Jetty server running SPDY behind an Apache firewall

132 views Asked by At

I have an application at /mine running on a Jetty server that supports SPDY. It is sitting behind an Apache firewall that is being used as a proxy.

The application at /mine gets routed by the following config rules on Apache:

RewriteRule ^/mine$ /mine/ [R,L]
ProxyPass /code/ https://jettyserver:9443/mine/ nocanon
ProxyPassReverse /mine/ https://jettyserver:9443/mine/ nocanon

As a result, when I hit apache/mine/, my browser is not negotiating SPDY with my application.

Adding mod_spdy to the proxy would be the correct approach but I cannot currently do that with the Apache we are running.

Is there a way I can get this to work?

1

There are 1 answers

4
sbordet On BEST ANSWER

For that particular configuration you want to run, I am afraid there is no way to get it working with SPDY or HTTP/2.

Apache configured as a reverse proxy talks HTTP/1.1 to Jetty, so there is no way to get SPDY or HTTP/2 into the picture at all (considering you cannot make Apache talk SPDY).

However, there are a number of alternative solutions. Let's focus on HTTP/2 only because SPDY is now being phased out in favour of HTTP/2.

The first and simplest solution is just to remove Apache completely. You just expose Jetty as your server, and it will be able to speak HTTP/2 and HTTP/1.1 to browsers without problems. Jetty will handle TLS and then HTTP/2 or HTTP/1.1.

The second solution is to put HAProxy in the front, and have it forward to Jetty. HAProxy will handle TLS and forward clear-text HTTP/2 or HTTP/1.1 to Jetty.

The advantage of these two solutions is that you will benefit of the HTTP/2 support of Jetty, along with its HTTP/2 Push capabilities. Not only that, Jetty also gets you a wide range of Apache features such as rewriting, proxying, PHP/FastCGI support, etc. For most configurations, you don't need Apache because Jetty can do it.

The first solution has the advantage that you have to configure one server only (Jetty), but you will probably pay a little for TLS because the JDK implementation used by Jetty is not the most efficient around.

The second solution has the advantage that TLS will be done more efficiently by HAProxy, and you can run it more easily on port 80. However, you have to configure two servers (HAProxy and Jetty) instead of just one.

Have a look at the Jetty HTTP/2 documentation and at the Webtide blogs where we routinely add entries about HTTP/2, configurations and examples.