I have Ubuntu 18.04 LTS and installed the repository Jetty: 9.4.15-1~18.04.1ubuntu1. I have managed to configure DNS and am able to read off of port 80 using AUTHBIND. But I am very confused about how to set up https. A lot of the confusion is probably because of difference between the Jetty documentation (which assumes installation via wget) and the way that Ubuntu/Jetty distribution is spread out over many different directories and implemented as a systemd service.
1) To create the keystore, I am using CertBot (a wrapper for Let's Encrypt), and AFAIK successfully created a PKCS12 file using the instructions at "Loading Keys and Certificates via PKCS12" (https://www.eclipse.org/jetty/documentation/9.4.x/configuring-ssl.html#loading-keys-and-certificates) The commands were: $ openssl pkcs12 -inkey jetty.key -in jetty.crt -export -out jetty.pkcs12$ keytool -importkeystore -srckeystore jetty.pkcs12 -srcstoretype PKCS12 -destkeystore keystore Now, I am not clear where to put the "keystore" file that I created. The documentation, a little ways below refers to the location $JETTY/etc/keystore. With Ubuntu 18.04, we have /etc/jetty9 file folder that holds start.ini, a start.d directory and many .xml files. Should the "keystore" file reside there? Further down, a reference is made to "Configuring the Jetty SslContextFactory", where there is mentioned a property(?) "setKeyStorePath" but no examples. Is this a reference to and edit to be made in the XML file jetty-https.xml, or is it to an edit to be made in https.ini? There is a warning note: "As a keystore is vital security information, it can be desirable to locate the file in a directory with very restricted access." The directory /etc/jetty9 is NOT particularly well protected. 2) I have tried to generate an https.ini file but am failing. Ubuntu repository's Jetty was automatically set up as a systemd service. The $JETTY_HOME is declared to be /usr/share/jetty9, and this directory contains a symlink to start.jar. The systemd configuration file does NOT declare a $JETTY_BASE. There is a reference to the directory /var/lib/jetty9, which holds the /webapps directory. But there is neither a start.ini file nor a start.d directory in this location. (Should there be?) In order to generate an https.ini, or have it added to start.ini, I have tried: /var/lib/jetty9$ java -jar /usr/share/jetty9/start.jar --add-to-start=https also /etc/jetty9$ jar -jar /usr/share/jetty9/start.jar --add-to-start=https But in both cases, I get the error message: ERROR : Unknown module='deploy'. List available with --list-modules I'm guessing this has to do with a reference to the "deploy" module in /etc/jetty9/start.ini (copied below): start.ini #------------------------------------------------------------------------------ # # Jetty Startup Configuration # # This file contains the default settings for Jetty and configures a basic # Servlet container with JSP and WebSocket enabled. Customized settings can # be added to .ini files in the /etc/jetty9/start.d directory to avoid # conflicts when updating the package. # #------------------------------------------------------------------------------ --module=deploy,http,jsp,jstl,websocket,ext,resources ## ## HTTP Connector Configuration ## # What host to listen on (leave commented to listen on all interfaces) #jetty.host=myhost.com # HTTP port to listen on # Enable authbind in /etc/default/jetty9 to use a port lower than 1024 jetty.port=80 # HTTP idle timeout in milliseconds http.timeout=30000 ## ## Server Threading Configuration ## # minimum number of threads threads.min=10 # maximum number of threads threads.max=200 # thread idle timeout in milliseconds threads.timeout=60000 The advice in the first comment in this start.ini confuses me. The jetty documentation clearly states one should NOT have both a start.ini and a start.d at the same time. Some assistance would be much appreciated. I'm wondering if I should just chuck the Ubuntu Jetty and load the current version via wget. At least then, the documentation would be better aligned. Thanks!
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
