我在作为反向代理的nginx后面运行icCube,并强制https请求。icCube作为后端服务器,然后通过http进行调用。jetty(icCube(收到的请求当前不是https。我需要一个格式良好的请求URI方案(包含https(,因为它用于在icCube中安装的自定义servlet过滤器中进行SSO身份验证。
我认为Jetty的配置存在问题,因为正如Jetty关于转发请求的文件中所述:https://www.eclipse.org/jetty/javadoc/9.4.8.v20171121/org/eclipse/jetty/server/ForwardedRequestCustomizer.html反向代理(nginx(将以下标头传递给jetty:
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Proxied-Https on;
proxy_set_header X-Forwarded-Proto $scheme;
我在icCube配置类中查看了处理jetty配置:
crazydev.iccube.server.http.IcCubeHttpComponentConfiguration
没有转发请求。Jetty附带了默认配置文件,其中一个符合我的需求:https://github.com/eclipse/jetty.project/blob/jetty-9.4.x/jetty-server/src/main/config/etc/jetty-http-forwarded.xml
如何应用转发配置?提前感谢您的帮助。
在icCube 6.8.5之前,无法配置ForwardedRequestCustomizer的实例。
从icCube 6.8.5开始,icCube.xml配置文件将为此目的包含一个新条目:
<forwardedRequestConfiguration>
<forwardedOnly>...</forwardedOnly>
<proxyAsAuthority>...</proxyAsAuthority>
<forwardedHeader>...</forwardedHeader>
<forwardedHostHeader>...</forwardedHostHeader>
<forwardedServerHeader>...</forwardedServerHeader>
<forwardedProtoHeader>...</forwardedProtoHeader>
<forwardedForHeader>...</forwardedForHeader>
<forwardedHttpsHeader>...</forwardedHttpsHeader>
<forwardedSslSessionIdHeader>...</forwardedSslSessionIdHeader>
<forwardedCipherSuiteHeader>...</forwardedCipherSuiteHeader>
</forwardedRequestConfiguration>