I've been trying to set up nginx as proxy to jetty. I want to do something as explained in this answer but for Jetty not ring.
I've created a .war and I placed it in ~/jetty/jetty-dist/webapps/web_test-0.1.0-SNAPSHOT-standalone.war
Say, I want to use the domain example.com with ip address 198.51.100.0.
I've also copied /etc/nginx/sites-available/default into the file example.com and I have it in the same directory.
Can you help me configure nginx as proxy to jetty in my case? I know there are many references online about how to do this but they are all different and I got confused.
What specific changes do I need to make in nginx? What changes do I need to make in jetty.xml? Do I need to make any other changes? Will my app be served at example.com/index.html?
Current state of nginx is copied below:
upstream jetty {
server 127.0.0.1:8080 fail_timeout=0
}
server {
listen 80 default_server;
#listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/html;
index index.html index.htm;
server_name localhost;
location / {
proxy_pass http://jetty
try_files $uri $uri/ =404;
}
EDIT
I was wondering if I need to use Jetty at all. In this setup he just uses ring, which seems super easy? What do I gain by using jetty?
How to configure nginx to work with a java server. In the example Jetty is used.
Edit /etc/nginx/sites-available/hostname:
server {
listen 80;
server_name hostname.com;
location / {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
}
Consider disabling external access to port 8080:
/sbin/iptables -A INPUT -p tcp -i eth0 --dport 8080 -j REJECT --reject-with tcp-reset
An example Jetty configuration (jetty.xml) might resemble:
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
<!--
| http://eclipse.org/jetty/documentation/current/configuring-connectors.html
+-->
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
<Set name="secureScheme">https</Set>
<Set name="securePort"><Property name="jetty.tls.port" default="8443" /></Set>
<Set name="outputBufferSize">65536</Set>
<Set name="requestHeaderSize">8192</Set>
<Set name="responseHeaderSize">8192</Set>
</New>
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ServerConnector">
<Arg name="server"><Ref refid="Server" /></Arg>
<Arg name="acceptors" type="int"><Property name="http.acceptors" default="-1"/></Arg>
<Arg name="selectors" type="int"><Property name="http.selectors" default="-1"/></Arg>
<Arg name="factories">
<Array type="org.eclipse.jetty.server.ConnectionFactory">
<Item>
<New class="org.eclipse.jetty.server.HttpConnectionFactory">
<Arg name="config"><Ref refid="httpConfig" /></Arg>
</New>
</Item>
</Array>
</Arg>
<Set name="host"><Property name="jetty.host" default="localhost" /></Set>
<Set name="port"><Property name="jetty.port" default="8080" /></Set>
</New>
</Arg>
</Call>
</Configure>
This will cause Jetty to listen on localhost:8080 and nginx to redirect requests from domain.com:80 to the Jetty server.
Related
I have a jax-rs service deployed in Karaf container v4.2.3 with jetty v9.4.12 and the service is deployed under /services context-path as shown in the picture.
I have managed to enable ssl client auth in Karaf Jetty but the problem is that it enables it globally which causes system console to become inaccessible.
Here is the config I used in org.ops4j.pax.web.cfg
org.osgi.service.http.enabled=false
org.osgi.service.http.secure.enabled=true
org.osgi.service.http.secure.enabled=true
org.osgi.service.http.port.secure=8443
org.ops4j.pax.web.ssl.keystore=./etc/keystores/server-keystore.p12
org.ops4j.pax.web.ssl.truststore=etc/keystores/server-truststore.p12
org.ops4j.pax.web.ssl.truststore.password=secret
org.ops4j.pax.web.ssl.key.password=secret
org.ops4j.pax.web.ssl.keystore.password=secret
org.ops4j.pax.web.ssl.clientauthneeded=true
Is it possible to have SSL client auth only for the /services path and leave system console on non-ssl (http) ?
Thanks a lot
You will need 2 ports or connectors configured. (one with SSL/TLS one without)
Then set the /services/* url-pattern to have a CONFIDENTIAL (servlet) constraint.
As an alternative to the default connectors, it is possible to configure additional connectors in the etc/jetty.xml configuration file.
The etc/jetty.xml is a standard Eclipse Jetty configuration file. The default Apache Karaf WebContainer etc/jetty.xml contains:
<!-- Use this connector for many frequently idle connections and for
threadless continuations. -->
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.nio.SelectChannelConnector">
<Set name="host">
<Property name="jetty.host" />
</Set>
<Set name="port">
<Property name="jetty.port" default="8181" />
</Set>
<Set name="maxIdleTime">300000</Set>
<Set name="Acceptors">2</Set>
<Set name="statsOn">false</Set>
<Set name="confidentialPort">8443</Set>
<Set name="lowResourcesConnections">20000</Set>
<Set name="lowResourcesMaxIdleTime">5000</Set>
</New>
</Arg>
</Call>
<!-- =========================================================== -->
<!-- Configure Authentication Realms -->
<!-- Realms may be configured for the entire server here, or -->
<!-- they can be configured for a specific web app in a context -->
<!-- =========================================================== -->
The SelectChannelConnector defines the default connector of the WebContainer.
