|  Version: 9.4.0.M0 | 
private support for your internal/customer projects ... custom extensions and distributions ... versioned snapshots for indefinite support ... scalability guidance for your apps and Ajax/Comet projects ... development services for sponsored feature development
Table of Contents
Security
Jetty 9.1 introduces ${jetty.base} and ${jetty.home}.
${jetty.home} is the directory location for the jetty distribution
(the binaries).${jetty.base} is the directory location for your customizations to
the distribution.This separation:
For more information, see Managing Jetty Base and Jetty Home.
Further, Jetty 9.1 parameterizes all of the standard configuration XMLs.
For SSL, parameters are now just properties in the start.ini, reducing
to eliminating the need to edit XML files.
Jetty 9.1 also introduces modules. Instead of explicitly listing all the
libraries, properties, and XML files for a feature, Jetty includes
software modules, and the start.jar mechanism allows you to create new
modules. You define a module in a modules/*.mod file, including the
libraries, dependencies, XML, and template INI files for a Jetty
feature. Thus you can use a single --module=name command line option
as the equivalent of specifying many --lib=location, feature.xml,
  name=value arguments for a feature and all its dependencies. Modules
use their dependencies to control the ordering of libraries and XML
files. For more information, see Managing Startup Modules.
This page describes how to configure SSL in Jetty with modules. It
provides an example of using the ${jetty.home} and ${jetty.base} to
maximum effect. It also includes a detailed explanation of how modules
work.
This example assumes you have the jetty-distribution unpacked in
/home/user/jetty-distribution-@project.version@.
Create a base directory anywhere.
[/home/user]$ mkdir my-base [/home/user]$ cd my-base
Add the modules for SSL, HTTP, and webapp deployment.
[my-base]$ java -jar /home/user/jetty-distribution-@project.version@/start.jar --add-to-start=http,https,deploy
ssl             initialised in ${jetty.base}/start.ini (appended)
ssl             enabled in     ${jetty.base}/start.ini
DOWNLOAD: https://github.com/eclipse/jetty.project/raw/master/jetty-server/src/main/config/etc/keystore to etc/keystore
server          initialised in ${jetty.base}/start.ini (appended)
server          enabled in     ${jetty.base}/start.ini
http            initialised in ${jetty.base}/start.ini (appended)
http            enabled in     ${jetty.base}/start.ini
server          enabled in     ${jetty.base}/start.ini
deploy          initialised in ${jetty.base}/start.ini (appended)
deploy          enabled in     ${jetty.base}/start.ini
MKDIR: ${jetty.base}/webapps
server          enabled in     ${jetty.base}/start.iniLook at your directory.
[my-base]$ ls -la total 20 drwxrwxr-x 4 user group 4096 Oct 8 06:55 ./ drwxr-xr-x 103 user group 4096 Oct 8 06:53 ../ drwxrwxr-x 2 user group 4096 Oct 8 06:55 etc/ -rw-rw-r-- 1 user group 815 Oct 8 06:55 start.ini drwxrwxr-x 2 user group 4096 Oct 8 06:55 webapps/
Copy your WAR files into webapps.
[my-base]$ ls -la [my-base]$ cp ~/code/project/target/gadget.war webapps/
Copy your keystore into place.
[my-base]$ cp ~/code/project/keystore etc/keystore
Edit the start.ini to configure your SSL settings.
[my-base]$ cat start.ini
Initialize module ssl.
--module=ssl
Define the port to use for secure redirection.
jetty.secure.port=8443
Set up a demonstration keystore and truststore.
jetty.keystore=etc/keystore jetty.truststore=etc/keystore
Set the demonstration passwords.
jetty.keystore.password=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4 jetty.keymanager.password=OBF:1u2u1wml1z7s1z7a1wnl1u2g jetty.truststore.password=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
Initialize the module server.
--module=server threads.min=10 threads.max=200 threads.timeout=60000 #jetty.host=myhost.com jetty.dump.start=false jetty.dump.stop=false
Initialize module http.
--module=http jetty.http.port=8080 http.timeout=30000
Initialize module deploy.
--module=deploy
Look at the configuration you have at this point.
[my-base]$ java -jar /home/user/jetty-distribution-@project.version@/start.jar --list-config
Java Environment:
-----------------
 java.home=/usr/lib/jvm/jdk-7u21-x64/jre
 java.vm.vendor=Oracle Corporation
 java.vm.version=23.21-b01
 java.vm.name=Java HotSpot(TM) 64-Bit Server VM
 java.vm.info=mixed mode
 java.runtime.name=Java(TM) SE Runtime Environment
 java.runtime.version=1.7.0_21-b11
 java.io.tmpdir=/tmp
Jetty Environment:
-----------------
 jetty.home=/home/user/jetty-distribution-@project.version@
 jetty.base=/home/user/my-base
 jetty.version=@project.version@
JVM Arguments:
--------------
 (no jvm args specified)
System Properties:
------------------
 jetty.base = /home/user/my-base
 jetty.home = /home/user/jetty-distribution-@project.version@
Properties:
-----------
 http.timeout = 30000
 jetty.dump.start = false
 jetty.dump.stop = false
 jetty.keymanager.password = OBF:1u2u1wml1z7s1z7a1wnl1u2g
 jetty.keystore = etc/keystore
 jetty.keystore.password = OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
 jetty.http.port = 8080
 jetty.secure.port = 8443
 jetty.truststore = etc/keystore
 jetty.truststore.password = OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
 threads.max = 200
 threads.min = 10
 threads.timeout = 60000
Jetty Server Classpath:
-----------------------
Version Information on 11 entries in the classpath.
