Hi, On Mon, Jun 27, 2016 at 4:00 PM, Alexander Farber <[email protected]> wrote: > I try to follow your directions and have now the following > /ect/haproxy/haproxy.cfg: > > frontend public > bind 144.76.184.151:80 > bind 144.76.184.151:443 ssl crt /etc/pki/tls/certs/slova.de.pem > default_backend jetty > > backend jetty > server domain 127.0.0.1:8888
Ah, you are offloading TLS. Then use the PROXY protocol, Jetty supports that too. Use the "send-proxy" directive in the HAProxy configuration, and add the "proxy-protocol" module in Jetty. That will take care of the REMOTE_ADDR problem. The solution for HTTPS=on that I use is to redirect, in HAProxy, "http" to "https". In this way it is always HTTPS=on, and you can force that with a parameter in Jetty's FastCGIProxyServlet, see https://github.com/eclipse/jetty.project/blob/jetty-9.3.10.v20160621/jetty-fcgi/fcgi-server/src/main/java/org/eclipse/jetty/fcgi/server/proxy/FastCGIProxyServlet.java#L63. -- Simone Bordet ---- http://cometd.org http://webtide.com Developer advice, training, services and support from the Jetty & CometD experts. _______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
