[users@httpd] Re: Proxying SSL on Apache to HTTP on Jetty

Mon, 09 Jan 2012 04:21:40 -0800 

On 08/01/2012 09:41, plot.lost wrote:
Apologies in advance for sending this to the apache mailing list, I know it's not really the right place for this question but I though it was maybe worth a try just in case there is someone on this list who has already done this and could maybe help.... 

The question is as follows:


I'm looking at more information on how proxy SSL on Apache to HTTP on 
Jetty - I've seen the following page:


http://irc.codehaus.org/display/JETTY/Configuring+mod_proxy

where it says:

    /You can do that by extending the Connector class of your choice,
    eg the SelectChannelConnector, and implement the
    customize(EndPoint, Request) method to force the scheme of the
    Request to be https like so ( don't forget to call
    super.customize(endpoint,request)!
    /



but can someone explain to a complete newbie exactly how this is done, 
i.e. what files need to be edited etc.



This is actually for running an instance of mifos (supplied as a .war 
file) in Jetty via an existing apache https system, using mod proxy as 
the connection method (ProxyPreserveHost On has been set). The proxy 
is working as expected, connecting to Jetty just fine, but redirects 
are loosing the https part and just being sent as http.


Thanks, and sorry again for sending the question to this list.



I have now found a solution to this, so though I should post it here as 
well just in case this turns up in a future search...



Turns out that you can do this without having to actually write any code 
- which is what the link on codehaus above was implying you need to do. 
I though it would be odd that code would bee needed for this and not 
just some config options. Even the 'more -up-to-date' docs at 
http://wiki.eclipse.org/Jetty/Howto/Configure_mod_proxy describe the 
method of writing code extensions.



Jetty does look at the X-Forwarded fields to pick up the details it 
needs, but one field it looks at is not actually set by mod-proxy and 
thats X-Forwarded-Proto. So simply adding:


RequestHeader set X-Forwarded-Proto "https"


to the apache config solves that problem. (just make sure that jetty has 
<Set name="forwarded">true</Set> in the connector config so that it uses 
the X-Forwarded fields)



That to me is a much better approach from a server admin point of view - 
nothing more than a few config changes, no need to actually 
write/compile/install new code!

























					Reply via email to