Search code examples
nginxjettyreverse-proxyiccube

iccube behind reverse proxy

I run icCube behind an nginx acting as a reverse proxy and force https requests. icCube as a backend server is then called through http. Requests received by jetty (icCube) are currently not https. I need a well formatted request URI scheme (containing https) as it is used for my SSO authentication made in a custom servlet filter installed in icCube.

I presume an issue with Jetty's configuration because as described in Jetty's document regarding forwarded request: https://www.eclipse.org/jetty/javadoc/9.4.8.v20171121/org/eclipse/jetty/server/ForwardedRequestCustomizer.html The reverse proxy (nginx) passes the following headers to jetty:

proxy_set_header   Host                             $host;
proxy_set_header   X-Forwarded-Host                 $host;
proxy_set_header   X-Forwarded-Server               $host;
proxy_set_header   X-Forwarded-For        $proxy_add_x_forwarded_for;
proxy_set_header   X-Real-IP                        $remote_addr;
proxy_set_header   X-Forwarded-Ssl                  on;
proxy_set_header   X-Proxied-Https                  on;
proxy_set_header   X-Forwarded-Proto                $scheme;

I've looked in the icCube configuration class handling the jetty configuration:

crazydev.iccube.server.http.IcCubeHttpComponentConfiguration

And nothing about forwarded requests. Jetty is shipped with default configuration files and one fits my needs: https://github.com/eclipse/jetty.project/blob/jetty-9.4.x/jetty-server/src/main/config/etc/jetty-http-forwarded.xml

How could I apply forwarding configuration ? Thanks in advance for your help.

Solution

  • Prior to icCube 6.8.5, there is no way to configure an instance of ForwardedRequestCustomizer.

    From icCube 6.8.5, the icCube.xml configuration file will contain a new entry for that purpose:

                <forwardedRequestConfiguration>
                <forwardedOnly>...</forwardedOnly>
                <proxyAsAuthority>...</proxyAsAuthority>
                <forwardedHeader>...</forwardedHeader>
                <forwardedHostHeader>...</forwardedHostHeader>
                <forwardedServerHeader>...</forwardedServerHeader>
                <forwardedProtoHeader>...</forwardedProtoHeader>
                <forwardedForHeader>...</forwardedForHeader>
                <forwardedHttpsHeader>...</forwardedHttpsHeader>
                <forwardedSslSessionIdHeader>...</forwardedSslSessionIdHeader>
                <forwardedCipherSuiteHeader>...</forwardedCipherSuiteHeader>
            </forwardedRequestConfiguration>