Versions Compared

Old Version 3

changes.mady.by.user Paul Riddle

Saved on

compared with

New Version 4

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This is a quick guide for configuring Jetty to run behind an Apache httpd front end. While typically not necessary, you may need to do this if you are using Remote User Authentication or External Authentication in conjunction with a product that is not Java-based. There may be other use cases as well.

...

  1. Configure a Jetty HTTP connector on the loopback interface. This is done in jetty.xml:

    Code Block
    <Call name="addConnector">
  <Arg>
    <New class="org.eclipse.jetty.server.ServerConnector">
      <Arg name="server"><Ref refid="Server" /></Arg>
      <Arg name="factories">
        <Array type="org.eclipse.jetty.server.ConnectionFactory">
          <Item>
            <New class="org.eclipse.jetty.server.HttpConnectionFactory">
              <Arg name="config"><Ref refid="httpConfig" /></Arg>
            </New>
          </Item>
        </Array>
      </Arg>
      <Set name="host"><Property name="jetty.nonhttps.host" default="localhost" /></Set>
      <Set name="port"><Property name="jetty.nonhttps.port" default="8080" /></Set>
      <Set name="idleTimeout"><Property name="http.timeout" default="30000" /></Set>
      <Set name="soLingerTime"><Property name="http.soLingerTime" default="-1"/></Set>
    </New>
  </Arg>
</Call>
    Note

    Make sure the connector is configured to only listen on the loopback interface (localhost). It must not be exposed to external hosts!

    This is the only connector that is needed; all others can safely be disabled.

  2. Note that the connector we've configured is using plain HTTP. The request comes into Apache over HTTPS, but we're forwarding it to Jetty via HTTP over the loopback interface. For this to work, Jetty needs to accept the X-Forwarded-Proto HTTP header, which by default, it does not. Enable this by editing jetty.xml and adding the following within the <New id="httpConfig" ..> section:

    Code Block
    <Call name="addCustomizer">
  <Arg><New class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/></Arg>
</Call>
    Info

    On my installation of Jetty, this block was already in the config file, and I just had to uncomment it.

  3. Configure Apache httpd to proxy requests to /idp to Jetty. In httpd.conf:

    No Format
    <IfModule mod_proxy.c>
    ProxyPreserveHost On
    RequestHeader set X-Forwarded-Proto "https"
    ProxyPass /idp http://localhost:8080/idp
    ProxyPassReverse /idp http://localhost:8080/idp
</IfModule>

    The first two lines tell Apache to preserve the host and scheme when proxying the request to Jetty.

  4. Restart httpd and Jetty, and make sure all works as expected.

...