1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
|
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Chapter 6. Configuring Jetty Connectors</title><link rel="stylesheet" type="text/css" href="css/docbook.css"><meta name="generator" content="DocBook XSL-NS Stylesheets V1.76.1"><meta name="keywords" content="jetty, servlet, servlet-api, cometd, http, websocket, eclipse, maven, java, server, software"><link rel="home" href="index.html" title="Jetty : The Definitive Reference"><link rel="up" href="configuring.html" title="Part II. Jetty Configuration"><link rel="prev" href="setting-form-size.html" title="Setting Max Form Size"><link rel="next" href="configuring-ssl.html" title="Configuring SSL/TLS"><link xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" rel="shortcut icon" href="images/favicon.ico"><script type="text/javascript" src="js/shCore.js"></script><script type="text/javascript" src="js/shBrushJava.js"></script><script type="text/javascript" src="js/shBrushXml.js"></script><script type="text/javascript" src="js/shBrushBash.js"></script><script type="text/javascript" src="js/shBrushJScript.js"></script><script type="text/javascript" src="js/shBrushSql.js"></script><script type="text/javascript" src="js/shBrushProperties.js"></script><script type="text/javascript" src="js/shBrushPlain.js"></script><link type="text/css" rel="stylesheet" href="css/shCore.css"><link type="text/css" rel="stylesheet" href="css/shThemeEclipse.css"><link type="text/css" rel="stylesheet" href="css/font-awesome.min.css"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><table xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><tr><td style="width: 25%"><a href="http://www.eclipse.org/jetty"><img src="images/jetty-header-logo.png" alt="Jetty Logo"></a><br><span style="font-size: small">
Version: 9.3.1-SNAPSHOT</span></td><td style="width: 50%"><script type="text/javascript"> (function() {
var cx = '016459005284625897022:obd4lsai2ds';
var gcse = document.createElement('script');
gcse.type = 'text/javascript';
gcse.async = true;
gcse.src = (document.location.protocol == 'https:' ? 'https:' : 'http:') +
'//www.google.com/cse/cse.js?cx=' + cx;
var s = document.getElementsByTagName('script')[0];
s.parentNode.insertBefore(gcse, s);
})();
</script><gcse:search></gcse:search></td></tr></table><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 6. Configuring Jetty Connectors</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="setting-form-size.html"><i class="icon-chevron-left"></i> Previous</a> </td><th width="60%" align="center">Part II. Jetty Configuration<br><a accesskey="p" href="index.html"><i class="icon-home"></i> Home</a></th><td width="20%" align="right"> <a accesskey="n" href="configuring-ssl.html">Next <i class="icon-chevron-right"></i></a></td></tr></table><hr></div><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="jetty-callout"><h5 class="callout"><a href="http://www.webtide.com/">Contact the core Jetty developers at
<span class="website">www.webtide.com</span></a></h5><p>
private support for your internal/customer projects ... custom extensions and distributions ... versioned snapshots for indefinite support ...
