| <html><head> |
| <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> |
| <title>Chapter 6. Configuring Jetty Connectors</title><link rel="stylesheet" type="text/css" href="css/docbook.css"><meta name="generator" content="DocBook XSL Stylesheets V1.79.1"><meta name="keywords" content="jetty, servlet, servlet-api, cometd, http, websocket, eclipse, maven, java, server, software"><link rel="home" href="index.html" title="Jetty"><link rel="up" href="jetty-config-guide.html" title="Part II. Jetty Configuration Guide"><link rel="prev" href="setting-form-size.html" title="Setting Max Form Size"><link rel="next" href="configuring-ssl.html" title="Configuring SSL/TLS"><link xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" rel="shortcut icon" href="images/favicon.ico"><link rel="stylesheet" href="css/highlighter/foundation.css"><script src="js/highlight.pack.js"></script><script> |
| hljs.initHighlightingOnLoad(); |
| </script><link type="text/css" rel="stylesheet" href="css/font-awesome/font-awesome.min.css"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><table xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><tr><td style="width: 25%"><a href="http://www.eclipse.org/jetty"><img src="images/jetty-header-logo.png" alt="Jetty Logo"></a><br><span style="font-size: small"> |
| Version: 9.3.28.v20191105</span></td><td style="width: 50%"></td></tr></table><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 6. Configuring Jetty Connectors</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="setting-form-size.html"><i class="fa fa-chevron-left" aria-hidden="true"></i> Previous</a> </td><th width="60%" align="center">Part II. Jetty Configuration Guide<br><a accesskey="p" href="index.html"><i class="fa fa-home" aria-hidden="true"></i> Home</a></th><td width="20%" align="right"> <a accesskey="n" href="configuring-ssl.html">Next <i class="fa fa-chevron-right" aria-hidden="true"></i></a></td></tr></table><hr></div><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="jetty-callout"><h5 class="callout"><a href="http://www.webtide.com/">Contact the core Jetty developers at |
| <span class="website">www.webtide.com</span></a></h5><p> |
| private support for your internal/customer projects ... custom extensions and distributions ... versioned snapshots for indefinite support ... |
| scalability guidance for your apps and Ajax/Comet projects ... development services for sponsored feature development |
| </p></div><div class="chapter"><div class="titlepage"><div><div><h2 class="title"><a name="configuring-connectors"></a>Chapter 6. Configuring Jetty Connectors</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl class="toc"><dt><span class="section"><a href="configuring-connectors.html#jetty-connectors">Connector Configuration Overview</a></span></dt><dt><span class="section"><a href="configuring-ssl.html">Configuring SSL/TLS</a></span></dt><dt><span class="section"><a href="setting-port80-access.html">Setting Port 80 Access for a Non-Root User</a></span></dt></dl></div><p>This chapter discusses various options for configuring Jetty connectors.</p><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="jetty-connectors"></a>Connector Configuration Overview</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="configuring-connectors.html#_constructing_a_serverconnector">Constructing a ServerConnector</a></span></dt><dt><span class="section"><a href="configuring-connectors.html#jetty-connectors-network-settings">Network Settings.</a></span></dt><dt><span class="section"><a href="configuring-connectors.html#jetty-connectors-http-configuration">HTTP Configuration</a></span></dt><dt><span class="section"><a href="configuring-connectors.html#_ssl_context_configuration">SSL Context Configuration</a></span></dt><dt><span class="section"><a href="configuring-connectors.html#_proxy_load_balancer_connection_configuration">Proxy / Load Balancer Connection Configuration</a></span></dt></dl></div><p>Connectors are the mechanism through which Jetty accepts network connections for various protocols. |
