Using Jetty with an Apache Proxy

Using Jetty with an Apache Proxy

Jetty configuration

Jetty may be configure to run behind an Apache proxy server by using an module provided by jetty. 

Windows

  • <InstallDir>\jetty\StartJetty.bat --add-to-start=http-forwarded

 Linux

  • <InstallDir>/jetty/StartJetty.sh --add-to-start=http-forwarded

This will enable by adding a default configuration file to jetty/base/start.d/http-forwarded.ini.  You can uncomment the lines and change the configuration if you need.

To disable just remove the jetty/base/start.d/http-forwarded.ini file.

Percussion Configuration

Several properties control the CMS application when deployed behind a proxy.

<InstallDir>/rxconfig/Server/server.properties file.

requestBehindProxy

When set to true the application is configured behind a reverse proxy server. 

requestBehindProxy=true

publicCmsHostname

When configured behind a reverse proxy, the public host name of the proxy server.

publicCmsHostname=<Public Side of the Reverse Proxy Server e.g. cms.mydomain.com>

proxyScheme

Public scheme that the proxy server uses.  (http or https)

proxyPort

Public port of the proxy (443 for SSL)

requireHttps

Should be set to false when configure behind a proxy. 

requireHttps=false

Apache configuration

You will need to make sure the following modules are enabled in httpd.conf (located in your apache2/conf directory):

LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule xml2enc_module modules/mod_xml2enc.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_html_module modules/mod_proxy_html.so  

and the following line must be uncommented in order to use https, if it is not already:

Include conf/extra/httpd-ssl.conf


Additionally you will want to either add a virtualhost entry for https or modify the pre-existing https virtual host that is being use for Rhythmyx.  The virtualhost can be placed into a conf file; you will also need to enable the following ssl and proxy pass settings:

<VirtualHost *: 443 >
    ServerName {Fully qualified external host name matching cert} ( for example: myserver.percussion.local)
 
    RequestHeader set X-Forwarded-Proto "https" env=HTTPS
 
    SSLEngine on
    SSLProxyEngine On
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes NoDecode
 
    <Proxy *>
    Order deny,allow
    Allow from all
    </Proxy>
 
    SSLCertificateFile {LOCATION TO YOUR SERVER CERTIFICATE ( for example: "/usr/local/apache2/conf/server.crt" )}
    SSLCertificateKeyFile {LOCATION TO YOUR SERVER KEY ( for example: "/usr/local/apache2/conf/server.key" )}
 
    ProxyPass / http: //{internal rhythmyx host or ip}:{internal rhythmyx http port}/ nocanon (for example: http://percussion:9992/)
    ProxyPassReverse / http: //{internal rhythmyx host or ip}:{internal rhythmyx http port}/ (for example: http://percussion:9992/)
 
</VirtualHost>

You may want to enable the other security elements for the virtual host, but it is not required. 

Example virtual host entry in httpd-ssl.conf:

<VirtualHost *: 443 >
 
    RequestHeader set X-Forwarded-Proto "https" env=HTTPS
    ServerName myserver.hostname.local
 
    SSLEngine on
    SSLProxyEngine On
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes NoDecode
 
    <Proxy *>
    Order deny,allow
    Allow from all
    </Proxy>
 
    SSLCertificateFile "/usr/local/apache2/conf/server.crt"
    SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"
 
    ProxyPass / http: //mypercussion:9992/ nocanon
    ProxyPassReverse / http: //mypercussion:9992/
 
</VirtualHost>

 

Additional information

For more information please read Jetty's official documentation on How to Configure mod proxy

and Apache's Reverse Proxy Guide and virtualhost examples

Leave a comment

*
*