scalability guidance for your apps and Ajax/Comet projects ... development services from 1 day to full product delivery
</p></div><div class="chapter"><div class="titlepage"><div><div><h2 class="title"><a name="configuring-connectors"></a>Chapter 6. Configuring Jetty Connectors</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="section"><a href="configuring-connectors.html#jetty-connectors">Connector Configuration Overview</a></span></dt><dt><span class="section"><a href="configuring-ssl.html">Configuring SSL/TLS</a></span></dt><dt><span class="section"><a href="setting-port80-access.html">Setting Port 80 Access for a Non-Root User</a></span></dt></dl></div><p>This chapter discusses various options for configuring Jetty connectors.</p><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="jetty-connectors"></a>Connector Configuration Overview</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="configuring-connectors.html#d0e4192">Constructing a <code class="code">ServerConnector</code></a></span></dt><dt><span class="section"><a href="configuring-connectors.html#jetty-connectors-network-settings">Network Settings.</a></span></dt><dt><span class="section"><a href="configuring-connectors.html#jetty-connectors-http-configuration">HTTP Configuration</a></span></dt><dt><span class="section"><a href="configuring-connectors.html#d0e4379">SSL Context Configuration</a></span></dt><dt><span class="section"><a href="configuring-connectors.html#d0e4404">Proxy / Load Balancer Connection Configuration</a></span></dt></dl></div><p>Connectors are the mechanism through which Jetty accepts network
connections for various protocols. Configuring a connector is a combination
of configuring the following:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Network parameters on the connector itself (for example: the
listening port).</p></li><li class="listitem"><p>Services the connector uses (for example: executors,
schedulers).</p></li><li class="listitem"><p>Connection factories that instantiate and configure the protocol
for an accepted connection.</p></li></ul></div><p>Jetty primarily uses a single connector type called <a class="link" href="http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ServerConnector.html" target="_top">ServerConnector</a>.</p><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title"><i class="icon-asterisk"></i> Note</h3><p>Prior to Jetty 9, the type of the connector specified both the
protocol and the implementation used (for example, selector-based non
blocking I/O vs blocking I/O, or SSL connector vs non-SSL connector).
Jetty 9 has only a selector-based non blocking I/O connector, and a
collection of <a class="link" href="http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ConnectionFactory.html" target="_top"><code class="code">ConnectionFactories</code></a>
now configure the protocol on the connector.</p></div><p>The standard Jetty distribution comes with the following Jetty XML
files that create and configure connectors; you should examine them as you
read this section:</p><div class="variablelist"><dl><dt><span class="term"><a class="link" href="http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/plain/jetty-server/src/main/config/etc/jetty-http.xml" target="_top"><code class="filename">jetty-http.xml</code></a></span></dt><dd><p>Instantiates a <a class="link" href="http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ServerConnector.html" target="_top"><code class="code">ServerConnector</code></a>
that accepts HTTP connections (that may be upgraded to WebSocket
connections).</p></dd><dt><span class="term"><a class="link" href="http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/plain/jetty-server/src/main/config/etc/jetty-ssl.xml" target="_top"><code class="filename">jetty-ssl.xml</code></a></span></dt><dd><p>Instantiates a <a class="link" href="http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ServerConnector.html" target="_top"><code class="code">ServerConnector</code></a>
that accepts SSL/TLS connections. On it's own, this connector is not
functional and requires one or more of the following files to also be
configured to add <a class="link" href="http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ConnectionFactory.html" target="_top"><code class="code">ConnectionFactories</code></a>
to make the connector functional.</p></dd><dt><span class="term"><a class="link" href="http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/plain/jetty-server/src/main/config/etc/jetty-https.xml" target="_top"><code class="filename">jetty-https.xml</code></a></span></dt><dd><p>Adds a <a class="link" href="http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/HttpConnectionFactory.html" target="_top"><code class="code">HttpConnectionFactory</code></a>
to the <a class="link" href="http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ServerConnector.html" target="_top"><code class="code">ServerConnector</code></a>
configured by <code class="code">jetty-ssl.xml</code> which combine to provide
support for HTTPS.</p></dd><dt><span class="term"><a class="link" href="http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/plain/jetty-http2/http2-server/src/main/config/etc/jetty-http2.xml" target="_top"><code class="filename">jetty-http2.xml</code></a></span></dt><dd><p>Adds a <a class="link" href="http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/http2/server/HTTP2ServerConnectionFactory.html" target="_top"><code class="code">Http2ServerConnectionFactory</code></a>
to the <a class="link" href="http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ServerConnector.html" target="_top"><code class="code">ServerConnector</code></a>
configured by <code class="code">jetty-ssl.xml to support the http2
protocol.</code> Also prepends either <code class="code">protonego-alpn.xml</code>
or <code class="code">protonego-npn.xml</code> so that the next protocol can be
negotiated, which allows the same SSL port to handle multiple
protocols.</p></dd><dt><span class="term"><a class="link" href="http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/plain/jetty-alpn/jetty-alpn-server/src/main/config/etc/jetty-alpn.xml" target="_top"><code class="filename">jetty-alpn.xml</code></a></span></dt><dd><p>Adds an <a class="link" href="http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/alpn/server/ALPNServerConnectionFactory.html" target="_top"><code class="code">ALPNServerConnectionFactory</code></a>
to the <a class="link" href="http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ServerConnector.html" target="_top"><code class="code">ServerConnector</code></a>
configured by <code class="code">jetty-ssl.xml</code> which allows the one SSL
connector to support multiple protocols with the ALPN extension used
to select the protocol to be used for each connection.</p></dd></dl></div><p>Typically you need to configure very little on connectors other than
set the listening port (see <a class="link" href="configuring-connectors.html#jetty-connectors-network-settings" title="Network Settings.">Network Settings</a>), and
perhaps enable <code class="code">X-Forwarded-For</code> customization (see <a class="link" href="configuring-connectors.html#jetty-connectors-http-configuration" title="HTTP Configuration">HTTP Configuration</a>).