| Configuring a connector is a combination of configuring the following:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">Network parameters on the connector itself (for example: the listening port).</li><li class="listitem">Services the connector uses (for example: executors, schedulers).</li><li class="listitem">Connection factories that instantiate and configure the protocol for an accepted connection.</li></ul></div><p>Jetty primarily uses a single connector type called <a class="link" href="http://www.eclipse.org/jetty/javadoc/9.3.28.v20191105/org/eclipse/jetty/server/ServerConnector.html" target="_top">ServerConnector</a>.</p><div class="blockquote"><blockquote class="blockquote"><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title"><i class="fa fa-asterisk" aria-hidden="true"></i> Note</h3><p>Prior to Jetty 9, the type of the connector specified both the protocol and the implementation used; for example, selector-based non blocking I/O vs blocking I/O, or SSL connector vs non-SSL connector. |
| Jetty 9 has a single selector-based non-blocking I/O connector, and a collection of <a class="link" href="http://www.eclipse.org/jetty/javadoc/9.3.28.v20191105/org/eclipse/jetty/server/ConnectionFactory.html" target="_top"><code class="literal">ConnectionFactories</code></a> now configure the protocol on the connector.</p></div></blockquote></div><p>The standard Jetty distribution comes with the following Jetty XML files that create and configure connectors; you should examine them as you read this section:</p><div class="variablelist"><dl class="variablelist"><dt><span class="term"><a class="link" href="https://github.com/eclipse/jetty.project/tree/jetty-9.3.x/jetty-server/src/main/config/etc/jetty-http.xml" target="_top"><code class="literal">jetty-http.xml</code></a></span></dt><dd>Instantiates a <a class="link" href="http://www.eclipse.org/jetty/javadoc/9.3.28.v20191105/org/eclipse/jetty/server/ServerConnector.html" target="_top"><code class="literal">ServerConnector</code></a> that accepts HTTP connections (that may be upgraded to WebSocket connections).</dd><dt><span class="term"><a class="link" href="https://github.com/eclipse/jetty.project/tree/jetty-9.3.x/jetty-server/src/main/config/etc/jetty-ssl.xml" target="_top"><code class="literal">jetty-ssl.xml</code></a></span></dt><dd>Instantiates a <a class="link" href="http://www.eclipse.org/jetty/javadoc/9.3.28.v20191105/org/eclipse/jetty/server/ServerConnector.html" target="_top"><code class="literal">ServerConnector</code></a> that accepts SSL/TLS connections. |
| On it’s own, this connector is not functional and requires one or more of the following files to also be configured to add <a class="link" href="http://www.eclipse.org/jetty/javadoc/9.3.28.v20191105/org/eclipse/jetty/server/ConnectionFactory.html" target="_top"><code class="literal">ConnectionFactories</code></a> to make the connector functional.</dd><dt><span class="term"><a class="link" href="https://github.com/eclipse/jetty.project/tree/jetty-9.3.x/jetty-server/src/main/config/etc/jetty-https.xml" target="_top"><code class="literal">jetty-https.xml</code></a></span></dt><dd>Adds a <a class="link" href="http://www.eclipse.org/jetty/javadoc/9.3.28.v20191105/org/eclipse/jetty/server/HttpConnectionFactory.html" target="_top"><code class="literal">HttpConnectionFactory</code></a> to the <a class="link" href="http://www.eclipse.org/jetty/javadoc/9.3.28.v20191105/org/eclipse/jetty/server/ServerConnector.html" target="_top"><code class="literal">ServerConnector</code></a> configured by <code class="literal">jetty-ssl.xml</code> which combine to provide support for HTTPS.</dd><dt><span class="term"><a class="link" href="https://github.com/eclipse/jetty.project/tree/jetty-9.3.x/jetty-http2/http2-server/src/main/config/etc/jetty-http2.xml" target="_top"><code class="literal">jetty-http2.xml</code></a></span></dt><dd>Adds a <a class="link" href="http://www.eclipse.org/jetty/javadoc/9.3.28.v20191105/org/eclipse/jetty/http2/server/HTTP2ServerConnectionFactory.html" target="_top"><code class="literal">Http2ServerConnectionFactory</code></a> to the <a class="link" href="http://www.eclipse.org/jetty/javadoc/9.3.28.v20191105/org/eclipse/jetty/server/ServerConnector.html" target="_top"><code class="literal">ServerConnector</code></a> configured by <code class="literal">jetty-ssl.xml</code> to support the http2 protocol.</dd><dt><span class="term"><a class="link" href="https://github.com/eclipse/jetty.project/tree/jetty-9.3.x/jetty-alpn/jetty-alpn-server/src/main/config/etc/jetty-alpn.xml" target="_top"><code class="literal">jetty-alpn.xml</code></a></span></dt><dd>Adds an <a class="link" href="http://www.eclipse.org/jetty/javadoc/9.3.28.v20191105/org/eclipse/jetty/alpn/server/ALPNServerConnectionFactory.html" target="_top"><code class="literal">ALPNServerConnectionFactory</code></a> to the <a class="link" href="http://www.eclipse.org/jetty/javadoc/9.3.28.v20191105/org/eclipse/jetty/server/ServerConnector.html" target="_top"><code class="literal">ServerConnector</code></a> configured by <code class="literal">jetty-ssl.xml</code> which allows the one SSL connector to support multiple protocols with the ALPN extension used to select the protocol to be used for each connection.</dd></dl></div><p>Typically connectors require very little configuration aside from setting the listening port (see <a class="link" href="configuring-connectors.html#jetty-connectors-network-settings" title="Network Settings.">Network Settings</a>), and enabling <code class="literal">X-Forwarded-For</code> customization when applicable. (see <a class="link" href="configuring-connectors.html#jetty-connectors-http-configuration" title="HTTP Configuration">HTTP Configuration</a>). |
