Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] regular https and proxied htps at the same time 
Ok, I have this working and have a second SSL instance on port 8443. But
I'm having an issue with redirects; when I issue a request to the
instance on port 8443 that results in a redirect, it includes the port
8443 in the URL:

curl -v -k https://server:8443/images
[...]
< HTTP/1.1 302 Found
< Location: https://server:8443/images/

The instance on 8443 is behind the proxy/lb which listens on 443. It needs
to redirect to 443. I already had this in my config:

start.d/server.ini:jetty.httpConfig.securePort=443

But it seems that's only taken into account when redirecting from http
to https, not for redirects when already using https? Unless I need to
modify more stuff in what I copied.

Thanks again...


On Tue, Mar 09, 2021 at 09:20:13AM +0100, Greg Wilkins wrote:
> Paul,
> 
> You are correct that the jetty module system issetup to support only a
> single instance of each type of connector.
> To have your setup, you will need to at least right an XML file and perhaps
> a custom module to make it easy to enable.
> 
> You need to copy/paste/edit the files:
> 
> ${jetty.home}/etc/jetty-ssl.xml
>  ${jetty.home}/etc/jetty-https.xml
>  ${jetty.home}/etc/jetty-proxy-protocol-ssl.xml
> 
> 
> to ${jetty.base} and call them jetty-sslB.xml, jetty-httpsB.xml
> & jetty-proxy-protocol-sslB.xml.  Edit them so that they refer to the id
> `sslConnectorB`
> 
> You then can create a custom module in ${jetty.base}/modules/httpsB.mod
> with contents like:
> 
> > [description]
> > Adds alternate HTTPS  Connector
> > [depend]
> > ssl
> > [xml]
> 
> etc/jetty-sslB.xml
> 
> etc/jetty-httpsB.xml
> 
> etc/jetty-proxy-protocol-sslB.xml
> 
> 
> You can replace `B` everywhere with something more descriptive... I tried
> `2` but that is confusing with `http2`.  You could also merge these files
> into a single XML if you liked.
> 
> So, in summary, you need your own XML to create the second SSL connector
> with the different configuration.
> 
> cheers
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> On Tue, 9 Mar 2021 at 02:46, Paul B. Henson <henson@xxxxxxx> wrote:
> 
> > I'm going to be running an instance of jetty in AWS. I'd like it to
> > listen on the standard port 443 for internal https traffic, and then on
> > port 4443 with proxy protocol enabled behind an ELB.
> >
> > I'm not clear how to accomplish that? It seems adding the proxy protocol
> > module just turns it on on the default SSL port. I need to have jetty
> > listen on the alternative port as well and have the proxy protocol only
> > enabled on that one.
> >
> > Any guidance on the proper configuration for this would be greatly
> > appreciated, thanks…
> > _______________________________________________
> > jetty-users mailing list
> > jetty-users@xxxxxxxxxxx
> > To unsubscribe from this list, visit
> > https://www.eclipse.org/mailman/listinfo/jetty-users
> >
> 
> 
> -- 
> Greg Wilkins <gregw@xxxxxxxxxxx> CTO http://webtide.com

> _______________________________________________
> jetty-users mailing list
> jetty-users@xxxxxxxxxxx
> To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users

Back to the top