Most other settings are for expert configuration only.</p><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="d0e4192"></a>Constructing a <code class="code">ServerConnector</code></h3></div></div></div><p>The services a <a class="link" href="http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ServerConnector.html" target="_top"><code class="code">ServerConnector</code></a>
instance uses are set by constructor injection and once instantiated
cannot be changed. Most of the services may be defaulted with null or 0
values so that a reasonable default is used, thus for most purposes only
the Server and the connection factories need to be passed to the connector
constructor. In Jetty XML (that is, in <a class="link" href="http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/plain/jetty-server/src/main/config/etc/jetty-http.xml" target="_top"><code class="filename">jetty-http.xml</code></a>),
you can do this with:</p><div class="informalexample"><script type="syntaxhighlighter" class="brush: xml;toolbar: false">
<![CDATA[<New class="org.eclipse.jetty.server.ServerConnector">
<Arg name="server"><Ref refid="Server" /></Arg>
<Arg name="factories">
<Array type="org.eclipse.jetty.server.ConnectionFactory">
<!-- insert one or more factories here -->
</Array>
</Arg>
<!-- set connector fields here -->
</New> ]]>
</script></div><p>You can see the other arguments that can be passed when constructing
a <code class="code">ServerConnector</code> in the <a class="link" href="http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ServerConnector.html#ServerConnector%28org.eclipse.jetty.server.Server,%20java.util.concurrent.Executor,%20org.eclipse.jetty.util.thread.Scheduler,%20org.eclipse.jetty.io.ByteBufferPool,%20int,%20int,%20org.eclipse.jetty.server.ConnectionFactory...%29" target="_top">Javadoc</a>.
Typically the defaults are sufficient for almost all deployments.</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="jetty-connectors-network-settings"></a>Network Settings.</h3></div></div></div><p>You configure connector network settings by calling setters on the
connector before it is started. For example, you can set the port with the
Jetty XML:</p><div class="informalexample"><script type="syntaxhighlighter" class="brush: xml;toolbar: false">
<![CDATA[<New class="org.eclipse.jetty.server.ServerConnector">
<Arg name="server"><Ref refid="Server" /></Arg>
<Arg name="factories"><!-- insert one or more factories here --></Arg>
<Set name="port">8080</Set>
</New> ]]>
</script></div><p>Values in Jetty XML can also be parameterized so that they may be
passed from property files or set on the command line. Thus typically the
port is set within Jetty XML, but uses the <code class="code">Property</code> element
to be customizable:</p><div class="informalexample"><script type="syntaxhighlighter" class="brush: xml;toolbar: false">
<![CDATA[<New class="org.eclipse.jetty.server.ServerConnector">
<Arg name="server"><Ref refid="Server" /></Arg>
<Arg name="factories"><!-- insert one or more factories here --></Arg>
<Set name="port"><Property name="jetty.http.port" default="8080"/></Set>
</New> ]]>
</script></div><p>The network settings that you can set on the <a class="link" href="http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ServerConnector.html" target="_top"><code class="code">ServerConnector</code></a>
include:</p><div class="table"><a name="d0e4240"></a><p class="title"><b>Table 6.1. Connector Configuration</b></p><div class="table-contents"><table summary="Connector Configuration" border="1"><colgroup><col><col></colgroup><thead><tr><th>Field</th><th>Description</th></tr></thead><tbody><tr><td>host</td><td>The network interface this connector binds to as an IP
address or a hostname. If null or 0.0.0.0, bind to all
interfaces.</td></tr><tr><td>port</td><td>The configured port for the connector or 0 a random
available port may be used (selected port available via
<code class="code">getLocalPort()</code>).</td></tr><tr><td>idleTimeout</td><td>The time in milliseconds that the connection can be idle
before it is closed.</td></tr><tr><td>defaultProtocol</td><td>The name of the default protocol used to select a