Note: order presented here is how they would appear on the classpath.
      changes to the --module=name command line options will be reflected here.
 0:                    3.1.0 | ${jetty.home}/lib/servlet-api-3.1.jar
 1:                  3.1.RC0 | ${jetty.home}/lib/jetty-schemas-3.1.jar
 2:                @project.version@ | ${jetty.home}/lib/jetty-http-@project.version@.jar
 3:                @project.version@ | ${jetty.home}/lib/jetty-continuation-@project.version@.jar
 4:                @project.version@ | ${jetty.home}/lib/jetty-server-@project.version@.jar
 5:                @project.version@ | ${jetty.home}/lib/jetty-xml-@project.version@.jar
 6:                @project.version@ | ${jetty.home}/lib/jetty-util-@project.version@.jar
 7:                @project.version@ | ${jetty.home}/lib/jetty-io-@project.version@.jar
 8:                @project.version@ | ${jetty.home}/lib/jetty-servlet-@project.version@.jar
 9:                @project.version@ | ${jetty.home}/lib/jetty-webapp-@project.version@.jar
10:                @project.version@ | ${jetty.home}/lib/jetty-deploy-@project.version@.jar
Jetty Active XMLs:
------------------
 ${jetty.home}/etc/jetty.xml
 ${jetty.home}/etc/jetty-http.xml
 ${jetty.home}/etc/jetty-ssl.xml
 ${jetty.home}/etc/jetty-deploy.xmlNow start Jetty.
[my-base]$ java -jar /home/user/jetty-distribution-@project.version@/start.jar
2013-10-08 07:06:55.837:INFO:oejs.Server:main: jetty-@project.version@
2013-10-08 07:06:55.853:INFO:oejdp.ScanningAppProvider:main: Deployment monitor [file:/home/user/my-base/webapps/] at interval 1
2013-10-08 07:06:55.872:INFO:oejs.ServerConnector:main: Started ServerConnector@72974691{HTTP/1.1}{0.0.0.0:8080}The following sections review this configuration.
First notice the separation of ${jetty.base} and ${jetty.home}.
${jetty.home} is where your distribution lies, unchanged, unedited.${jetty.base} is where your customizations are.Notice that you have --module=<name> here and there; you have wrapped
up the goal of a module (libs, configuration XMLs, and properties) into
a single unit, with dependencies on other modules.
You can see the list of modules:
[my-base]$ java -jar /home/user/jetty-distribution-@project.version@/start.jar --list-modules
Jetty All Available Modules:
----------------------------
Module: annotations
      LIB: lib/jetty-annotations-${jetty.version}.jar
      LIB: lib/annotations/*.jar
      XML: etc/jetty-annotations.xml
  depends: [plus]
Module: client
      LIB: lib/jetty-client-${jetty.version}.jar
  depends: []
Module: debug
      XML: etc/jetty-debug.xml
  depends: [server]
Module: deploy
      LIB: lib/jetty-deploy-${jetty.version}.jar
      XML: etc/jetty-deploy.xml
  depends: [webapp]
  enabled: ${jetty.base}/start.ini
Module: ext
      LIB: lib/ext/*.jar
  depends: []
Module: http
      XML: etc/jetty-http.xml
  depends: [server]
  enabled: ${jetty.base}/start.ini
Module: http2
      LIB: lib/http2/*.jar
      XML: etc/jetty-http2.xml
  depends: [ssl, alpn]
Module: http2c
     LIB: lib/http2/*.jar
     XML: etc/jetty-http2c.xml
 depends: [http]
Module: https
      XML: etc/jetty-https.xml
  depends: [ssl]
Module: ipaccess
      XML: etc/jetty-ipaccess.xml
  depends: [server]
Module: jaas
      LIB: lib/jetty-jaas-${jetty.version}.jar
      XML: etc/jetty-jaas.xml
  depends: [server]
Module: jaspi
      LIB: lib/jetty-jaspi-${jetty.version}.jar
      LIB: lib/jaspi/*.jar
  depends: [security]
Module: jmx
      LIB: lib/jetty-jmx-${jetty.version}.jar
      XML: etc/jetty-jmx.xml
  depends: []
Module: jndi
      LIB: lib/jetty-jndi-${jetty.version}.jar
      LIB: lib/jndi/*.jar
  depends: [server]
Module: jsp
      LIB: lib/jsp/*.jar
  depends: [servlet]
Module: jvm
  depends: []
Module: logging
      XML: etc/jetty-logging.xml
  depends: []
Module: lowresources
      XML: etc/jetty-lowresources.xml
  depends: [server]
Module: monitor
      LIB: lib/jetty-monitor-${jetty.version}.jar
      XML: etc/jetty-monitor.xml
  depends: [client, server]
Module: npn
  depends: []
Module: plus
      LIB: lib/jetty-plus-${jetty.version}.jar
      XML: etc/jetty-plus.xml
  depends: [server, security, jndi]
Module: proxy
      LIB: lib/jetty-proxy-${jetty.version}.jar
      XML: etc/jetty-proxy.xml
  depends: [client, server]
Module: requestlog
      XML: etc/jetty-requestlog.xml
  depends: [server]
Module: resources
