Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] How to configure Jetty server to listen on a specific interface instead of hostname/IP
We don't currently support configuring hosts based on interface name.

Interestingly, this information is present via the java.net.NetworkInterface APIs.
However, a single name can often lead to multiple addresses.
So it's not a 1::1 affair, but something new.

Meaning, if I were to configure (on my machine) the name "enp4s0"
I would wind up with 4 java.net.InetAddress to bind to. (3 are on IPv6, 1 is on IPv4)
That would be 4 connectors, in Jetty speak.

Joakim Erdfelt / joakim@xxxxxxxxxxx


On Tue, Mar 19, 2024 at 9:33 AM Lansing Chen via jetty-users <jetty-users@xxxxxxxxxxx> wrote:
Dear Jetty team, 

For security enhancement purposes, we are seeking to configure the Jetty server to listen on trusted interfaces instead of "0.0.0.0". Currently, we could achieve that by specifying an IP address for the "jetty.ssl.host=xxx" property in the "ssl.ini" file.

Given the interface IP address could change upon network configuration adjustments(more likely than the interface name in our case), we wonder if it's possible to configure the SSL connector to bind to a specific interface using its name? For example, instead of "jetty.ssl.host=xxx", could we configure "jetty.ssl.interface=eth0"? The expected behavior is: Even if the IP address associated with the interface changes, the Jetty server can seamlessly identify and bind the connector using the new IP.

Would the above behavior be achievable via jetty configuration? If so, could you please advise how to achieve that? Any guidance would be greatly appreciated. Thanks.

Best, 
Lansing
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users

Back to the top