<code class="code">ConnectionFactory</code> instance. This defaults to the
first <code class="code">ConnectionFactory</code> added to the
connector.</td></tr><tr><td>stopTimeout</td><td>The time in milliseconds to wait before gently stopping a
connector.</td></tr><tr><td>acceptQueueSize</td><td>The size of the pending connection backlog. The exact
interpretation is JVM and operating system specific and you can
ignore it. Higher values allow more connections to wait pending an
acceptor thread. Because the exact interpretation is deployment
dependent, it is best to keep this value as the default unless
there is a specific connection issue for a specific OS that you
need to address.</td></tr><tr><td>reuseAddress</td><td>Allow the server socket to be rebound even if in <a class="link" href="http://www.ssfnet.org/Exchange/tcp/tcpTutorialNotes.html" target="_top">TIME_WAIT</a>.
For servers it is typically OK to leave this as the default
true.</td></tr><tr><td>soLingerTime</td><td>A value >=0 set the socket <a class="link" href="http://stackoverflow.com/questions/3757289/tcp-option-so-linger-zero-when-its-required" target="_top">
SO_LINGER</a> value in milliseconds. Jetty attempts to gently
close all TCP/IP connections with proper half close semantics, so
a linger timeout should not be required and thus the default is
-1.</td></tr></tbody></table></div></div><br class="table-break"></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="jetty-connectors-http-configuration"></a>HTTP Configuration</h3></div></div></div><p>The <a class="link" href="http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/HttpConfiguration.html" target="_top">HttpConfiguration</a>
class holds the configuration for <a class="link" href="http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/HttpChannel.html" target="_top">
<code class="code">HTTPChannel</code> </a>s, which you can create 1:1 with each HTTP
connection or 1:n on a multiplexed HTTP/2 connection. Thus a
<code class="code">HTTPConfiguration</code> object is injected into both the HTTP and
HTTP/2 connection factories. To avoid duplicate configuration, the standard
Jetty distribution creates the common <code class="code">HttpConfiguration</code>
instance in <a class="link" href="http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/plain/jetty-server/src/main/config/etc/jetty.xml" target="_top">
<code class="filename">jetty.xml</code> </a>, which is a <code class="code">Ref</code>
element then used in <a class="link" href="http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/plain/jetty-server/src/main/config/etc/jetty-http.xml" target="_top"><code class="filename">jetty-http.xml</code></a>,
<a class="link" href="http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/plain/jetty-server/src/main/config/etc/jetty-https.xml" target="_top"><code class="filename">jetty-https.xml</code></a>
and in <a class="link" href="http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/plain/jetty-http2/http2-server/src/main/config/etc/jetty-http2.xml" target="_top"><code class="filename">jetty-http2.xml</code></a></p><p>A typical configuration of <a class="link" href="http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/HttpConfiguration.html" target="_top">
HttpConfiguration</a> is:</p><div class="informalexample"><script type="syntaxhighlighter" class="brush: xml;toolbar: false">
<![CDATA[<New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
<Set name="secureScheme">https</Set>
<Set name="securePort"><Property name="jetty.ssl.port" default="8443" /></Set>
<Set name="outputBufferSize">32768</Set>
<Set name="requestHeaderSize">8192</Set>
<Set name="responseHeaderSize">8192</Set>
</New>]]>
</script></div><p>This example HttpConfiguration may be used by reference to the ID
"httpConfig":</p><div class="informalexample"><script type="syntaxhighlighter" class="brush: xml;toolbar: false">
<![CDATA[<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ServerConnector">
<Arg name="server"><Ref refid="Server" /></Arg>
<Arg name="factories">
<Array type="org.eclipse.jetty.server.ConnectionFactory">
<Item>
<New class="org.eclipse.jetty.server.HttpConnectionFactory">
<Arg name="config"><Ref refid="httpConfig" /></Arg>
