Re: [jetty-users] ssl in Jetty 9.4.6

[Chris Walker <chris@xxxxxxxxxxx>]

Robert,

If you were already using {$jetty.base}/start.ini to define your modules then I would keep doing that. Using the {$jetty.base}/start.d directory has become our preferred method and the guides have started being updated to reflect this preference. I will update the section you referenced to better reflect this. More information on start.ini vs start.d can be found in our documentation on Managing Startup Modules.

As to your question about what to do next. First, I'd undo the renaming of the file and leave it as start.ini as it looks like that is what you had been using beforehand. After that you'll just need to adjust the configuration in the ssl section of that ini file to meet your needs. This is as easy as uncommenting the lines of the various configurations you will use and setting their values to reflect your environment, such as setting the jetty.sslContext.keyStorePath= to the location of your keystore or jetty.ssl.port= to define the port to listen for SSL connections on.

Best,

Chris

On Sun, Jun 18, 2017 at 4:35 PM, Bob Morris <morris.bob@xxxxxxxxx> wrote:

I updated 9.3.6.v20151106 to 9.4.6.v20170531 with no problems in my http services.  Then I set about adding SSL support following

https://www.eclipse.org/jetty/documentation/9.4.6.v20170531/configuring-ssl.html

I apparently had no difficulty adding self-issued certificates, but I have stubbed my to preparing to configuring ssl for jetty

I went to the section "Configuring SSL in Jetty Distribution" . With Jetty stopped I did

    java -jar /opt/jetty/jetty-distribution-9.4.6.v20170531/start.jar --add-to-start=ssl

which is ALMOST as expected, showed

  INFO  : server          transitively enabled, ini template available with --add-to-start=server

  INFO  : ssl             initialized in ${jetty.base}/start.ini

  MKDIR : ${jetty.base}/etc

  COPY  : ${jetty.home}/modules/ssl/keystore to ${jetty.base}/etc/keystore

  INFO  : Base directory was modified

Several things are differ from the documentation:

1. The file came out named start.ini although it seems to be a reasonable module file for a module ssi.ini

2. The line 

   " INFO  : ssl             initialized in ${jetty.base}/start.ini"

seems to suggest  that 

     ${jetty.base}/start.ini  should reference ssl.ini

but ${jetty.base}/start.ini is unchanged from my initial 9.3.6.v20151106 installation

Here I have come to a stop except for changing the name of  ${jetty.base}/start.d/start.ini to  ${jetty.base}/start.d/ssl.ini ,the top of which is

# ---------------------------------------                                                                        

# Module: ssl                                                                                                    

# Enables a TLS(SSL) Connector on the server.                                                                    

# This may be used for HTTPS and/or HTTP2 by enabling                                                            

# the associated support modules.                                                                                

# ---------------------------------------                                                                        

--module=ssl

### TLS(SSL) Connector Configuration                                                                             

and the rest is all comment lines.

What now?

Thanks

--Bob 

--

Robert A. Morris

Emeritus Professor  of Computer Science
UMASS-Boston
100 Morrissey Blvd
Boston, MA 02125-3390


Filtered Push Project
Kurator Project
Harvard University Herbaria
Harvard University

email: morris.bob@xxxxxxxxx
web: http://efg.cs.umb.edu/
web: http://wiki.filteredpush.org
       http://wiki.datakurator.org
       http://taxonconceptexplorer.org/
http://www.cs.umb.edu/~ram

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users