      LIB: resources
  depends: []
Module: rewrite
      LIB: lib/jetty-rewrite-${jetty.version}.jar
      XML: etc/jetty-rewrite.xml
  depends: [server]
Module: security
      LIB: lib/jetty-security-${jetty.version}.jar
  depends: [server]
Module: server
      LIB: lib/servlet-api-3.1.jar
      LIB: lib/jetty-schemas-3.1.jar
      LIB: lib/jetty-http-${jetty.version}.jar
      LIB: lib/jetty-continuation-${jetty.version}.jar
      LIB: lib/jetty-server-${jetty.version}.jar
      LIB: lib/jetty-xml-${jetty.version}.jar
      LIB: lib/jetty-util-${jetty.version}.jar
      LIB: lib/jetty-io-${jetty.version}.jar
      XML: etc/jetty.xml
  depends: []
  enabled: ${jetty.base}/start.ini
Module: servlet
      LIB: lib/jetty-servlet-${jetty.version}.jar
  depends: [server]
Module: servlets
      LIB: lib/jetty-servlets-${jetty.version}.jar
  depends: [servlet]
Module: setuid
      LIB: lib/setuid/jetty-setuid-java-1.0.1.jar
      XML: etc/jetty-setuid.xml
  depends: [server]
Module: ssl
      XML: etc/jetty-ssl.xml
  depends: [server]
  enabled: ${jetty.base}/start.ini
Module: stats
      XML: etc/jetty-stats.xml
  depends: [server]
Module: webapp
      LIB: lib/jetty-webapp-${jetty.version}.jar
  depends: [servlet]
Module: websocket
      LIB: lib/websocket/*.jar
  depends: [annotations]
Module: xinetd
      XML: etc/jetty-xinetd.xml
  depends: [server]
Jetty Active Module Tree:
-------------------------
 + Module: server [enabled]
   + Module: http [enabled]
   + Module: servlet [transitive]
   + Module: ssl [enabled]
     + Module: webapp [transitive]
       + Module: deploy [enabled]These are the modules by name, the libraries they bring in, the XML configurations they use, the other modules they depend on (even optional ones), and if the module is in use, where it was enabled.
While you can manage the list of active modules yourself, it is much
easier to edit the ${jetty.base}/start.ini.
If you want to start using a new module:
[my-base] $ java -jar ../jetty-distribution-@project.version@/start.jar --add-to-start=https
This adds the --module= lines and associated properties (the
parameterized values mentioned above), to your start.ini.
Important
Leave the modules and XML files alone in the
${jetty.home}directory; there is no need to be moving or copying them unless you want to make your own modules or override the behavior of an existing module.
Notice that your ${jetty.base}/start.ini has no references to the XML
files. That’s because the module system and its graph of dependencies
now dictate all of the XML files, and their load order.
Next is parameterizing all of the standard configuration XMLs. In this
example all of the SSL parameters are now just properties in the
start.ini, reducing or eliminating the need to edit XML files.
Finally, you can override anything you see in ${jetty.home} in
${jetty.base}, even XML configurations and libraries.
For more information on the start.jar in 9.1, see Using start.jar.
/home/user/jetty-distribution-@project.version@.Go to your base directory and just use the distribution, no editing.
[my-base]$ java -jar /home/user/jetty-distribution-@project.version@/start.jar
jetty-http.xml and jetty-ssl.xml.
You can find them in ${jetty.home}/etc/ directory.${jetty.base}/start.ini.Use modules to configure HTTPS:
https → ssl → server
You can find the details about the modules in ${jetty.home}/modules/.
For SSL they include modules/http.mod, modules/https.mod,
modules/ssl.mod, and modules/server.mod.
Ideally, this level of detail is not important to you. What is important
is that you want to use HTTPS and want to configure it. You accomplish
that by adding the --module=https to your start.ini. By default, the
module system keeps things sane, and transitively includes all dependent
modules as well.
You can see what the configuration looks like, after all of the modules are resolved, without starting Jetty via:
[my-base] $ java -jar ../jetty-distribution-@project.version@/start.jar --list-config
Just because the JARs exist on disk does not mean that they are in use. The configuration controls what is used.
Use the --list-config to see the configuration. Notice that only a
subset of the JARs from the distribution are in use. The modules you
have anabled determine that subset.
[my-base]$ java -jar ~/jetty-distribution-@project.version@/start.jar --list-config