Enable the SSL in jetty web server
Enable the SSL in jetty web server
Operating system : Ubuntu 16.04.03
Jetty server :9.4.7
First enter the following command
java -jar start.jar –-add-to-startd=ssl
This command will make a directory in the jetty called start.d and also copy the file ssl.ini ,Copy the keystore from the modules/ssl/keystore to etc/ssl
We need to add the two lines in the ssl.ini /opt/Jetty_Ssl/start.d
Add this two lines end of the document
--module=ssl
--module=https
Find my ssl.ini file below
Goto modifying the editing on the start.ini
We need to enter the following line in start.ini in end of the document
jetty.ssl.port=8443
Find my start.ini file below
# ---------------------------------------
# Module: ssl
# Enables a TLS(SSL) Connector on the server.
# This may be used for HTTPS and/or HTTP2 by enabling
# the associated support modules.
# ---------------------------------------
--module=ssl
### TLS(SSL) Connector Configuration
## Connector host/address to bind to
jetty.ssl.host=0.0.0.0
## Connector port to listen on
#jetty.ssl.port=8443
## Connector idle timeout in milliseconds
jetty.ssl.idleTimeout=30000
## Connector socket linger time in seconds (-1 to disable)
# jetty.ssl.soLingerTime=-1
## Number of acceptors (-1 picks default based on number of cores)
# jetty.ssl.acceptors=-1
## Number of selectors (-1 picks default based on number of cores)
# jetty.ssl.selectors=-1
## ServerSocketChannel backlog (0 picks platform default)
# jetty.ssl.acceptorQueueSize=0
## Thread priority delta to give to acceptor threads
# jetty.ssl.acceptorPriorityDelta=0
## Preallocated producer threads (0 disables EatWhatYouKill scheduling)
# jetty.ssl.reservedThreads=-1
## Connect Timeout in milliseconds
# jetty.ssl.connectTimeout=15000
## Whether request host names are checked to match any SNI names
# jetty.ssl.sniHostCheck=true
## max age in seconds for a Strict-Transport-Security response header (default -1)
# jetty.ssl.stsMaxAgeSeconds=31536000
## include subdomain property in any Strict-Transport-Security header (default false)
# jetty.ssl.stsIncludeSubdomains=true
### SslContextFactory Configuration
## Note that OBF passwords are not secure, just protected from casual observation
## See http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html
## SSL JSSE Provider
# jetty.sslContext.provider=
## Keystore file path (relative to $jetty.base)
# jetty.sslContext.keyStorePath=etc/keystore
## Truststore file path (relative to $jetty.base)
# jetty.sslContext.trustStorePath=etc/keystore
## Keystore password
# jetty.sslContext.keyStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
## Keystore type and provider
# jetty.sslContext.keyStoreType=JKS
# jetty.sslContext.keyStoreProvider=
## KeyManager password
# jetty.sslContext.keyManagerPassword=OBF:1u2u1wml1z7s1z7a1wnl1u2g
## Truststore password
# jetty.sslContext.trustStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
## Truststore type and provider
# jetty.sslContext.trustStoreType=JKS
# jetty.sslContext.trustStoreProvider=
## whether client certificate authentication is required
# jetty.sslContext.needClientAuth=false
## Whether client certificate authentication is desired
# jetty.sslContext.wantClientAuth=false
## Whether cipher order is significant (since java 8 only)
# jetty.sslContext.useCipherSuitesOrder=true
## To configure Includes / Excludes for Cipher Suites or Protocols see tweak-ssl.xml example at
## https://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#configuring-sslcontextfactory-cipherSuites
## Set the size of the SslSession cache
# jetty.sslContext.sslSessionCacheSize=-1
## Set the timeout (in seconds) of the SslSession cache timeout
# jetty.sslContext.sslSessionTimeout=-1
## Allow SSL renegotiation
# jetty.sslContext.renegotiationAllowed=true
# jetty.sslContext.renegotiationLimit=5
## Connector port to listen on
jetty.ssl.port=8443
# Module: ssl
# Enables a TLS(SSL) Connector on the server.
# This may be used for HTTPS and/or HTTP2 by enabling
# the associated support modules.
# ---------------------------------------
--module=ssl
### TLS(SSL) Connector Configuration
## Connector host/address to bind to
jetty.ssl.host=0.0.0.0
## Connector port to listen on
#jetty.ssl.port=8443
## Connector idle timeout in milliseconds
jetty.ssl.idleTimeout=30000
## Connector socket linger time in seconds (-1 to disable)
# jetty.ssl.soLingerTime=-1
## Number of acceptors (-1 picks default based on number of cores)
# jetty.ssl.acceptors=-1
## Number of selectors (-1 picks default based on number of cores)
# jetty.ssl.selectors=-1
## ServerSocketChannel backlog (0 picks platform default)
# jetty.ssl.acceptorQueueSize=0
## Thread priority delta to give to acceptor threads
# jetty.ssl.acceptorPriorityDelta=0
## Preallocated producer threads (0 disables EatWhatYouKill scheduling)
# jetty.ssl.reservedThreads=-1
## Connect Timeout in milliseconds
# jetty.ssl.connectTimeout=15000
## Whether request host names are checked to match any SNI names
# jetty.ssl.sniHostCheck=true
## max age in seconds for a Strict-Transport-Security response header (default -1)
# jetty.ssl.stsMaxAgeSeconds=31536000
## include subdomain property in any Strict-Transport-Security header (default false)
# jetty.ssl.stsIncludeSubdomains=true
### SslContextFactory Configuration
## Note that OBF passwords are not secure, just protected from casual observation
## See http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html
## SSL JSSE Provider
# jetty.sslContext.provider=
## Keystore file path (relative to $jetty.base)
# jetty.sslContext.keyStorePath=etc/keystore
## Truststore file path (relative to $jetty.base)
# jetty.sslContext.trustStorePath=etc/keystore
## Keystore password
# jetty.sslContext.keyStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
## Keystore type and provider
# jetty.sslContext.keyStoreType=JKS
# jetty.sslContext.keyStoreProvider=
## KeyManager password
# jetty.sslContext.keyManagerPassword=OBF:1u2u1wml1z7s1z7a1wnl1u2g
## Truststore password
# jetty.sslContext.trustStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
## Truststore type and provider
# jetty.sslContext.trustStoreType=JKS
# jetty.sslContext.trustStoreProvider=
## whether client certificate authentication is required
# jetty.sslContext.needClientAuth=false
## Whether client certificate authentication is desired
# jetty.sslContext.wantClientAuth=false
## Whether cipher order is significant (since java 8 only)
# jetty.sslContext.useCipherSuitesOrder=true
## To configure Includes / Excludes for Cipher Suites or Protocols see tweak-ssl.xml example at
## https://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#configuring-sslcontextfactory-cipherSuites
## Set the size of the SslSession cache
# jetty.sslContext.sslSessionCacheSize=-1
## Set the timeout (in seconds) of the SslSession cache timeout
# jetty.sslContext.sslSessionTimeout=-1
## Allow SSL renegotiation
# jetty.sslContext.renegotiationAllowed=true
# jetty.sslContext.renegotiationLimit=5
## Connector port to listen on
jetty.ssl.port=8443
now you can check in your browser
Refer the video for the ssl configuration in jetty
Comments
Post a Comment