...
Configure a Jetty HTTP connector on the loopback interface. This is done in
jetty.xml
:Code Block <Call name="addConnector"> <Arg> <New class="org.eclipse.jetty.server.ServerConnector"> <Arg name="server"><Ref refid="Server" /></Arg> <Arg name="factories"> <Array type="org.eclipse.jetty.server.ConnectionFactory"> <Item> <New class="org.eclipse.jetty.server.HttpConnectionFactory"> <Arg name="config"><Ref refid="httpConfig" /></Arg> </New> </Item> </Array> </Arg> <Set name="host"><Property name="jetty.nonhttps.host" default="localhost" /></Set> <Set name="port"><Property name="jetty.nonhttps.port" default="8080" /></Set> <Set name="idleTimeout"><Property name="http.timeout" default="30000" /></Set> <Set name="soLingerTime"><Property name="http.soLingerTime" default="-1"/></Set> </New> </Arg> </Call>
Note Make sure the connector is configured to only listen on the loopback interface (localhost). It must not be exposed to external hosts!
This is the only connector that is needed; all others can safely be disabled.
Note that the connector we've configured is using plain HTTP. The request comes into Apache over HTTPS, but we're forwarding it to Jetty via HTTP over the loopback interface. For this to work, Jetty needs to accept the
X-Forwarded-Proto
HTTP header, which by default, it does not. Enable this by editingjetty.xml
and adding the following within the<New id="httpConfig" ..>
section:Code Block <Call name="addCustomizer"> <Arg><New class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/></Arg> </Call>
Configure Apache httpd to proxy requests to
/idp
to Jetty. Inhttpd.conf
:No Format <IfModule mod_proxy.c> ProxyPreserveHost On RequestHeader set X-Forwarded-Proto "https" RequestHeader set X-Forwarded-Port 443 ProxyPass /idp http://localhost:8080/idp ProxyPassReverse /idp http://localhost:8080/idp </IfModule>
The first two lines tell Apache to preserve the host and scheme when proxying the request to Jetty.
- Restart httpd and Jetty, and make sure all works as expected.
...