This connector defines the 8181 port number for the HTTP protocol (port property), and the 8443 port number for the HTTPS protocol (confidentialPort property).
The following resources give you details about advanced etc/jetty.xml configurations:
http://wiki.eclipse.org/Jetty/Howto/Configure_SSL
I have configured SSL for Solr using following tutorial (https://lucene.apache.org/solr/guide/6_6/enabling-ssl.html) and it is accepting HTTPS connections. I want to open a separate port for HTTP now so that Solr can receive HTTP and HTTPS requests at the same time.
AFAIS Solr does not support both HTTP and HTTPS at the same time. You can only use one of them at a time.
Reference:
Check comment by Shalin in below post
here
Check last comment by Shawn in below post
here
In Jetty.XML,
Uncomment the connector for HTTPS
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<Arg>
<New class="org.eclipse.jetty.http.ssl.SslContextFactory">
<Set name="keyStore"><SystemProperty name="jetty.home" default="."/>/etc/solrtest.keystore</Set>
<Set name="keyStorePassword">secret</Set>
<Set name="needClientAuth"><SystemProperty name="jetty.ssl.clientAuth" default="false"/></Set>
</New>
</Arg>
<Set name="port"><SystemProperty name="jetty.ssl.port" default="8983"/></Set>
<Set name="maxIdleTime">30000</Set>
</New>
</Arg>
</Call>
I need to use https for jetty maven plugin.
I googled following answer
https://stackoverflow.com/a/3795116/2674303
But looks like this answer is not suitable for jetty-maven-plugin of 9 version.
idea complains about syntax
How to fix my problem?
Ok, since jetty-9.0 it is no longer possible to configure a https connector directly in the pom.xml: you need to use jetty xml config files to do it.
I am new to exchange ,so excuse my code copy/paste.
jetty.xml
<New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
<Set name="secureScheme">https</Set>
<Set name="securePort"><Property name="jetty.secure.port" default="8443" /></Set>
<Set name="outputBufferSize">32768</Set>
<Set name="requestHeaderSize">8192</Set>
<Set name="responseHeaderSize">8192</Set>
<Set name="sendServerVersion">true</Set>
<Set name="sendDateHeader">false</Set>
<Set name="headerCacheSize">512</Set>
<!-- Uncomment to enable handling of X-Forwarded- style headers
<Call name="addCustomizer">
<Arg><New class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/>
</Arg>
</Call>
-->
</New>
Look here, for whole bunch of xml's and if it is helpful please check my answer as correct
I am trying to run jetty in ssl mode with client authentication.
I pass keystore.But instead of passing truststore, i import my certificate into java/jre/lib/security/cacerts. please find the jetty.xml configuration
<Call class="java.lang.System" name="setProperty">
<Arg>javax.net.ssl.keyStore</Arg>
<Arg><SystemProperty name="jetty.home" default="." />/../workspace/conf/xyz.ks</Arg>
</Call>
<Call class="java.lang.System" name="setProperty">
<Arg>javax.net.ssl.keyStorePassword</Arg>
<Arg>abc</Arg>
</Call>
<Call class="java.lang.System" name="setProperty">
<Arg>javax.net.ssl.keyStoreType</Arg>
<Arg>JKS</Arg>
</Call>
Socketconnector
<Call name="addConnector">
<Arg>
<New class="org.mortbay.jetty.security.SslSocketConnector">
<Set name="Port"><SystemProperty name="port"/></Set>
<Set name="maxIdleTime">600000</Set>
<Set name="keystore"><SystemProperty name="javax.net.ssl.keyStore"/></Set>
<Set name="keyPassword"><SystemProperty name="javax.net.ssl.keyStorePassword"/></Set>
<!--Set name="truststore"><SystemProperty name="javax.net.ssl.trustStore"/></Set>
<Set name="trustPassword"><SystemProperty name="javax.net.ssl.trustStorePassword"/></Set-->
<Set name="needClientAuth">true</Set>
</New>
</Arg>
</Call>
Now when i hit the url https://localhost:1234/xyz?wsdl i get bad_certificate exception which is caused due to null cert chain.
i) can java cacerts be used to configure jetty?
ii) is it because of the webservice call because in the logs it is shown as the server is started.
I am using jetty 6 and cxf 2.6 webservice.
thanks,
Keerthi.
You should try hitting your URL from a browser, after adding your client certificate to your browser certificate store. By the way you will know if your error is due to server or client side misconfiguration.
I'm trying to define two data sources in my web application, using the jetty-env.xml file.
