Question: is there a way to command Jetty (in embedded mode) to open an https port?

[mrovnanik]

I can run java -jar moqui.war --port=8181 command and force the container to communicate http on 8181.

But is there a way I can do the same with https port? Something similar to the times, when Winstone was used (screenshot from MakingAppsWithMoqui):

I keep getting this error: "Screen at location [component://webroot/screen/webroot.xml], which is part of [[error, NotFound]] under screen [component://webroot/screen/webroot.xml] requires an encrypted/secure connection but the request is not secure, sending redirect to secure."

[jonesde]

With the change to use Jetty embedded instead of Winstone this is no longer an option. The embedded servlet container is mainly for convenience in development and testing, while deploying the WAR file in an external servlet container is generally best for production (Winstone is really not meant for production, though is fine for small deployments).

The main reasons to use Jetty instead of Winstone were to use a newer version of the Servlet API than Winstone supports, and to get features like web sockets (server side) that are needed in a dev environment and that aren't available for Winstone.

While I wouldn't recommend running this way in production you can if you are proxying through httpd or nginx and SSL termination is there. If your configuration is correct it will add an HTTP header so that Jetty (similarly for Tomcat, etc) knows that the original request was over HTTPS even though it was terminated before the request was forwarded to the servlet container (this is common for higher end load balancers too, SSL termination is done there instead of in the Java servlet container).

I have considered adding support for Jetty configuration in files instead of command line parameters to support a wider range of options for embedded Jetty, but Jetty configurations are complex and spread across potentially dozens of files so this isn't easy... and not sure it's useful anyway.

[jonesde]

BTW, issues on GitHub are really for bugs and new features and such, not for questions. LinkedIn or StackOverflow are better for those (or even the Google Group mailing list, though not many people are subscribed there).

BTW2, there is a reason the book refers to the version of Moqui it was written for... even 2 years ago when I wrote it I new things would change substantially over time, and they have. At some point I will update the book, but it is not a simple thing to do, at least 100 hours to do even a decent job of updating it and adding some of the main new features, could be easily double that to document most of what has been added since then. Unless I find a sponsor or a great contract or two to free up some time this isn't likely to happen in the foreseeable future.

[mrovnanik]

I am forwarding protocol "https" from httpd to jetty (moqui), but I keep receiveing "requires an encrypted/secure connection but the request is not secure, sending redirect to secure". But thanks for the info anyway, I moved a step further.

[jonesde]

There may be more Jetty configuration required to handle a proxy server where SSL is terminated (for example see http://www.eclipse.org/jetty/documentation/9.4.x/configuring-connectors.html and related documentation to handle other x-forwarded-* headers). Again for more complex deployments you should run Jetty or Tomcat externally with the Moqui WAR added as a webapp as opposed to running the embedded Jetty server which is meant for dev and certain types of testing.

[mrovnanik]

OK, I will stick to your recommedations. Thanks for counselling.

[mrovnanik]

For those searching for result - the configuration (in yellow) is what needs to be added to Jetty.xml (main configuration file). And of course, the "x-forwarded header" in Apache configuration. David will hopefully excuse me for using this forum for other than planned purpose.

https://github.com/eclipse/jetty.project/blob/jetty-9.2.6.v20141205/jetty-server/src/main/config/etc/jetty.xml#L90-L94

[jonesde]

Thank you, good to have here for history/reference for others looking at the same issue.