| Additional settings are for expert configuration only.</p><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="_constructing_a_serverconnector"></a>Constructing a ServerConnector</h3></div></div></div><p>The services a <a class="link" href="http://www.eclipse.org/jetty/javadoc/9.3.28.v20191105/org/eclipse/jetty/server/ServerConnector.html" target="_top"><code class="literal">ServerConnector</code></a> instance uses are set by constructor injection and once instantiated cannot be changed. |
| Many of the services may be defaulted with null or 0 values so that a reasonable default is used, thus for most purposes only the Server and the connection factories need to be passed to the connector constructor. In Jetty XML (that is, in <a class="link" href="/Users/joakim/Code/Jetty/jetty.project-9.3.x/jetty-documentation/../jetty-server/src/main/config/etc/jetty-http.xml" target="_top"><code class="literal">jetty-http.xml</code></a>) you can do this by:</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code><New class="org.eclipse.jetty.server.ServerConnector"> |
| <Arg name="server"><Ref refid="Server" /></Arg> |
| <Arg name="factories"> |
| <Array type="org.eclipse.jetty.server.ConnectionFactory"> |
| <!-- insert one or more factories here --> |
| </Array> |
| </Arg> |
| <!-- set connector fields here --> |
| </New></code></pre><p>You can see the other arguments that can be passed when constructing a <code class="literal">ServerConnector</code> in the <a class="link" href="http://www.eclipse.org/jetty/javadoc/9.3.28.v20191105/org/eclipse/jetty/server/ServerConnector.html#ServerConnector%28org.eclipse.jetty.server.Server,%20java.util.concurrent.Executor,%20org.eclipse.jetty.util.thread.Scheduler,%20org.eclipse.jetty.io.ByteBufferPool,%20int,%20int,%20org.eclipse.jetty.server.ConnectionFactory%E2%80%A6%E2%80%8B%29" target="_top">Javadoc</a>. |
| Typically the defaults are sufficient for almost all deployments.</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="jetty-connectors-network-settings"></a>Network Settings.</h3></div></div></div><p>You configure connector network settings by calling setters on the connector before it is started. |
| For example, you can set the port with the Jetty XML:</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code><New class="org.eclipse.jetty.server.ServerConnector"> |
| <Arg name="server"><Ref refid="Server" /></Arg> |
| <Arg name="factories"><!-- insert one or more factories here --></Arg> |
| |
| <Set name="port">8080</Set> |
| </New></code></pre><p>Values in Jetty XML can also be parameterized so that they may be passed from property files or set on the command line. |
| Thus typically the port is set within Jetty XML, but uses the <code class="literal">Property</code> element to be customizable:</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code><New class="org.eclipse.jetty.server.ServerConnector"> |
| <Arg name="server"><Ref refid="Server" /></Arg> |
| <Arg name="factories"><!-- insert one or more factories here --></Arg> |
| |
| <Set name="port"><Property name="jetty.http.port" default="8080"/></Set> |
| </New></code></pre><p>The network settings that you can set on the <a class="link" href="http://www.eclipse.org/jetty/javadoc/9.3.28.v20191105/org/eclipse/jetty/server/ServerConnector.html" target="_top"><code class="literal">ServerConnector</code></a> include:</p><div class="table"><a name="d0e4715"></a><p class="title"><b>Table 6.1. Connector Configuration</b></p><div class="table-contents"><table class="table" summary="Connector Configuration" border="1" width="100%"><colgroup><col class="col_1"><col class="col_2"></colgroup><thead><tr><th align="left" valign="top">Field</th><th align="left" valign="top">Description</th></tr></thead><tbody><tr><td align="left" valign="top"><p>host</p></td><td align="left" valign="top"><p>The network interface this connector binds to as an IP address or a hostname. |
