[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [jetty-users] How to configure Jetty server to listen on a specific interface instead of hostname/IP
|
Hi,
On Tue, Mar 19, 2024 at 3:33 PM Lansing Chen via jetty-users
<jetty-users@xxxxxxxxxxx> wrote:
>
> Dear Jetty team,
>
> For security enhancement purposes, we are seeking to configure the Jetty server to listen on trusted interfaces instead of "0.0.0.0". Currently, we could achieve that by specifying an IP address for the "jetty.ssl.host=xxx" property in the "ssl.ini" file.
>
> Given the interface IP address could change upon network configuration adjustments(more likely than the interface name in our case), we wonder if it's possible to configure the SSL connector to bind to a specific interface using its name? For example, instead of "jetty.ssl.host=xxx", could we configure "jetty.ssl.interface=eth0"? The expected behavior is: Even if the IP address associated with the interface changes, the Jetty server can seamlessly identify and bind the connector using the new IP.
>
While you can specify a name as the bind address, it will be resolved
to an IP address and the channel bound to that address.
The behavior you expect is not possible at the Java runtime level: the
Java runtime won't know you have reconfigured the network, and won't
rebind automatically.
Your only option, to my knowledge, is to close the ServerSocketChannel
(i.e. stop the Jetty ServerConnector), reconfigure it, and re-bind it
(i.e. re-start it).
--
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.
