https://www.eclipse.org/mailman/listinfo/jetty-users
___
jetty-users mailing list
jetty-users@eclipse.org
To unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
Re: [jetty-users] regular https and proxied htps at the same time
Cool, thanks much for the advice. I was poking around a bit after I sent
the email and was thinking that's what I needed to do, but wasn't sure
if there was something easier.
On 3/9/2021 12:20 AM, Greg Wilkins wrote:
Paul,
You are correct that the jetty module system issetup to support only a
single instance of each type of connector.
To have your setup, you will need to at least right an XML file and
perhaps a custom module to make it easy to enable.
You need to copy/paste/edit the files:
${jetty.home}/etc/jetty-ssl.xml
${jetty.home}/etc/jetty-https.xml
${jetty.home}/etc/jetty-proxy-protocol-ssl.xml
to ${jetty.base} and call them jetty-sslB.xml, jetty-httpsB.xml
& jetty-proxy-protocol-sslB.xml. Edit them so that they refer to the id
`sslConnectorB`
You then can create a custom module in ${jetty.base}/modules/httpsB.mod
with contents like:
[description]
Adds alternate HTTPS Connector
[depend]
ssl
[xml]
etc/jetty-sslB.xml
etc/jetty-httpsB.xml
etc/jetty-proxy-protocol-sslB.xml
You can replace `B` everywhere with something more descriptive... I
tried `2` but that is confusing with `http2`. You could also merge
these files into a single XML if you liked.
So, in summary, you need your own XML to create the second SSL connector
with the different configuration.
cheers
On Tue, 9 Mar 2021 at 02:46, Paul B. Henson > wrote:
I'm going to be running an instance of jetty in AWS. I'd like it to
listen on the standard port 443 for internal https traffic, and then on
port 4443 with proxy protocol enabled behind an ELB.
I'm not clear how to accomplish that? It seems adding the proxy
protocol
module just turns it on on the default SSL port. I need to have jetty
listen on the alternative port as well and have the proxy protocol only
enabled on that one.
Any guidance on the proper configuration for this would be greatly
appreciated, thanks…
___
jetty-users mailing list
jetty-users@eclipse.org
To unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
--
Greg Wilkins mailto:gr...@webtide.com>> CTO
http://webtide.com
___
jetty-users mailing list
jetty-users@eclipse.org
To unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
___
jetty-users mailing list
jetty-users@eclipse.org
To unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
Re: [jetty-users] regular https and proxied htps at the same time
Paul,
You are correct that the jetty module system issetup to support only a
single instance of each type of connector.
To have your setup, you will need to at least right an XML file and perhaps
a custom module to make it easy to enable.
You need to copy/paste/edit the files:
${jetty.home}/etc/jetty-ssl.xml
${jetty.home}/etc/jetty-https.xml
${jetty.home}/etc/jetty-proxy-protocol-ssl.xml
to ${jetty.base} and call them jetty-sslB.xml, jetty-httpsB.xml
& jetty-proxy-protocol-sslB.xml. Edit them so that they refer to the id
`sslConnectorB`
You then can create a custom module in ${jetty.base}/modules/httpsB.mod
with contents like:
> [description]
> Adds alternate HTTPS Connector
> [depend]
> ssl
> [xml]
etc/jetty-sslB.xml
etc/jetty-httpsB.xml
etc/jetty-proxy-protocol-sslB.xml
You can replace `B` everywhere with something more descriptive... I tried
`2` but that is confusing with `http2`. You could also merge these files
into a single XML if you liked.
So, in summary, you need your own XML to create the second SSL connector
with the different configuration.
cheers
On Tue, 9 Mar 2021 at 02:46, Paul B. Henson wrote:
> I'm going to be running an instance of jetty in AWS. I'd like it to
> listen on the standard port 443 for internal https traffic, and then on
> port 4443 with proxy protocol enabled behind an ELB.
>
> I'm not clear how to accomplish that? It seems adding the proxy protocol
> module just turns it on on the default SSL port. I need to have jetty
> listen on the alternative port as well and have the proxy protocol only
> enabled on that one.
>
> Any guidance on the proper configuration for this would be greatly
> appreciated, thanks…
> ___
> jetty-users mailing list
> jetty-users@eclipse.org
> To unsubscribe from this list, visit
> https://www.eclipse.org/mailman/listinfo/jetty-users
>
--
Greg Wilkins CTO http://webtide.com
___
jetty-users mailing list
jetty-users@eclipse.org
To unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
[jetty-users] regular https and proxied htps at the same time
I'm going to be running an instance of jetty in AWS. I'd like it to listen on the standard port 443 for internal https traffic, and then on port 4443 with proxy protocol enabled behind an ELB. I'm not clear how to accomplish that? It seems adding the proxy protocol module just turns it on on the default SSL port. I need to have jetty listen on the alternative port as well and have the proxy protocol only enabled on that one. Any guidance on the proper configuration for this would be greatly appreciated, thanks… ___ jetty-users mailing list jetty-users@eclipse.org To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