| If null or 0.0.0.0, bind to all interfaces.</p></td></tr><tr><td align="left" valign="top"><p>port</p></td><td align="left" valign="top"><p>The configured port for the connector or 0 a random available port may be used (selected port available via <code class="literal">getLocalPort()</code>).</p></td></tr><tr><td align="left" valign="top"><p>idleTimeout</p></td><td align="left" valign="top"><p>The time in milliseconds that the connection can be idle before it is closed.</p></td></tr><tr><td align="left" valign="top"><p>defaultProtocol</p></td><td align="left" valign="top"><p>The name of the default protocol used to select a <code class="literal">ConnectionFactory</code> instance. This defaults to the first <code class="literal">ConnectionFactory</code> added to the connector.</p></td></tr><tr><td align="left" valign="top"><p>stopTimeout</p></td><td align="left" valign="top"><p>The time in milliseconds to wait before gently stopping a connector.</p></td></tr><tr><td align="left" valign="top"><p>acceptQueueSize</p></td><td align="left" valign="top"><p>The size of the pending connection backlog. |
| The exact interpretation is JVM and operating system specific and you can ignore it. |
| Higher values allow more connections to wait pending an acceptor thread. |
| Because the exact interpretation is deployment dependent, it is best to keep this value as the default unless there is a specific connection issue for a specific OS that you need to address.</p></td></tr><tr><td align="left" valign="top"><p>reuseAddress</p></td><td align="left" valign="top"><p>Allow the server socket to be rebound even if in <a class="link" href="http://www.ssfnet.org/Exchange/tcp/tcpTutorialNotes.html" target="_top">TIME_WAIT</a>. |
| For servers it is typically OK to leave this as the default true.</p></td></tr><tr><td align="left" valign="top"><p>soLingerTime</p></td><td align="left" valign="top"><p>A value greater than zero sets the socket <a class="link" href="http://stackoverflow.com/questions/3757289/tcp-option-so-linger-zero-when-its-required" target="_top">SO_LINGER</a> value in milliseconds. |
| Jetty attempts to gently close all TCP/IP connections with proper half close semantics, so a linger timeout should not be required and thus the default is -1.</p></td></tr></tbody></table></div></div><br class="table-break"></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="jetty-connectors-http-configuration"></a>HTTP Configuration</h3></div></div></div><p>The <a class="link" href="http://www.eclipse.org/jetty/javadoc/9.3.28.v20191105/org/eclipse/jetty/server/HttpConfiguration.html" target="_top">HttpConfiguration</a> class holds the configuration for <a class="link" href="http://www.eclipse.org/jetty/javadoc/9.3.28.v20191105/org/eclipse/jetty/server/HttpChannel.html" target="_top"><code class="literal">HTTPChannel</code></a>s, which you can create 1:1 with each HTTP connection or 1:n on a multiplexed HTTP/2 connection. |
| Thus a <code class="literal">HTTPConfiguration</code> object is injected into both the HTTP and HTTP/2 connection factories. |
| To avoid duplicate configuration, the standard Jetty distribution creates the common <code class="literal">HttpConfiguration</code> instance in <a class="link" href="/Users/joakim/Code/Jetty/jetty.project-9.3.x/jetty-documentation/../jetty-server/src/main/config/etc/jetty.xml" target="_top"><code class="literal">jetty.xml</code></a>, which is a <code class="literal">Ref</code> element then used in <a class="link" href="/Users/joakim/Code/Jetty/jetty.project-9.3.x/jetty-documentation/../jetty-server/src/main/config/etc/jetty-http.xml" target="_top"><code class="literal">jetty-http.xml</code></a>, <a class="link" href="/Users/joakim/Code/Jetty/jetty.project-9.3.x/jetty-documentation/../jetty-server/src/main/config/etc/jetty-https.xml" target="_top"><code class="literal">jetty-https.xml</code></a> and in <a class="link" href="/Users/joakim/Code/Jetty/jetty.project-9.3.x/jetty-documentation/../jetty-http2/http2-server/src/main/config/etc/jetty-http2.xml" target="_top"><code class="literal">jetty-http2.xml</code></a>.</p><p>A typical configuration of <a class="link" href="http://www.eclipse.org/jetty/javadoc/9.3.28.v20191105/org/eclipse/jetty/server/HttpConfiguration.html" target="_top">HttpConfiguration</a> is:</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code><New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration"> |
| <Set name="secureScheme">https</Set> |
| <Set name="securePort"><Property name="jetty.ssl.port" default="8443" /></Set> |
