Using Jetty with an Apache Proxy

Jetty configuration

Jetty may be configure to run behind an Apache proxy server by using an module provided by jetty.

Windows

<InstallDir>\jetty\StartJetty.bat --add-to-start=http-forwarded

Linux

<InstallDir>/jetty/StartJetty.sh --add-to-start=http-forwarded

This will enable by adding a default configuration file to jetty/base/start.d/http-forwarded.ini. You can uncomment the lines and change the configuration if you need.

To disable just remove the jetty/base/start.d/http-forwarded.ini file.

Percussion Configuration

Several properties control the CMS application when deployed behind a proxy.

<InstallDir>/rxconfig/Server/server.properties file.

requestBehindProxy

When set to true the application is configured behind a reverse proxy server.

requestBehindProxy=true

publicCmsHostname

When configured behind a reverse proxy, the public host name of the proxy server.

publicCmsHostname=<Public Side of the Reverse Proxy Server e.g. cms.mydomain.com>

proxyScheme

Public scheme that the proxy server uses. (http or https)

proxyPort

Public port of the proxy (443 for SSL)

requireHttps

Should be set to false when configure behind a proxy.

requireHttps=false

Apache configuration

You will need to make sure the following modules are enabled in httpd.conf (located in your apache2/conf directory):

LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule xml2enc_module modules/mod_xml2enc.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_html_module modules/mod_proxy_html.so  

and the following line must be uncommented in order to use https, if it is not already:

Include conf/extra/httpd-ssl.conf

Additionally you will want to either add a virtualhost entry for https or modify the pre-existing https virtual host that is being use for Rhythmyx. The virtualhost can be placed into a conf file; you will also need to enable the following ssl and proxy pass settings:

<VirtualHost *:443>    ServerName {Fully qualified external host name matching cert} ( for example: myserver.percussion.local)
 
    RequestHeader set X-Forwarded-Proto "https" env=HTTPS
 
    SSLEngine on
    SSLProxyEngine On
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes NoDecode
 
    <Proxy *>
    Order deny,allow
    Allow from all
    </Proxy>
 
    SSLCertificateFile {LOCATION TO YOUR SERVER CERTIFICATE ( for example: "/usr/local/apache2/conf/server.crt" )}
    SSLCertificateKeyFile {LOCATION TO YOUR SERVER KEY ( for example: "/usr/local/apache2/conf/server.key" )}
 
    ProxyPass / http: //{internal rhythmyx host or ip}:{internal rhythmyx http port}/ nocanon (for example: http://percussion:9992/)
    ProxyPassReverse / http: //{internal rhythmyx host or ip}:{internal rhythmyx http port}/ (for example: http://percussion:9992/)
 
</VirtualHost>

You may want to enable the other security elements for the virtual host, but it is not required.

Example virtual host entry in httpd-ssl.conf:

<VirtualHost *: 443 >
 
    RequestHeader set X-Forwarded-Proto "https" env=HTTPS
    ServerName myserver.hostname.local
 
    SSLEngine on
    SSLProxyEngine On
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes NoDecode
 
    <Proxy *>
    Order deny,allow
    Allow from all
    </Proxy>
 
    SSLCertificateFile "/usr/local/apache2/conf/server.crt"
    SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"
 
    ProxyPass / http: //mypercussion:9992/ nocanon
    ProxyPassReverse / http: //mypercussion:9992/
 
</VirtualHost>

Additional information

For more information please read Jetty's official documentation on How to Configure mod proxy

and Apache's Reverse Proxy Guide and virtualhost examples