It works ok with just one data source, however I get this exception when the second data source is added:
java.lang.IllegalStateException: Nothing to bind for name javax.sql.DataSource/default
Here's my configuration:
jetty-env.xml
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
<New id="ds" class="org.eclipse.jetty.plus.jndi.Resource">
<Arg>jdbc/mybd1</Arg>
<Arg>
<New class="com.mchange.v2.c3p0.ComboPooledDataSource">
<Set name="driverClass">com.microsoft.sqlserver.jdbc.SQLServerDriver</Set>
<Set name="jdbcUrl">jdbc:jtds:sqlserver://url:1433/mybd1</Set>
<Set name="user">xx</Set>
<Set name="password">yy</Set>
</New>
</Arg>
</New>
<New id="ds2" class="org.eclipse.jetty.plus.jndi.Resource" >
<Arg>jdbc/mybd2</Arg>
<Arg>
<New class="com.mchange.v2.c3p0.ComboPooledDataSource">
<Set name="driverClass">com.microsoft.sqlserver.jdbc.SQLServerDriver</Set>
<Set name="jdbcUrl">jdbc:jtds:sqlserver://url:1433/mybd2</Set>
<Set name="user">xx</Set>
<Set name="password">yy</Set>
</New>
</Arg>
</New>
</Configure>
web.xml
<resource-ref>
<res-ref-name>jdbc/mybd1</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
<resource-ref>
<res-ref-name>jdbc/mybd2</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
hibernate.cfg.xml (there is another hibernate.cfb.xml to configure the second data source)
<session-factory>
<property name="connection.datasource">jdbc/mybd1</property>
<!-- ... -->
Any clue?
I haven't had a chance to test it, but it looks to me like your problem is that you're missing an <Arg /> for the scope.
Your DS should be:
<New id="ds" class="org.eclipse.jetty.plus.jndi.Resource">
<Arg></Arg>
<Arg>jdbc/mybd1</Arg>
<Arg>
<New class="com.mchange.v2.c3p0.ComboPooledDataSource">
etc.
That first "Arg" is the scope, and without it, the rest of your arguments are out of position, and are probably causing your issue.
The id parameter values should match in jetty-env.xml and web.xml
jetty-env.xml
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
<New id="DS1" class="org.eclipse.jetty.plus.jndi.Resource">...</New>
<New id="DS2" class="org.eclipse.jetty.plus.jndi.Resource">...</New>
</Configure>
web.xml
<resource-ref id="DS1">...</resource-ref>
<resource-ref id="DS2">...</resource-ref>
Try to enable logging in Jetty.
Be carefull logger name is "jndi".
Jetty developers don't use class-name as a logger-name for JNDI.
I spent 2 days to finding difference between name defined in web.xml and jetty-env.xml.
Take a look in :
https://www.eclipse.org/jetty/documentation/9.4.x/using-jetty-jndi.html
Deciding Where to Declare Resources
You can define naming resources in three places:
jetty.xml
Naming resources defined in a jetty.xml file are scoped at either the JVM level or the Server level.
The classes for the resource must be visible at the Jetty container level. If the classes for the resource only exist inside your webapp, you must declare it in a WEB-INF/jetty-env.xml file.
WEB-INF/jetty-env.xml
Naming resources in a WEB-INF/jetty-env.xml file are scoped to the web app in which the file resides. While you can enter JVM or Server scopes if you choose, we do not recommend doing so. The resources defined here may use classes from inside your webapp. This is a Jetty-specific mechanism.
Context xml file
Entries in a context xml file should be scoped at the level of the webapp to which they apply, although you can supply a less strict scoping level of Server or JVM if you choose. As with resources declared in a jetty.xml file, classes associated with the resource must be visible on the container’s classpath.
And put a file like this :
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://jetty.mortbay.org/configure.dtd">
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
<!-- Add an EnvEntry only valid for this webapp -->
<New id="gargle" class="org.eclipse.jetty.plus.jndi.EnvEntry">
<Arg>gargle</Arg>
<Arg type="java.lang.Double">100</Arg>
<Arg type="boolean">true</Arg>
</New>
<!-- Add an override for a global EnvEntry -->
<New id="wiggle" class="org.eclipse.jetty.plus.jndi.EnvEntry">
<Arg>wiggle</Arg>
<Arg type="java.lang.Double">55.0</Arg>
<Arg type="boolean">true</Arg>
</New>
<!-- an XADataSource -->
<New id="mydatasource99" class="org.eclipse.jetty.plus.jndi.Resource">
<Arg>jdbc/mydatasource99</Arg>
<Arg>
<New class="com.atomikos.jdbc.SimpleDataSourceBean">
<Set name="xaDataSourceClassName">org.apache.derby.jdbc.EmbeddedXADataSource</Set>
<Set name="xaDataSourceProperties">databaseName=testdb99;createDatabase=create</Set>
<Set name="UniqueResourceName">mydatasource99</Set>
</New>
</Arg>
</New>
</Configure>