Skip to main content
Jump to: navigation, search

Gyrex/Administrator Guide/Jetty


Jetty is an integral part of the Gyrex stack. It's responsible for serving OSGi HTTP applications. A key feature of Jetty administration in Gyrex is it's deep integration with the cloud. You no longer configure nodes individually. Instead the administration is cloud global. Filters are available to target a set of nodes (for example a specific region or a group of dedicated web nodes) or even an individual node.


In Jetty connectors are responsible for accepting HTTP connections. Several connector types are available. The administration capabilities in Gyrex expose two types of Jetty connectors- one for unencrypted traffic and one for SSL encrypted traffic. Under the covers, Jetty's non-blocking IO connectors will be used. You can configure as many connectors as necessary on various different ports.


Certificates are required by SSL connectors. Each certificate will be stored in its own encrypted key-store protected by passwords. It's possible to import an SSL certificate including the fill certificate chain and the private key from JKS or PKCS12 containers.

Using the Console

In the OSGi console a jetty command is available which allows to perform a basic administration of Jetty.

osgi> help
---Jetty Commands---
  jetty <cmd> [args]
    addConnector <connectorId> <port> [<secure> <certificateId>] - adds a connector
    importCertificate <certificateId> <keystorePath> <keystoreType> [<keystorePassword> [<keyPassword>]] - imports a certificate
    ls  connectors|certificates [filterString] 	 - list all channels
    removeCertificate <certificateId>	 - removes a certificate
    removeConnector <connectorId>	 - removes a connector

Create a HTTP connector on port 8080:
This will create a non-secure connector which accepts connections on port 8080.

osgi> jetty addConnector http 8080
Connector http has been added!


Import a SSL certificate from a PKCS12 file:
Jetty requires the private key and the signed certificate in a single container. Gyrex provides a convenient command for importing a PKCS12 file (as generated by OpenSSL or Windows tools) or JKS file (Java standard) which usually contains both. We recommend including the complete certificate chain in case some intermediate CAs were involved.

osgi> jetty importCertificate localhost d:\localhost.p12 PKCS12 password
Processing entry: localhost
Loading key for entry: localhost
Loading certificate chain for entry: localhost
Found certificate:
[.lot of keystore details..]
Imported certificate localhost!


It's possible to verify the import using the jetty ls command.

osgi> jetty ls certificates
localhost [localhost, valid till 2014-02-02]


Create a HTTPS connector on port 8443:
This will use the certificate imported above and create a connector which accepts secure connections.

osgi> jetty addConnector default-https 8443 true localhost
Connector default-https has been added!


When restarting the Jetty engine you can monitor the log output in order to varify the connectors are used correctly.

[...] INFO  org.eclipse.jetty.util.log - jetty-7.2.2.v20101205
[...] INFO  org.eclipse.jetty.util.log - Started SelectChannelConnector@
[...] INFO  org.eclipse.jetty.util.log - Started CertificateSslConnector@

Back to the top