[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [jetty-users] regular https and proxied htps at the same time
|
Ok, I have this working and have a second SSL instance on port 8443. But
I'm having an issue with redirects; when I issue a request to the
instance on port 8443 that results in a redirect, it includes the port
8443 in the URL:
curl -v -k https://server:8443/images
[...]
< HTTP/1.1 302 Found
< Location: https://server:8443/images/
The instance on 8443 is behind the proxy/lb which listens on 443. It needs
to redirect to 443. I already had this in my config:
start.d/server.ini:jetty.httpConfig.securePort=443
But it seems that's only taken into account when redirecting from http
to https, not for redirects when already using https? Unless I need to
modify more stuff in what I copied.
Thanks again...
On Tue, Mar 09, 2021 at 09:20:13AM +0100, Greg Wilkins wrote:
> Paul,
>
> You are correct that the jetty module system issetup to support only a
> single instance of each type of connector.
> To have your setup, you will need to at least right an XML file and perhaps
> a custom module to make it easy to enable.
>
> You need to copy/paste/edit the files:
>
> ${jetty.home}/etc/jetty-ssl.xml
> ${jetty.home}/etc/jetty-https.xml
> ${jetty.home}/etc/jetty-proxy-protocol-ssl.xml
>
>
> to ${jetty.base} and call them jetty-sslB.xml, jetty-httpsB.xml
> & jetty-proxy-protocol-sslB.xml. Edit them so that they refer to the id
> `sslConnectorB`
>
> You then can create a custom module in ${jetty.base}/modules/httpsB.mod
> with contents like:
>
> > [description]
> > Adds alternate HTTPS Connector
> > [depend]
> > ssl
> > [xml]
>
> etc/jetty-sslB.xml
>
> etc/jetty-httpsB.xml
>
> etc/jetty-proxy-protocol-sslB.xml
>
>
> You can replace `B` everywhere with something more descriptive... I tried
> `2` but that is confusing with `http2`. You could also merge these files
> into a single XML if you liked.
>
> So, in summary, you need your own XML to create the second SSL connector
> with the different configuration.
>
> cheers
>
>
>
>
>
>
>
>
>
>
> On Tue, 9 Mar 2021 at 02:46, Paul B. Henson <henson@xxxxxxx> wrote:
>
> > I'm going to be running an instance of jetty in AWS. I'd like it to
> > listen on the standard port 443 for internal https traffic, and then on
> > port 4443 with proxy protocol enabled behind an ELB.
> >
> > I'm not clear how to accomplish that? It seems adding the proxy protocol
> > module just turns it on on the default SSL port. I need to have jetty
> > listen on the alternative port as well and have the proxy protocol only
> > enabled on that one.
> >
> > Any guidance on the proper configuration for this would be greatly
> > appreciated, thanks…
> > _______________________________________________
> > jetty-users mailing list
> > jetty-users@xxxxxxxxxxx
> > To unsubscribe from this list, visit
> > https://www.eclipse.org/mailman/listinfo/jetty-users
> >
>
>
> --
> Greg Wilkins <gregw@xxxxxxxxxxx> CTO http://webtide.com
> _______________________________________________
> jetty-users mailing list
> jetty-users@xxxxxxxxxxx
> To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users