| <Set name="outputBufferSize">32768</Set> |
| <Set name="requestHeaderSize">8192</Set> |
| <Set name="responseHeaderSize">8192</Set> |
| </New></code></pre><p>This example HttpConfiguration may be used by reference to the ID "<code class="literal">httpConfig</code>":</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code><Call name="addConnector"> |
| <Arg> |
| <New class="org.eclipse.jetty.server.ServerConnector"> |
| <Arg name="server"><Ref refid="Server" /></Arg> |
| <Arg name="factories"> |
| <Array type="org.eclipse.jetty.server.ConnectionFactory"> |
| <Item> |
| <New class="org.eclipse.jetty.server.HttpConnectionFactory"> |
| <Arg name="config"><Ref refid="httpConfig" /></Arg> |
| </New> |
| </Item> |
| </Array> |
| </Arg> |
| <!-- ... --> |
| </New> |
| </Arg> |
| </Call></code></pre><p>For SSL based connectors (in <code class="literal">jetty-https.xml</code> and <code class="literal">jetty-http2.xml</code>), the common "<code class="literal">httpConfig</code>" instance is used as the basis to create an SSL specific configuration with ID "<code class="literal">sslHttpConfig</code>":</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code><New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration"> |
| <Arg><Ref refid="httpConfig"/></Arg> |
| <Call name="addCustomizer"> |
| <Arg><New class="org.eclipse.jetty.server.SecureRequestCustomizer"/></Arg> |
| </Call> |
| </New></code></pre><p>This adds a <code class="literal">SecureRequestCustomizer</code> which adds SSL Session IDs and certificate information as request attributes.</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="_ssl_context_configuration"></a>SSL Context Configuration</h3></div></div></div><p>The SSL/TLS connectors for HTTPS and HTTP/2 require a certificate to establish a secure connection. |
| Jetty holds certificates in standard JVM keystores and are configured as keystore and truststores on a <a class="link" href="http://www.eclipse.org/jetty/javadoc/9.3.28.v20191105/org/eclipse/jetty/util/ssl/SslContextFactory.html" target="_top"><code class="literal">SslContextFactory</code></a> instance that is injected into an <a class="link" href="http://www.eclipse.org/jetty/javadoc/9.3.28.v20191105/org/eclipse/jetty/server/SslConnectionFactory.html" target="_top"><code class="literal">SslConnectionFactory</code></a> instance. |
| An example using the keystore distributed with Jetty (containing a self signed test certificate) is in <a class="link" href="/Users/joakim/Code/Jetty/jetty.project-9.3.x/jetty-documentation/../jetty-server/src/main/config/etc/jetty-https.xml" target="_top"><code class="literal">jetty-https.xml</code></a>. |
| Read more about SSL keystores in <a class="link" href="configuring-ssl.html" title="Configuring SSL/TLS">Configuring SSL</a>.</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="_proxy_load_balancer_connection_configuration"></a>Proxy / Load Balancer Connection Configuration</h3></div></div></div><p>Often a Connector needs to be configured to accept connections from an intermediary such as a Reverse Proxy and/or Load Balancer deployed in front of the server. |
| In such environments, the TCP/IP connection terminating on the server does not originate from the client, but from the intermediary, so that the Remote IP and port number can be reported incorrectly in logs and in some circumstances the incorrect server address and port may be used.</p><p>Thus Intermediaries typically implement one of several de facto standards to communicate to the server information about the orginal client connection terminating on the intermediary. |
| Jetty supports the <code class="literal">X-Forwarded-For</code> header and the <a class="link" href="http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt" target="_top">Proxy Protocol</a> mechanisms as described below.</p><div class="blockquote"><blockquote class="blockquote"><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title"><i class="fa fa-asterisk" aria-hidden="true"></i> Note</h3><p>The XML files in the Jetty distribution contain commented out examples of both the <code class="literal">X-Forwarded-For</code> and <a class="link" href="http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt" target="_top">Proxy Protocol</a> mechanisms. |
| When using those examples, it is recommended that the XML in the Jetty distribution is not edited. |