</New>
</Item>
</Array>
</Arg>
<!-- ... -->
</New>
</Arg>
</Call>]]>
</script></div><p>For SSL based connectors (in <code class="filename">jetty-https.xml</code>
and <code class="filename">jetty-http2.xml</code>), the common "httpConfig"
instance is used as the basis to create an SSL specific configuration with
ID "sslHttpConfig":</p><div class="informalexample"><script type="syntaxhighlighter" class="brush: xml;toolbar: false">
<![CDATA[<New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
<Arg><Ref refid="httpConfig"/></Arg>
<Call name="addCustomizer">
<Arg><New class="org.eclipse.jetty.server.SecureRequestCustomizer"/></Arg>
</Call>
</New>]]>
</script></div><p>This adds a <code class="code"><a class="link" href="http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/SecureRequestCustomizer.html" target="_top"><code class="code">SecureRequestCustomizer</code></a></code>
which adds SSL Session IDs and certificate information as request
attributes.</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="d0e4379"></a>SSL Context Configuration</h3></div></div></div><p>The SSL/TLS connectors for HTTPS and HTTP/2 require a certificate to
establish a secure connection. Jetty holds certificates in standard JVM
keystores and are configured as keystore and truststores on a <a class="link" href="http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/util/ssl/SslContextFactory.html" target="_top">
<code class="code">SslContextFactory</code> </a> instance that is injected into an
<a class="link" href="http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/SslConnectionFactory.html" target="_top">
<code class="code">SslConnectionFactory</code> </a> instance. An example using the
keystore distributed with Jetty (containing a self signed test
certificate) is in <a class="link" href="http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/plain/jetty-server/src/main/config/etc/jetty-https.xml" target="_top">
<code class="filename">jetty-https.xml</code></a>. Read more about SSL
keystores in <a class="link" href="configuring-ssl.html" title="Configuring SSL/TLS">Configuring
SSL</a>.</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="d0e4404"></a>Proxy / Load Balancer Connection Configuration</h3></div></div></div><p>Often a Connector needs to be configured to accept connections from
an intermediary such as a Reverse Proxy and/or Load Balancer deployed in
front of the server. In such environments, the TCP/IP connection
terminating on the server does not originate from the client, but from the
intermediary, so that the Remote IP and port number can be reported
incorrectly in logs and in some circumstances the incorrect server address
and port may be used.</p><p>Thus Intermediaries typically implement one of several de facto
standards to communicate to the server information about the orginal
client connection terminating on the intermediary. Jetty supports the
<code class="code"><a class="link" href="https://en.wikipedia.org/wiki/X-Forwarded-For" target="_top">X-Forwarded-For</a></code>
header and the <a class="link" href="http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt" target="_top">Proxy
Protocol</a> mechanisms as described below.</p><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title"><i class="icon-asterisk"></i> Note</h3><p>The XML files in the jetty distribution contain commented out
examples of both the <code class="code"><a class="link" href="https://en.wikipedia.org/wiki/X-Forwarded-For" target="_top">X-Forwarded-For</a></code>
and <a class="link" href="http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt" target="_top">Proxy
Protocol</a> mechanisms. When using those examples, it is recommended
that the XML in the jetty distribution is not edited. Rather the files
should be copied into a jetty base directory and then modified.</p></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a name="d0e4428"></a>X-Forward-for Configuration</h4></div></div></div><p>The <code class="code"><a class="link" href="https://en.wikipedia.org/wiki/X-Forwarded-For" target="_top">X-Forwarded-for</a></code>
header and associated headers are a defacto standard where
intermediaries add HTTP headers to each request they forward to describe
