Message-ID: <1748421381.298942.1368950287696.JavaMail.firstname.lastname@example.org> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_298941_1252281083.1368950287695" ------=_Part_298941_1252281083.1368950287695 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
The apache web server is frequently used as a server in front of a servl=
While there are no real technical reasons to front Jetty with apache, somet= imes this is needed
for software load balancing, or to fit with a corporate infrastructure, or = simply to stick with a known deployment structure.
There are 3 main alternative for connection Apache to Jetty:
Using the HTTP Connectors is greatly preferred, as Jetty performs signif= icantly better with HTTP and the AJP protocol is poorly documented and ther= e are many version irregularities. If AJP is to be used, the then mod_pro= xy_ajp module is preferred over mod_jk. Previously, the load balancing cap= abilities of mod_jk meant that it had to be used (tolerated), but with apac= he 2.2, mod_proxy_balancer is av= ailable and load balance over HTTP and AJP connectors.
Apache has a mod_proxy module available for almost all versions of apach= e. However, prior to apache 2.2, only reverse proxy features were availabl= e and mod_proxy_balancer was not available for load balancing.
Documentation for mod_proxy is available for:
The configuration file layout for apache varies greatly with version and= distribution, but to configure mod_proxy as a reverse proxy, the follow co= nfiguration is key:
ProxyPassRe= verseconfiguration be used so that apache can rewrite any URLs in h= eaders etc. However, if you use the
ProxyPreserveHostconfigu= ration, Jetty can generate the correct URLs and they do not need to be rewr= itten:
ServletRequest#getRem= oteAddr()) you can use the forwarded property on
Ab= stractConnectorwhich interprets the mod_proxy_http "x-forwarded-" headers instead: Or, to force the result of
ServletRequest#getServerPort()(if headers are not available):
The situation here is:
If you want to offload the SSL onto Apache, and then use plain http requ= ests to your Jetty backend, you need to configure Jetty to use https:// in = all redirected requests.
You can do that by extending the Connector class of your choice, eg the = SelectChannelConnector, and implement the customize(EndPoint, Request) meth= od to force the scheme of the Request to be https like so ( don't f= orget to call super.customize(endpoint,request)! ):
If you need access on Jetty to some of the SSL information accessible on=
Apache, then you need to some configuration tricks on Apache to insert the=
SSL info as headers on outgoing requests. Follow the Apache configuration =
suggestions on this tutorial which shows you how to use
ers to insert the appropriate request headers. Of course you will al=
so need to code your application to look for the corresponding custom reque=
st headers bearing the ssl information.
With apache 2.2 mod_proxy is able to u= se the extension mod_proxy_balancer=
The configuration of mod_proxy_balancer is similar to pure mod_proxy, ex=
balancer:// URLs may be used as a protocol instead o=
http:// when specifying destinations (workers) in
Proxy balancer:// - defines the nodes (workers) in the clu= ster. Each member may be a
ajp:// URL =
balancer:// URL for cascaded load balancing configu=
If the worker name is not set for the Jetty servers, then session affinity = (sticky sessions) will not work. The JSESSIONID cookie must have the format=
<sessionID>.<worker name>, in which
name has the same value as the
route specified in the B=
alancerMember above (in this case "jetty1" and "jetty2"=
). See this article for details. The following can be added to the
etty-web.xml in the
WEB-INF directory to set the worker=
Apache provide mod_status and Balancer Manager Support so that= the status of the proxy and balancer can be viewed on a web page. The fo= llowing configuration enables these UIs at /balancer and /status URLs:
These UIs should be protected from external access.------=_Part_298941_1252281083.1368950287695--