| Rather the files should be copied into a Jetty base directory and then modified.</p></div></blockquote></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a name="_x_forward_for_configuration"></a>X-Forward-for Configuration</h4></div></div></div><p>The <code class="literal">X-Forwarded-for</code> header and associated headers are a de facto standard where intermediaries add HTTP headers to each request they forward to describe the originating connection. |
| These headers can be interpreted by an instance of <a class="link" href="http://www.eclipse.org/jetty/javadoc/9.3.28.v20191105/org/eclipse/jetty/server/ForwardedRequestCustomizer.html" target="_top"><code class="literal">ForwardedRequestCustomizer</code></a> which can be added to a <code class="literal">HttpConfiguration</code> as follows:</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code><New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration"> |
| <Set name="outputBufferSize">32768</Set> |
| <Set name="requestHeaderSize">8192</Set> |
| <Set name="responseHeaderSize">8192</Set> |
| |
| <Call name="addCustomizer"> |
| <Arg><New class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/></Arg> |
| </Call> |
| </New></code></pre></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a name="_proxy_protocol"></a>Proxy Protocol</h4></div></div></div><p>The <a class="link" href="http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt" target="_top">Proxy Protocol</a> is a de facto standard created by HAProxy and used by environments such as Amazon Elastic Cloud. |
| This mechanism is independent of any protocol, so it can be used for HTTP2, TLS etc. |
| The information about the client connection is sent as a small data frame on each newly established connection. |
| In Jetty, this protocol can be handled by the <a class="link" href="http://www.eclipse.org/jetty/javadoc/9.3.28.v20191105/org/eclipse/jetty/server/ProxyConnectionFactory.html" target="_top"><code class="literal">ProxyConnectionFactory</code></a> which parses the data frame and then instantiates the next <code class="literal">ConnectionFactory</code> on the connection with an end point that has been customized with the data obtained about the original client connection. |
| The connection factory can be added to any <a class="link" href="http://www.eclipse.org/jetty/javadoc/9.3.28.v20191105/org/eclipse/jetty/server/ServerConnector.html" target="_top"><code class="literal">ServerConnector</code></a> and should be the first <a class="link" href="http://www.eclipse.org/jetty/javadoc/9.3.28.v20191105/org/eclipse/jetty/server/ConnectionFactory.html" target="_top"><code class="literal">ConnectionFactory</code></a>.</p><p>An example of adding the factory to a HTTP connector is:</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code><Call name="addConnector"> |
| <Arg> |
| <New class="org.eclipse.jetty.server.ServerConnector"> |
| <Arg name="server"><Ref refid="Server" /></Arg> |
| <Arg name="factories"> |
| <Array type="org.eclipse.jetty.server.ConnectionFactory"> |
| <Item> |
| <New class="org.eclipse.jetty.server.ProxyConnectionFactory"/> |
| </Item> |
| <Item> |
| <New class="org.eclipse.jetty.server.HttpConnectionFactory"> |
| <Arg name="config"><Ref refid="httpConfig" /></Arg> |
| </New> |
| </Item> |
| </Array> |
| </Arg> |
| <Set name="host"><Property name="jetty.host" /></Set> |
| <Set name="port"><Property name="jetty.http.port" default="80" /></Set> |
| </New> |
| </Arg> |
| </Call></code></pre></div></div></div></div><script type="text/javascript"> |
| SyntaxHighlighter.all() |
| </script><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="setting-form-size.html"><i class="fa fa-chevron-left" aria-hidden="true"></i> Previous</a> </td><td width="20%" align="center"><a accesskey="u" href="jetty-config-guide.html"><i class="fa fa-chevron-up" aria-hidden="true"></i> Top</a></td><td width="40%" align="right"> <a accesskey="n" href="configuring-ssl.html">Next <i class="fa fa-chevron-right" aria-hidden="true"></i></a></td></tr><tr><td width="40%" align="left" valign="top">Setting Max Form Size </td><td width="20%" align="center"><a accesskey="h" href="index.html"><i class="fa fa-home" aria-hidden="true"></i> Home</a></td><td width="40%" align="right" valign="top"> Configuring SSL/TLS</td></tr></table></div><p xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><div class="jetty-callout"> |
| See an error or something missing? |
| <span class="callout"><a href="http://github.com/eclipse/jetty.project">Contribute to this documentation at |
| <span class="website"><i class="fa fa-github" aria-hidden="true"></i> Github!</span></a></span><span style="float: right"><i>(Generated: 2019-11-05)</i></span></div></p></body></html> |