the originating connection. These headers can be interpreted by an
instance of <a class="link" href="http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ForwardedRequestCustomizer.html" target="_top"><code class="code">ForwardedRequestCustomizer</code></a>
which can be added to a HttpConfiguration as follows:</p><div class="informalexample"><script type="syntaxhighlighter" class="brush: xml;toolbar: false">
<![CDATA[<New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
<Set name="outputBufferSize">32768</Set>
<Set name="requestHeaderSize">8192</Set>
<Set name="responseHeaderSize">8192</Set>
<Call name="addCustomizer">
<Arg><New class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/></Arg>
</Call>
</New>]]>
</script></div></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a name="d0e4445"></a>Proxy Protocol</h4></div></div></div><p>The <a class="link" href="http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt" target="_top">Proxy
Protocol</a> is a defacto standard created by HAProxy and used by
environments such as Amazon Elastic Cloud. This mechanism is independent
of any protocol, so it can be used for HTTP2, TLS etc. The
information about the client connection is sent as a small data frame on
each newly established connection. In Jetty, this protocol can be
handled by the <a class="link" href="http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ProxyConnectionFactory.html" target="_top"><code class="code">ProxyConnectionFactory</code></a>
which parses the data frame and then instantiates the next
ConnectionFactory on the connection with and EndPoint that has been
customized with the data obtained about the orginal client connection.
The connection factory can be added to any <a class="link" href="http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ServerConnector.html" target="_top"><code class="code">ServerConnector</code></a>
and should be the first <a class="link" href="http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ConnectionFactory.html" target="_top"><code class="code">ConnectionFactory</code></a>.
An example of adding the factory to a HTTP connector is:</p><div class="informalexample"><script type="syntaxhighlighter" class="brush: xml;toolbar: false">
<![CDATA[<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ServerConnector">
<Arg name="server"><Ref refid="Server" /></Arg>
<Arg name="factories">
<Array type="org.eclipse.jetty.server.ConnectionFactory">
<Item>
<New class="org.eclipse.jetty.server.ProxyConnectionFactory"/>
</Item>
<Item>
<New class="org.eclipse.jetty.server.HttpConnectionFactory">
<Arg name="config"><Ref refid="httpConfig" /></Arg>
</New>
</Item>
</Array>
</Arg>
<Set name="host"><Property name="jetty.host" /></Set>
<Set name="port"><Property name="jetty.http.port" default="80" /></Set>
</New>
</Arg>
</Call>
]]>
</script></div></div></div></div></div><script type="text/javascript">
SyntaxHighlighter.all()
</script><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="setting-form-size.html"><i class="icon-chevron-left"></i> Previous</a> </td><td width="20%" align="center"><a accesskey="u" href="configuring.html"><i class="icon-chevron-up"></i> Top</a></td><td width="40%" align="right"> <a accesskey="n" href="configuring-ssl.html">Next <i class="icon-chevron-right"></i></a></td></tr><tr><td width="40%" align="left" valign="top">Setting Max Form Size </td><td width="20%" align="center"><a accesskey="h" href="index.html"><i class="icon-home"></i> Home</a></td><td width="40%" align="right" valign="top"> Configuring SSL/TLS</td></tr></table></div><p xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><div class="jetty-callout">
See an error or something missing?
<span class="callout"><a href="http://github.com/jetty-project/jetty-documentation">Contribute to this documentation at
<span class="website"><i class="icon-github"></i> Github!</span></a></span><span style="float: right"><i>(Generated: 2015-07-06T01:01:06+00:00)</i></span></div></p><script xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-1149868-7']);
_gaq.push(['_trackPageview']);
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
</script></body></html>
|
