Many many thanks! It all works now :)
On 30/12/14 03:29, Joakim Erdfelt wrote: > Proxy configurations are now part of the HttpConfiguration. > > https://www.eclipse.org/jetty/documentation/current/configuring-connectors.html#d0e4447 > > See also the distribution's etc/jetty.xml > > https://github.com/eclipse/jetty.project/blob/jetty-9.2.6.v20141205/jetty-server/src/main/config/etc/jetty.xml#L90-L94 > > The configuration of that is done through standard Jetty XML format. > > See javadoc for details of configuration options on the > ForwardRequestCustomizer > > http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ForwardedRequestCustomizer.html > > > > -- > Joakim Erdfelt <[email protected] <mailto:[email protected]>> > webtide.com <http://www.webtide.com/> - intalio.com/jetty > <http://intalio.com/jetty> > Expert advice, services and support from from the Jetty & CometD experts > eclipse.org/jetty <http://eclipse.org/jetty/> - cometd.org > <http://cometd.org/> > > On Sat, Dec 27, 2014 at 3:17 PM, Piotr Morgwai Kotarbinski > <[email protected] <mailto:[email protected]>> wrote: > > Hello all, > So far I've been using jetty-8 behind apache reverse proxy with SSL and > it's been working fine. I've been trying to switch to jetty-9 recently, > but I couldn't find an easy way to configure it to make use of > "X-Forwarded-Proto: https" header. > My apache virtual host config looks like this: > > <VirtualHost *:443> > SSLEngine on > (...) > ProxyRequests Off > ProxyVia Off > ProxyPreserveHost On > AllowEncodedSlashes NoDecode > RequestHeader set X-Forwarded-Proto https > RequestHeader set X-Forwarded-Port 443 > <Proxy *> > Order deny,allow > Allow from all > </Proxy> > <Location /test> > ProxyPass http://localhost:8666/test nocanon > </Location> > (...) > </VirtualHost> > > In jetty-8 I was adding > <Set name="forwarded">true</Set> > directive to SelectChannelConnector in jetty.xml as described here: > https://wiki.eclipse.org/Jetty/Tutorial/Apache > and here: > https://wiki.eclipse.org/Jetty/Howto/Configure_mod_proxy > and it all worked fine. > setForwarded is actually a method of AbstractConnector which is a base > class for SelectChannelConnector: > > http://download.eclipse.org/jetty/stable-8/apidocs/org/eclipse/jetty/server/AbstractConnector.html#setForwarded(boolean) > > However in jetty-9 this method is no longer present and I couldn't find > an easy way (except for some ugly rewriting rules) to tell jetty-9 that > it should be changing scheme to the one from X-Forwarded-Proto header. > As a result some of my applications don't work anymore (for example > gerrit among others) as they think they are accessed in an insecure way > via http and try to redirect to https. I've written a very simple > servlet to demonstrate what's going on: > > protected void service( > HttpServletRequest request, > HttpServletResponse response) > throws ServletException, IOException { > ServletOutputStream output = response.getOutputStream(); > output.println("secure: " + request.isSecure()); > output.println("scheme: " + request.getScheme()); > } > > in jetty-8 the result was: > > secure: true > scheme: https > > but now in jetty-9 I get: > > secure: false > scheme: http > > So my question is what is the proper way in jetty-9 to make it use > X-Forwarded-Proto header just as it used to be done in jetty-8 with <Set > name="forwarded">true</Set> directive. Using rewriting rules seems like > an ugly and unnecessary complicated hack, so I hope that there's a > better way... > > Many thanks > > Morgwai > > > _______________________________________________ > jetty-users mailing list > [email protected] <mailto:[email protected]> > To change your delivery options, retrieve your password, or > unsubscribe from this list, visit > https://dev.eclipse.org/mailman/listinfo/jetty-users > > > > > _______________________________________________ > jetty-users mailing list > [email protected] > To change your delivery options, retrieve your password, or unsubscribe from > this list, visit > https://dev.eclipse.org/mailman/listinfo/jetty-users > _______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
