Jetty is an integral part of the Gyrex stack. It's responsible for serving OSGi HTTP applications. A key feature of Jetty administration in Gyrex is it's deep integration with the cloud. You no longer configure nodes individually. Instead the administration is cloud global. Filters are available to target a set of nodes (for example a specific region or a group of dedicated web nodes) or even an individual node.
In Jetty connectors are responsible for accepting HTTP connections. Several connector types are available. The administration capabilities in Gyrex expose two types of Jetty connectors- one for unencrypted traffic and one for SSL encrypted traffic. Under the covers, Jetty's non-blocking IO connectors will be used. You can configure as many connectors as necessary on various different ports.
Certificates are required by SSL connectors. Each certificate will be stored in its own encrypted key-store protected by passwords. It's possible to import an SSL certificate including the fill certificate chain and the private key from JKS or PKCS12 containers.
Using the Console
In the OSGi console a
jetty command is available which allows to perform a basic administration of Jetty.
osgi> help [...] ---Jetty Commands--- jetty <cmd> [args] addConnector <connectorId> <port> [<secure> <certificateId>] - adds a connector importCertificate <certificateId> <keystorePath> <keystoreType> [<keystorePassword> [<keyPassword>]] - imports a certificate ls connectors|certificates [filterString] - list all channels removeCertificate <certificateId> - removes a certificate removeConnector <connectorId> - removes a connector [...] osgi>
Create a HTTP connector on port 8080:
This will create a non-secure connector which accepts connections on port 8080.
osgi> jetty addConnector http 8080 Connector http has been added! osgi>
Import a SSL certificate from a PKCS12 file:
Jetty requires the private key and the signed certificate in a single container. Gyrex provides a convenient command for importing a PKCS12 file (as generated by OpenSSL or Windows tools) or JKS file (Java standard) which usually contains both. We recommend including the complete certificate chain in case some intermediate CAs were involved.
osgi> jetty importCertificate localhost d:\localhost.p12 PKCS12 password Processing entry: localhost Loading key for entry: localhost Loading certificate chain for entry: localhost Found certificate: [.lot of keystore details..] Imported certificate localhost! osgi>
It's possible to verify the import using the
jetty ls command.
osgi> jetty ls certificates localhost [localhost, valid till 2014-02-02] osgi>
Create a HTTPS connector on port 8443:
This will use the certificate imported above and create a connector which accepts secure connections.
osgi> jetty addConnector default-https 8443 true localhost Connector default-https has been added! osgi>
When restarting the Jetty engine you can monitor the log output in order to varify the connectors are used correctly.
[...] INFO org.eclipse.jetty.util.log - jetty-7.2.2.v20101205 [...] INFO org.eclipse.jetty.util.log - Started SelectChannelConnector@0.0.0.0:8080 [...] INFO org.eclipse.jetty.util.log - Started CertificateSslConnector@0.0.0.0:8443