This is a quick guide for configuring Jetty to run behind an Apache httpd front end. While typically not necessary, you may need to do this if you are using Remote User Authentication or External Authentication in conjunction with a product that is not Java-based. There may be other use cases as well.
This method works by running Jetty on the loopback interface (localhost) and configuring Apache to proxy requests to it via mod_proxy_http. While this is functionally similar to proxying to Tomcat via AJP, we can't take the same approach here because Jetty no longer supports AJP.
This documentation assumes you are running Apache httpd v2.2 and Jetty 9.2. Make sure mod_proxy_http is installed as well; it should be there by default on most packaged Apache distributions.
Configure a Jetty HTTP connector on the loopback interface. This is done in
Make sure the connector is configured to only listen on the loopback interface (localhost). It must not be exposed to external hosts!
This is the only connector that is needed; all others can safely be disabled.
Note that the connector we've configured is using plain HTTP. The request comes into Apache over HTTPS, but we're forwarding it to Jetty via HTTP over the loopback interface. For this to work, Jetty needs to accept the
X-Forwarded-ProtoHTTP header, which by default, it does not. Enable this by editing
jetty.xmland adding the following within the
<New id="httpConfig" ..>section:
Configure Apache httpd to proxy requests to
/idpto Jetty. In
The first two lines tell Apache to preserve the host and scheme when proxying the request to Jetty.
- Restart httpd and Jetty, and make sure all works as expected.
When running command-line utilities such as
reload-service, you'll need to explicitly specify the loopback URL on the command line. For example: