Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "Gyrex/Administrator Guide/Jetty"
(New page: == Jetty == [http://www.eclipse.org/jetty Jetty] is an integral part of the Gyrex stack. It's responsible for serving OSGi HTTP applications.) |
(→Jetty) |
||
| Line 1: | Line 1: | ||
== Jetty == | == Jetty == | ||
| − | [http://www.eclipse.org/jetty Jetty] is an integral part of the Gyrex stack. It's responsible for serving OSGi HTTP applications. | + | [http://www.eclipse.org/jetty Jetty] is an integral part of the Gyrex stack. It's responsible for serving OSGi HTTP applications. A key feature of Jetty administration in Gyrex is it's deep integration with the cloud. You no longer configure nodes individually. Instead the administration is cloud global. Filters are available to target a set of nodes (for example a specific ''region'' or a group of dedicated ''web'' nodes) or even an individual node. |
| + | |||
| + | === Connectors === | ||
| + | In Jetty connectors are responsible for accepting HTTP connections. Several connector types are available. The administration capabilities in Gyrex expose two types of Jetty connectors- one for unencrypted traffic and one for SSL encrypted traffic. Under the covers, Jetty's non-blocking IO connectors will be used. You can configure as many connectors as necessary on various different ports. | ||
| + | |||
| + | === Certificates === | ||
| + | Certificates are required by SSL connectors. Each certificate will be stored in its own encrypted key-store protected by passwords. It's possible to import an SSL certificate including the fill certificate chain and the private key from JKS or PKCS12 containers. | ||
| + | |||
| + | === Using the Console === | ||
| + | In the OSGi console a <code>jetty</code> command is available which allows to perform a basic administration of Jetty. | ||
| + | <pre> | ||
| + | osgi> help | ||
| + | [...] | ||
| + | ---Jetty Commands--- | ||
| + | jetty <cmd> [args] | ||
| + | addConnector <connectorId> <port> [<secure> <certificateId>] [<secureConnectord>] - adds a connector | ||
| + | importCertificate <certificateId> <keystorePath> <keystoreType> [<keystorePassword> [<keyPassword>]] - imports a certificate | ||
| + | ls connectors|certificates [filterString] - list all channels | ||
| + | removeCertificate <certificateId> - removes a certificate | ||
| + | removeConnector <connectorId> - removes a connector | ||
| + | [...] | ||
| + | osgi> | ||
| + | </pre> | ||
| + | |||
| + | ''Create a HTTP connector on port 8080:'' | ||
| + | <pre> | ||
| + | osgi> jetty TODO | ||
| + | ... | ||
| + | osgi> | ||
| + | </pre> | ||
| + | |||
| + | ''Import a SSL certificate from a PKCS12 file:'' | ||
| + | Jetty requires the private key and the signed certificate in a single container. Gyrex provides a convenient command for importing a PKCS12 file (as generated by OpenSSL or Windows tools) or JKS file (Java standard) which usually contains both. We recommend including the complete certificate chain in case some intermediate CAs were involved. | ||
| + | <pre> | ||
| + | osgi> jetty TODO | ||
| + | ... | ||
| + | osgi> | ||
| + | </pre> | ||
| + | |||
| + | |||
| + | ''Create a HTTPS connector on port 8443:'' | ||
| + | This will use the certificate imported above and create a connector which accepts secure connections. | ||
| + | <pre> | ||
| + | osgi> jetty TODO | ||
| + | ... | ||
| + | osgi> | ||
| + | </pre> | ||
Revision as of 16:23, 2 February 2011
Jetty
Jetty is an integral part of the Gyrex stack. It's responsible for serving OSGi HTTP applications. A key feature of Jetty administration in Gyrex is it's deep integration with the cloud. You no longer configure nodes individually. Instead the administration is cloud global. Filters are available to target a set of nodes (for example a specific region or a group of dedicated web nodes) or even an individual node.
Connectors
In Jetty connectors are responsible for accepting HTTP connections. Several connector types are available. The administration capabilities in Gyrex expose two types of Jetty connectors- one for unencrypted traffic and one for SSL encrypted traffic. Under the covers, Jetty's non-blocking IO connectors will be used. You can configure as many connectors as necessary on various different ports.
Certificates
Certificates are required by SSL connectors. Each certificate will be stored in its own encrypted key-store protected by passwords. It's possible to import an SSL certificate including the fill certificate chain and the private key from JKS or PKCS12 containers.
Using the Console
In the OSGi console a jetty command is available which allows to perform a basic administration of Jetty.
osgi> help
[...]
---Jetty Commands---
jetty <cmd> [args]
addConnector <connectorId> <port> [<secure> <certificateId>] [<secureConnectord>] - adds a connector
importCertificate <certificateId> <keystorePath> <keystoreType> [<keystorePassword> [<keyPassword>]] - imports a certificate
ls connectors|certificates [filterString] - list all channels
removeCertificate <certificateId> - removes a certificate
removeConnector <connectorId> - removes a connector
[...]
osgi>
Create a HTTP connector on port 8080:
osgi> jetty TODO ... osgi>
Import a SSL certificate from a PKCS12 file: Jetty requires the private key and the signed certificate in a single container. Gyrex provides a convenient command for importing a PKCS12 file (as generated by OpenSSL or Windows tools) or JKS file (Java standard) which usually contains both. We recommend including the complete certificate chain in case some intermediate CAs were involved.
osgi> jetty TODO ... osgi>
Create a HTTPS connector on port 8443:
This will use the certificate imported above and create a connector which accepts secure connections.
osgi> jetty TODO ... osgi>