启用http-forwarded模块,执行如下命令:
java -jar $JETTY_HOME/start.jar --add-modules=http-forwarded
命令的输出,如下:
INFO : http-forwarded initialized in ${jetty.base}/start.d/http-forwarded.ini
INFO : Base directory was modified
http-forwarded模块的配置文件$JETTY_BASE/start.d/http-forwarded.ini,内容如下:
# ---------------------------------------
# Module: http-forwarded
# Enables processing of the "Forwarded" HTTP header (and its predecessors "X-Forwarded-*" HTTP headers).
# The "Forwarded" HTTP header is added by intermediaries to provide information about the clients.
# ---------------------------------------
--modules=http-forwarded
### ForwardedRequestCustomizer Configuration
## Whether to process only the RFC7239 "Forwarded" header.
## "X-Forwarded-*" headers are not processed.
# jetty.httpConfig.forwardedOnly=false
## Whether the address obtained from "Forwarded: by=" or
## "X-Forwarded-Server" is used in the request authority.
# jetty.httpConfig.forwardedProxyAsAuthority=false
## Whether the "X-Forwarded-Port" header is used in the request authority,
## or else it is the remote client port.
# jetty.httpConfig.forwardedPortAsAuthority=true
## The name of the RFC 7239 HTTP header.
# jetty.httpConfig.forwardedHeader=Forwarded
## The name of the obsolete forwarded host HTTP header.
# jetty.httpConfig.forwardedHostHeader=X-Forwarded-Host
## The name of the obsolete forwarded server HTTP header.
# jetty.httpConfig.forwardedServerHeader=X-Forwarded-Server
## The name of the obsolete forwarded scheme HTTP header.
# jetty.httpConfig.forwardedProtoHeader=X-Forwarded-Proto
## The name of the obsolete forwarded for HTTP header.
# jetty.httpConfig.forwardedForHeader=X-Forwarded-For
## The name of the obsolete forwarded port HTTP header.
# jetty.httpConfig.forwardedPortHeader=X-Forwarded-Port
## The name of the obsolete forwarded https HTTP header.
# jetty.httpConfig.forwardedHttpsHeader=X-Proxied-Https
## The name of the obsolete forwarded SSL session ID HTTP header.
# jetty.httpConfig.forwardedSslSessionIdHeader=Proxy-ssl-id
## The name of the obsolete forwarded SSL cipher HTTP header.
# jetty.httpConfig.forwardedCipherSuiteHeader=Proxy-auth-cert
各参数的说明,如下:
jetty.httpConfig.forwardedOnly
是否仅处理标准的转发头部,跳过对非标扩展比如HTTP头部X-Forwarded-*的处理。
默认值为false,即兼容非标HTTP头部X-Forwarded-*。
转发场景下的标准HTTP头部,可参考RFC文档Forwarded HTTP Extension。jetty.httpConfig.forwardedProxyAsAuthority
从请求头部X-Forwarded-Server或者Forwarded: by=中得到的主机信息,是否参与认证。默认值为false。jetty.httpConfig.forwardedPortAsAuthority
从请求头部X-Forwarded-Port获取到的端口信息,是否参与认证。默认值为true。jetty.httpConfig.forwardedHeader
RFC文档Forwarded HTTP Extension中定义的转发头部,取值为Forwarded。jetty.httpConfig.forwardedHostHeader
转发场景下的非标HTTP头部,取值为X-Forwarded-Host。jetty.httpConfig.forwardedServerHeader
转发场景下的非标HTTP头部,取值为X-Forwarded-Server。jetty.httpConfig.forwardedProtoHeader
转发场景下的非标HTTP头部,取值为X-Forwarded-Proto。jetty.httpConfig.forwardedForHeader
转发场景下的非标HTTP头部,取值为X-Forwarded-For。jetty.httpConfig.forwardedPortHeader
转发场景下的非标HTTP头部,取值为X-Forwarded-Port。jetty.httpConfig.forwardedHttpsHeader
转发场景下的非标HTTP头部,默认值为X-Proxied-Https。jetty.httpConfig.forwardedSslSessionIdHeader
默认值为Proxy-ssl-id。
参考代理和路由选择 URL中关于Client SSL Session ID Forwarding的说明,如下:默认 HTTP 标头称为 Proxy-ssl-id,但可以使用您选择的任何标头发送客户机的 SSL/TLS 会话 ID。
jetty.httpConfig.forwardedCipherSuiteHeader
默认值为Proxy-auth-cert。
参考代理和路由选择 URL中关于Client SSL/TLS Certificate Forwarding的说明,如下:默认 HTTP 标头称为 Proxy-auth-cert,但可以使用您选择的任何标头发送客户机的 SSL/TLS 证书。