Message-ID: <673209534.3651.1406303994164.JavaMail.email@example.com> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_3650_371604430.1406303994164" ------=_Part_3650_371604430.1406303994164 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
The apache web server is frequently used as a server in front of a servl=
While there are no real technical reasons to front Jett= y with apache, sometimes this is needed
for software load balancing, = or to fit with a corporate infrastructure, or simply to stick with a known = deployment structure.
There are 3 main alternative for connection Apache to Jetty:=20
Using the HTTP Connectors is greatly preferred, as Jetty performs signif= icantly better with HTTP and the AJP protocol is poorly documented and ther= e are many version irregularities. If AJP is to be used, the then mod_proxy= _ajp module is preferred over mod_jk. Previously, the load balancing capabi= lities of mod_jk meant that it had to be used (tolerated), but with apache = 2.2, mod_proxy_balancer is avail= able and load balance over HTTP and AJP connectors.=20
Apache has a mod_proxy module available for almost all versions of apach= e. However, prior to apache 2.2, only reverse proxy features were available= and mod_proxy_balancer was not available for load balancing.=20
Documentation for mod_proxy is available for:=20
The configuration file layout for apache varies greatly with version and= distribution, but to configure mod_proxy as a reverse proxy, the follow co= nfiguration is key:=20
ProxyPassRever= seconfiguration be used so that apache can rewrite any URLs in head= ers etc. However, if you use the
ProxyPreserveHostconfigurati= on, Jetty can generate the correct URLs and they do not need to be rewritte= n:
ServletRequest= #getRemoteAddr()) you can use the forwarded property on <= code>AbstractConnector which interprets the mod_proxy_http "x-forwarded-" headers instead= :=20 Or, to force the result of
ServletRequest#getServerPort()(if headers are not avai= lable):=20
The situation here is:=20 =20
If you want to offload the SSL onto Apache, and then use plain http requ= ests to your Jetty backend, you need to configure Jetty to use https:// in = all redirected requests.=20
You can do that by extending the Connector class of your choice, eg the = SelectChannelConnector, and implement the customize(EndPoint, Request) meth= od to force the scheme of the Request to be https like so ( don't f= orget to call super.customize(endpoint,request)! ):=20 =20
If you need access on Jetty to some of the SSL information accessible on=
Apache, then you need to some configuration tricks on Apache to insert the=
SSL info as headers on outgoing requests. Follow the Apache configuration =
suggestions on this tutorial which shows you how to use
ers to insert the appropriate request headers. Of course you will al=
so need to code your application to look for the corresponding custom reque=
st headers bearing the ssl information.
The configuration of mod_proxy_balancer is similar to pure mod_proxy, ex=
balancer:// URLs may be used as a protocol instead o=
http:// when specifying destinations (workers) in
Proxy balancer:// -= defines the nodes (workers) in the cluster. Each member may be a
ajp:// URL or another
URL for cascaded load balancing configuration.
If the worker name is = not set for the Jetty servers, then session affinity (sticky sessions) will= not work. The JSESSIONID cookie must have the format
t;.<worker name>, in which
worker name has the sa=
me value as the
route specified in the BalancerMember above (i=
n this case "jetty1" and "jetty2"). See this article f=
or details. The following can be added to the
WEB-INF directory to set the worker name.
Apache provide mod_status and Balancer Manager Support so that= the status of the proxy and balancer can be viewed on a web page. The foll= owing configuration enables these UIs at /balancer and /status URLs:=20 =20
These UIs should be protected from external access.