If there is a reverse proxy used in front of the Weave server then additional configuration must be setup for Weave to tell it that there is a reverse proxy. This is so that Weave can process the various headers provided by the proxy to determine the information required about the actual user rather than the proxy server (IP Address, HTTP vs HTTPS, etc).
Jetty 9
The default installation of Weave includes the Jetty 9 Web Application Server and “running” Weave involves running Jetty and Jetty then runs the Weave application, weave.war
. So enabling reverse proxy support for a default Weave instance means enabling reverse proxy support for Jetty 9.
To enable reverse proxy support for Jetty 9 you should edit the file …\weave\jetty_base\etc\jetty.xml
and add the following lines to the httpConfig
item (before the closing </New>
tag).
<Call name="addCustomizer"> <Arg><New class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/></Arg> </Call>
e.g.
<New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration"> <Set name="secureScheme"><Property name="jetty.httpConfig.secureScheme" default="https" /></Set> <Set name="securePort"><Property name="jetty.httpConfig.securePort" deprecated="jetty.secure.port" default="8443" /></Set> <!-- more settings here that have been excluded for brevity --> <Set name="responseCookieCompliance"><Call class="org.eclipse.jetty.http.CookieCompliance" name="valueOf"><Arg><Property name="jetty.httpConfig.responseCookieCompliance" default="RFC6265"/></Arg></Call></Set> <Set name="multiPartFormDataCompliance"><Call class="org.eclipse.jetty.server.MultiPartFormDataCompliance" name="valueOf"><Arg><Property name="jetty.httpConfig.multiPartFormDataCompliance" default="RFC7578"/></Arg></Call></Set> <Call name="addCustomizer"> <Arg><New class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/></Arg> </Call> </New>
The Jetty forward request customizer relies upon the X-Forwarded-Host and X-Forwarded-Proto headers to be set correctly in the reverse proxy
Docker
When Weave is run as a Docker container it does the reverse of the default installation. Rather than running Weave within Jetty it runs Jetty within Weave (by including additional Jetty related plugins in the …\weave\platform\plugins
directory) and this configuration (out of the box) does not use the same configuration files used when running Weave embedded in Jetty. So to make it easier to perform the configuration of the embedded Jetty plugins to correctly parse the required reverse proxy headers, Weave provides a custom plugin to perform the required changes. Currently this has to be enabled manually by you but that may change in the future.
To configure Weave to enable the reverse proxy customizer you should set the system property org.eclipse.equinox.http.jetty.customizer.class
to the value com.cohga.jetty8.ReverseProxyCustomizer
(note jetty8 is correct, the embedded version of Jetty is Jetty 8, not Jetty 9).
Other
If you’re running Weave embedded within a different Web Application Server (i.e. not Jetty 9), you will have to examine the documentation for that Web Application Server to determine if/how it can be configured to correctly parse the proxy headers sent by the reverse proxy.