Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] jetty-9 behind apache reverse proxy with SSL

Proxy configurations are now part of the HttpConfiguration.

See also the distribution's etc/jetty.xml

The configuration of that is done through standard Jetty XML format.

See javadoc for details of configuration options on the ForwardRequestCustomizer

Joakim Erdfelt <joakim@xxxxxxxxxxx>
Expert advice, services and support from from the Jetty & CometD experts

On Sat, Dec 27, 2014 at 3:17 PM, Piotr Morgwai Kotarbinski <spam1@xxxxxxxxxx> wrote:
Hello all,
So far I've been using jetty-8 behind apache reverse proxy with SSL and
it's been working fine. I've been trying to switch to jetty-9 recently,
but I couldn't find an easy way to configure it to make use of
"X-Forwarded-Proto: https" header.
My apache virtual host config looks like this:

<VirtualHost *:443>
        SSLEngine on
        ProxyRequests Off
        ProxyVia Off
        ProxyPreserveHost On
        AllowEncodedSlashes NoDecode
        RequestHeader set X-Forwarded-Proto https
        RequestHeader set X-Forwarded-Port 443
        <Proxy *>
                Order deny,allow
                Allow from all
        <Location /test>
                ProxyPass http://localhost:8666/test nocanon

In jetty-8 I was adding
<Set name="forwarded">true</Set>
directive to SelectChannelConnector in jetty.xml as described here:
and here:
and it all worked fine.
setForwarded is actually a method of AbstractConnector which is a base
class for SelectChannelConnector:

However in jetty-9 this method is no longer present and I couldn't find
an easy way (except for some ugly rewriting rules) to tell jetty-9 that
it should be changing scheme to the one from X-Forwarded-Proto header.
As a result some of my applications don't work anymore (for example
gerrit among others) as they think they are accessed in an insecure way
via http and try to redirect to https. I've written a very simple
servlet to demonstrate what's going on:

        protected void service(
                        HttpServletRequest request,
                        HttpServletResponse response)
                        throws ServletException, IOException {
                ServletOutputStream output = response.getOutputStream();
                output.println("secure: " + request.isSecure());
                output.println("scheme: " + request.getScheme());

in jetty-8 the result was:

secure: true
scheme: https

but now in jetty-9 I get:

secure: false
scheme: http

So my question is what is the proper way in jetty-9 to make it use
X-Forwarded-Proto header just as it used to be done in jetty-8 with <Set
name="forwarded">true</Set> directive. Using rewriting rules seems like
an ugly and unnecessary complicated hack, so I hope that there's a
better way...

Many thanks


jetty-users mailing list
To change your delivery options, retrieve your password, or unsubscribe from this list, visit

Back to the top