On 08/01/2012 09:41, plot.lost wrote:
Apologies in advance for sending this to the apache mailing list, I
know it's not really the right place for this question but I though it
was maybe worth a try just in case there is someone on this list who
has already done this and could maybe help....
The question is as follows:
I'm looking at more information on how proxy SSL on Apache to HTTP on
Jetty - I've seen the following page:
http://irc.codehaus.org/display/JETTY/Configuring+mod_proxy
where it says:
/You can do that by extending the Connector class of your choice,
eg the SelectChannelConnector, and implement the
customize(EndPoint, Request) method to force the scheme of the
Request to be https like so ( don't forget to call
super.customize(endpoint,request)!
/
but can someone explain to a complete newbie exactly how this is done,
i.e. what files need to be edited etc.
This is actually for running an instance of mifos (supplied as a .war
file) in Jetty via an existing apache https system, using mod proxy as
the connection method (ProxyPreserveHost On has been set). The proxy
is working as expected, connecting to Jetty just fine, but redirects
are loosing the https part and just being sent as http.
Thanks, and sorry again for sending the question to this list.
I have now found a solution to this, so though I should post it here as
well just in case this turns up in a future search...
Turns out that you can do this without having to actually write any code
- which is what the link on codehaus above was implying you need to do.
I though it would be odd that code would bee needed for this and not
just some config options. Even the 'more -up-to-date' docs at
http://wiki.eclipse.org/Jetty/Howto/Configure_mod_proxy describe the
method of writing code extensions.
Jetty does look at the X-Forwarded fields to pick up the details it
needs, but one field it looks at is not actually set by mod-proxy and
thats X-Forwarded-Proto. So simply adding:
RequestHeader set X-Forwarded-Proto "https"
to the apache config solves that problem. (just make sure that jetty has
<Set name="forwarded">true</Set> in the connector config so that it uses
the X-Forwarded fields)
That to me is a much better approach from a server admin point of view -
nothing more than a few config changes, no need to actually
write/compile/install new code!