Using Jetty with an Apache Proxy

Jetty configuration

If using jetty 732_20171007 and above you can configure jetty for apache simply using an module provided by jetty.  If you previously added jetty/base/etc/jetty.xml to enable this you should remove that file.

StartJetty.bat --add-to-start=http-forwarded

or on Linux

./StartJetty.sh --add-to-start=http-forwarded

This will enable by adding a default configuration file to jetty/base/start.d/http-forwarded.ini.  You can un-comment the lines and change the configuration if you need.

To disable just remove the jetty/base/start.d/http-forwarded.ini file

Apache configuration

You will need to make sure the following modules are enabled in httpd.conf (located in your apache2/conf directory):

LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule xml2enc_module modules/mod_xml2enc.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_html_module modules/mod_proxy_html.so  

and the following line must be uncommented in order to use https, if it is not already:

Include conf/extra/httpd-ssl.conf


Additionally you will want to either add a virtualhost entry for https or modify the pre-existing https virtual host that is being use for Rhythmyx.  The virtualhost can be placed into a conf file; you will also need to enable the following ssl and proxy pass settings:

<VirtualHost *: 443 >
    ServerName {Fully qualified external host name matching cert} ( for example: myserver.percussion.local)
 
    RequestHeader set X-Forwarded-Proto "https" env=HTTPS
 
    SSLEngine on
    SSLProxyEngine On
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes NoDecode
 
    <Proxy *>
    Order deny,allow
    Allow from all
    </Proxy>
 
    SSLCertificateFile {LOCATION TO YOUR SERVER CERTIFICATE ( for example: "/usr/local/apache2/conf/server.crt" )}
    SSLCertificateKeyFile {LOCATION TO YOUR SERVER KEY ( for example: "/usr/local/apache2/conf/server.key" )}
 
    ProxyPass / http: //{internal rhythmyx host or ip}:{internal rhythmyx http port}/ nocanon (for example: http://rhythmyx:9992/)
    ProxyPassReverse / http: //{internal rhythmyx host or ip}:{internal rhythmyx http port}/ (for example: http://rhythmyx:9992/)
 
</VirtualHost>

You may want to enable the other security elements for the virtual host, but it is not required. 

Example virtual host entry in httpd-ssl.conf:

<VirtualHost *: 443 >
 
    RequestHeader set X-Forwarded-Proto "https" env=HTTPS
    ServerName myserver.hostname.local
 
    SSLEngine on
    SSLProxyEngine On
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes NoDecode
 
    <Proxy *>
    Order deny,allow
    Allow from all
    </Proxy>
 
    SSLCertificateFile "/usr/local/apache2/conf/server.crt"
    SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"
 
    ProxyPass / http: //myrhythmyx:9992/ nocanon
    ProxyPassReverse / http: //myrhythmyx:9992/
 
</VirtualHost>

 

Additional information

For more information please read Jetty's official documentation on How to Configure mod proxy

and Apache's Reverse Proxy Guide and virtualhost examples