0

I'm setting up a jetty application that needs to communicate with a sql server. I have successfully generated the keystore, but I'm not sure where the best location is to actually put the file. The default is $JETTY_BASE/etc . If I do that I'm going to either need to maintain a copy of the cert for every jetty application that communicates with this server, or set up a symlink to a common file.

I'm looking for advice for anyone who has actually deployed a jetty app to production. Am I on the right track, or is there a better way to maintain a common keystore?

pbuchheit
  • 1,371
  • 1
  • 20
  • 47

1 Answers1

1

Look into using the --include-jetty-dir=<path> concept.

Basically, this is where you keep common configuration. It's layout is identical to a ${jetty.base} directory.

So lay this out ...

Lets call this common configuration location ${common.base.dir} (lets say its path is /opt/jetty-common/)

Your /opt/jetty-common/ directory would have ...

/opt/jetty-common/
   /etc/
      keystore.pk12
   /start.d/
      configure-keystore.ini

The keystore.pk12`` is obvious, but see what configure-keystore.ini` has in it.

$ cat start.d/configure-keystore.ini
jetty.common.dir=/opt/jetty-common/
jetty.sslContext.keyStoreAbsolutePath=${jetty.common.dir}/etc/keystore.p12
jetty.sslContext.keyStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
jetty.sslContext.keyStoreType=pkcs12

Next, to use this common configuration, you'll need to setup in your ${jetty.base} instance specific configuration a reference to this common directory.

$ ls -la
total 20
drwxr-xr-x  5 joakim joakim 4096 Apr  6 16:35 ./
drwxr-xr-x 67 joakim joakim 4096 Apr  6 16:33 ../
drwxr-xr-x  2 joakim joakim 4096 Sep 30  2020 etc/
drwxrwxr-x  2 joakim joakim 4096 Apr  6 16:38 start.d/
drwxr-xr-x  2 joakim joakim 4096 Sep 30  2020 webapps/

$ ls -la start.d/
total 28
drwxrwxr-x 2 joakim joakim 4096 Apr  6 16:44 ./
drwxr-xr-x 5 joakim joakim 4096 Apr  6 16:35 ../
-rw-rw-r-- 1 joakim joakim   81 Apr  6 16:38 common-config.ini
-rw-rw-r-- 1 joakim joakim  634 Apr  6 16:35 deploy.ini
-rw-rw-r-- 1 joakim joakim  175 Apr  6 16:35 https.ini
-rw-rw-r-- 1 joakim joakim 4233 Apr  6 16:35 ssl.ini

$ cat start.d/common-config.ini 
--include-jetty-dir=/opt/jetty-common

You can see how this works with the start.jar --list-config output.

$ cd /opt/jetty-bases/base-one/
$ java -jar /opt/jetty-home/start.jar --list-config

Java Environment:
-----------------
 java.home = /home/joakim/java/jvm/jdk-11.0.14.1+1 (null)
 java.vm.vendor = Eclipse Adoptium (null)
 java.vm.version = 11.0.14.1+1 (null)
 java.vm.name = OpenJDK 64-Bit Server VM (null)
 java.vm.info = mixed mode (null)
 java.runtime.name = OpenJDK Runtime Environment (null)
 java.runtime.version = 11.0.14.1+1 (null)
 java.io.tmpdir = /tmp (null)
 user.dir = /opt/jetty-bases/base-one (null)
 user.language = en (null)
 user.country = US (null)

Jetty Environment:
-----------------
 jetty.version = 9.4.46.v20220331
 jetty.tag.version = jetty-9.4.46.v20220331
 jetty.build = bc17a0369a11ecf40bb92c839b9ef0a8ac50ea18
 jetty.home = /opt/jetty-home
 jetty.base = /opt/jetty-bases/base-one

Config Search Order:
--------------------
 <command-line>
 ${jetty.base} -> /opt/jetty-bases/base-one
 /opt/jetty-common -> /opt/jetty-common
 ${jetty.home} -> /opt/jetty-home


JVM Arguments:
--------------
 (no jvm args specified)

System Properties:
------------------
 (no system properties specified)

Properties:
-----------
 jetty.base = /opt/jetty-bases/base-one
 jetty.base.uri = file:///opt/jetty-bases/base-one
 jetty.common.dir = /opt/jetty-common
 jetty.home = /opt/jetty-home
 jetty.home.uri = file:///opt/jetty-home
 jetty.sslContext.keyStoreAbsolutePath = ${jetty.common.dir}/etc/keystore.p12
 jetty.sslContext.keyStorePassword = OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
 jetty.sslContext.keyStoreType = pkcs12
 runtime.feature.alpn = true

Jetty Server Classpath:
-----------------------
Version Information on 11 entries in the classpath.
Note: order presented here is how they would appear on the classpath.
      changes to the --module=name command line options will be reflected here.
 0:                    3.1.0 | ${jetty.home}/lib/servlet-api-3.1.jar
 1:                 3.1.0.M0 | ${jetty.home}/lib/jetty-schemas-3.1.jar
 2:         9.4.46.v20220331 | ${jetty.home}/lib/jetty-http-9.4.46.v20220331.jar
 3:         9.4.46.v20220331 | ${jetty.home}/lib/jetty-server-9.4.46.v20220331.jar
 4:         9.4.46.v20220331 | ${jetty.home}/lib/jetty-xml-9.4.46.v20220331.jar
 5:         9.4.46.v20220331 | ${jetty.home}/lib/jetty-util-9.4.46.v20220331.jar
 6:         9.4.46.v20220331 | ${jetty.home}/lib/jetty-io-9.4.46.v20220331.jar
 7:         9.4.46.v20220331 | ${jetty.home}/lib/jetty-security-9.4.46.v20220331.jar
 8:         9.4.46.v20220331 | ${jetty.home}/lib/jetty-servlet-9.4.46.v20220331.jar
 9:         9.4.46.v20220331 | ${jetty.home}/lib/jetty-webapp-9.4.46.v20220331.jar
10:         9.4.46.v20220331 | ${jetty.home}/lib/jetty-deploy-9.4.46.v20220331.jar

Jetty Active XMLs:
------------------
 ${jetty.home}/etc/jetty-bytebufferpool.xml
 ${jetty.home}/etc/jetty-threadpool.xml
 ${jetty.home}/etc/jetty.xml
 ${jetty.home}/etc/jetty-webapp.xml
 ${jetty.home}/etc/jetty-deploy.xml
 ${jetty.home}/etc/jetty-ssl.xml
 ${jetty.home}/etc/jetty-ssl-context.xml
 ${jetty.home}/etc/jetty-https.xml

You can see in this output that the search order has this extra directory, and your properties are set according to the common location values.

Joakim Erdfelt
  • 46,896
  • 7
  • 86
  • 136