Jump to: navigation, search

Difference between revisions of "Jetty/Howto/Secure Termination"

< Jetty‎ | Howto
 
(2 intermediate revisions by one other user not shown)
Line 2: Line 2:
 
| introduction =
 
| introduction =
  
You can start Jetty in such a way as to require identification before a termination request is accepted. This can help safeguard against either accidental or malicious terminations.
+
{{Jetty TODO}}
 +
 
 +
You can start Jetty in a way that will require identification before a termination request is accepted. This can help safeguard against either accidental or malicious terminations.
 
| steps =  
 
| steps =  
  
This involves starting jetty with a *STOP.PORT* parameter:
+
In order to protect you Jetty instance from unwanted termination you need to start Jetty with a *STOP.PORT* parameter:
 
  java -DSTOP.PORT=8079 -jar start.jar
 
  java -DSTOP.PORT=8079 -jar start.jar
  
Line 12: Line 14:
 
You can also supply a secret key on startup which must also be present on the termination request to enhance security:
 
You can also supply a secret key on startup which must also be present on the termination request to enhance security:
 
  java -DSTOP.PORT=8079 -DSTOP.KEY=mysecret -jar start.jar
 
  java -DSTOP.PORT=8079 -DSTOP.KEY=mysecret -jar start.jar
 
  
 
{{warning|In some operating systems your STOP.KEY may be visible in the process list, allowing other users to connect to the stop port and initiate the stop command. Please consider this before using the STOP.PORT and STOP.KEY in start/stop scripts, for example init.d scripts on linux distributions.}}
 
{{warning|In some operating systems your STOP.KEY may be visible in the process list, allowing other users to connect to the stop port and initiate the stop command. Please consider this before using the STOP.PORT and STOP.KEY in start/stop scripts, for example init.d scripts on linux distributions.}}
  
 
As a further security measure, you can omit the *STOP.KEY* property on startup, in which case Jetty will generate and print on stdout a random key:
 
As a further security measure, you can omit the *STOP.KEY* property on startup, in which case Jetty will generate and print on stdout a random key:
  java -DSTOP.PORT=8079 -jar start.jar -DSTOP.KEY=3xspihnnsse8
+
  > java -DSTOP.PORT=8079 -jar start.jar
 +
-DSTOP.KEY=3xspihnnsse8  
  
 
This key should then be supplied on the termination request:
 
This key should then be supplied on the termination request:

Latest revision as of 14:35, 23 April 2013



Introduction

Warning2.png
Some or all of this content remains to be ported to Jetty 9 Documentation.
If you are interested in migrating this content see our contribution guide or contact us.


You can start Jetty in a way that will require identification before a termination request is accepted. This can help safeguard against either accidental or malicious terminations.


Steps

In order to protect you Jetty instance from unwanted termination you need to start Jetty with a *STOP.PORT* parameter:

java -DSTOP.PORT=8079 -jar start.jar

The *STOP.PORT* is the number of a port on which Jetty will listen for termination requests. In this case, the port number is 8079. You can then stop jetty either with a Template:Cntrl-c in the controlling terminal window (unless you have disassociated the Jetty process from a terminal), or by supplying this port number on a stop request from any terminal.

You can also supply a secret key on startup which must also be present on the termination request to enhance security:

java -DSTOP.PORT=8079 -DSTOP.KEY=mysecret -jar start.jar
Warning2.png
In some operating systems your STOP.KEY may be visible in the process list, allowing other users to connect to the stop port and initiate the stop command. Please consider this before using the STOP.PORT and STOP.KEY in start/stop scripts, for example init.d scripts on linux distributions.


As a further security measure, you can omit the *STOP.KEY* property on startup, in which case Jetty will generate and print on stdout a random key:

> java -DSTOP.PORT=8079 -jar start.jar
-DSTOP.KEY=3xspihnnsse8 

This key should then be supplied on the termination request:

java -DSTOP.PORT=8079 -DSTOP.KEY=3xspihnnsse8 -jar start.jar --stop