Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "Gyrex/Administrator Guide/Jetty"
(→Jetty) |
|||
Line 15: | Line 15: | ||
---Jetty Commands--- | ---Jetty Commands--- | ||
jetty <cmd> [args] | jetty <cmd> [args] | ||
− | addConnector <connectorId> <port> [<secure> <certificateId>] | + | addConnector <connectorId> <port> [<secure> <certificateId>] - adds a connector |
− | importCertificate <certificateId> <keystorePath> <keystoreType> [<keystorePassword> [<keyPassword>]] | + | importCertificate <certificateId> <keystorePath> <keystoreType> [<keystorePassword> [<keyPassword>]] - imports a certificate |
ls connectors|certificates [filterString] - list all channels | ls connectors|certificates [filterString] - list all channels | ||
removeCertificate <certificateId> - removes a certificate | removeCertificate <certificateId> - removes a certificate | ||
Line 24: | Line 24: | ||
</pre> | </pre> | ||
− | ''Create a HTTP connector on port 8080:'' | + | ''Create a HTTP connector on port 8080:''<br> |
+ | <small>This will create a non-secure connector which accepts connections on port 8080.</small> | ||
<pre> | <pre> | ||
− | osgi> jetty | + | osgi> jetty addConnector http 8080 |
− | + | Connector http has been added! | |
+ | |||
osgi> | osgi> | ||
</pre> | </pre> | ||
− | ''Import a SSL certificate from a PKCS12 file:'' | + | ''Import a SSL certificate from a PKCS12 file:''<br> |
− | Jetty requires the private key and the signed certificate in a single container. Gyrex provides a convenient command for importing a PKCS12 file (as generated by OpenSSL or Windows tools) or JKS file (Java standard) which usually contains both. We recommend including the complete certificate chain in case some intermediate CAs were involved. | + | <small>Jetty requires the private key and the signed certificate in a single container. Gyrex provides a convenient command for importing a PKCS12 file (as generated by OpenSSL or Windows tools) or JKS file (Java standard) which usually contains both. We recommend including the complete certificate chain in case some intermediate CAs were involved.</small> |
<pre> | <pre> | ||
− | osgi> jetty | + | osgi> jetty importCertificate localhost d:\localhost.p12 PKCS12 password |
− | ... | + | Processing entry: localhost |
− | osgi> | + | Loading key for entry: localhost |
+ | Loading certificate chain for entry: localhost | ||
+ | Found certificate: | ||
+ | [.lot of keystore details..] | ||
+ | Imported certificate localhost! | ||
+ | |||
+ | osgi> | ||
+ | </pre> | ||
+ | <small>It's possible to verify the import using the <code>jetty ls</code> command.</small> | ||
+ | <pre> | ||
+ | osgi> jetty ls certificates | ||
+ | localhost [localhost, valid till 2014-02-02] | ||
+ | |||
+ | osgi> | ||
</pre> | </pre> | ||
− | ''Create a HTTPS connector on port 8443:'' | + | ''Create a HTTPS connector on port 8443:''<br> |
− | This will use the certificate imported above and create a connector which accepts secure connections. | + | <small>This will use the certificate imported above and create a connector which accepts secure connections.</small> |
<pre> | <pre> | ||
osgi> jetty TODO | osgi> jetty TODO |
Revision as of 04:53, 3 February 2011
Jetty
Jetty is an integral part of the Gyrex stack. It's responsible for serving OSGi HTTP applications. A key feature of Jetty administration in Gyrex is it's deep integration with the cloud. You no longer configure nodes individually. Instead the administration is cloud global. Filters are available to target a set of nodes (for example a specific region or a group of dedicated web nodes) or even an individual node.
Connectors
In Jetty connectors are responsible for accepting HTTP connections. Several connector types are available. The administration capabilities in Gyrex expose two types of Jetty connectors- one for unencrypted traffic and one for SSL encrypted traffic. Under the covers, Jetty's non-blocking IO connectors will be used. You can configure as many connectors as necessary on various different ports.
Certificates
Certificates are required by SSL connectors. Each certificate will be stored in its own encrypted key-store protected by passwords. It's possible to import an SSL certificate including the fill certificate chain and the private key from JKS or PKCS12 containers.
Using the Console
In the OSGi console a jetty
command is available which allows to perform a basic administration of Jetty.
osgi> help [...] ---Jetty Commands--- jetty <cmd> [args] addConnector <connectorId> <port> [<secure> <certificateId>] - adds a connector importCertificate <certificateId> <keystorePath> <keystoreType> [<keystorePassword> [<keyPassword>]] - imports a certificate ls connectors|certificates [filterString] - list all channels removeCertificate <certificateId> - removes a certificate removeConnector <connectorId> - removes a connector [...] osgi>
Create a HTTP connector on port 8080:
This will create a non-secure connector which accepts connections on port 8080.
osgi> jetty addConnector http 8080 Connector http has been added! osgi>
Import a SSL certificate from a PKCS12 file:
Jetty requires the private key and the signed certificate in a single container. Gyrex provides a convenient command for importing a PKCS12 file (as generated by OpenSSL or Windows tools) or JKS file (Java standard) which usually contains both. We recommend including the complete certificate chain in case some intermediate CAs were involved.
osgi> jetty importCertificate localhost d:\localhost.p12 PKCS12 password Processing entry: localhost Loading key for entry: localhost Loading certificate chain for entry: localhost Found certificate: [.lot of keystore details..] Imported certificate localhost! osgi>
It's possible to verify the import using the jetty ls
command.
osgi> jetty ls certificates localhost [localhost, valid till 2014-02-02] osgi>
Create a HTTPS connector on port 8443:
This will use the certificate imported above and create a connector which accepts secure connections.
osgi> jetty TODO ... osgi>