Using Jetty with an Apache Proxy
Jetty configuration
If using jetty 732_20171007 and above you can configure jetty for apache simply using an module provided by jetty. If you previously added jetty/base/etc/jetty.xml to enable this you should remove that file.
StartJetty.bat --add-to-start=http-forwarded
or on Linux
./StartJetty.sh --add-to-start=http-forwarded
This will enable by adding a default configuration file to jetty/base/start.d/http-forwarded.ini. You can un-comment the lines and change the configuration if you need.
To disable just remove the jetty/base/start.d/http-forwarded.ini file
Apache configuration
You will need to make sure the following modules are enabled in httpd.conf (located in your apache2/conf directory):
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so LoadModule xml2enc_module modules/mod_xml2enc.so LoadModule proxy_module modules/mod_proxy.so LoadModule ssl_module modules/mod_ssl.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule proxy_html_module modules/mod_proxy_html.so |
and the following line must be uncommented in order to use https, if it is not already:
Include conf/extra/httpd-ssl.conf |
Additionally you will want to either add a virtualhost entry for https or modify the pre-existing https virtual host that is being use for Rhythmyx. The virtualhost can be placed into a conf file; you will also need to enable the following ssl and proxy pass settings:
<VirtualHost *: 443 > ServerName {Fully qualified external host name matching cert} ( for example: myserver.percussion.local) RequestHeader set X-Forwarded-Proto "https" env=HTTPS SSLEngine on SSLProxyEngine On ProxyRequests Off ProxyPreserveHost On AllowEncodedSlashes NoDecode <Proxy *> Order deny,allow Allow from all </Proxy> SSLCertificateFile {LOCATION TO YOUR SERVER CERTIFICATE ( for example: "/usr/local/apache2/conf/server.crt" )} SSLCertificateKeyFile {LOCATION TO YOUR SERVER KEY ( for example: "/usr/local/apache2/conf/server.key" )} ProxyPass / http: //{internal rhythmyx host or ip}:{internal rhythmyx http port}/ nocanon (for example: http://rhythmyx:9992/) ProxyPassReverse / http: //{internal rhythmyx host or ip}:{internal rhythmyx http port}/ (for example: http://rhythmyx:9992/) </VirtualHost> |
You may want to enable the other security elements for the virtual host, but it is not required.
Example virtual host entry in httpd-ssl.conf:
<VirtualHost *: 443 > RequestHeader set X-Forwarded-Proto "https" env=HTTPS ServerName myserver.hostname.local SSLEngine on SSLProxyEngine On ProxyRequests Off ProxyPreserveHost On AllowEncodedSlashes NoDecode <Proxy *> Order deny,allow Allow from all </Proxy> SSLCertificateFile "/usr/local/apache2/conf/server.crt" SSLCertificateKeyFile "/usr/local/apache2/conf/server.key" ProxyPass / http: //myrhythmyx:9992/ nocanon ProxyPassReverse / http: //myrhythmyx:9992/ </VirtualHost> |
Additional information
For more information please read Jetty's official documentation on How to Configure mod proxy