RDK Resources
[*RDK Preferred*]
Code Management Facility
RDK Forums
[RDK Conferences]
RDK Support
Archives
Papers & Presentations Archive
...
...
...
...
cd /opt
...
mkdir jetty
...
cd jetty
wget https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/9.4.37.v20210219/jetty-distribution-9.4.37.v20210219.tar.gz
gzip –d jetty-distribution-9.4.37.v20210219.tar.gz
tar -xf jetty-distribution-9.4.37.v20210219.tar.gz--strip=1
...
To rename – sudo mv xconf-dataservice.war ROOT.war
--module=https
etc/jetty-ssl.xml
-DappConfig=service.properties
-Djetty.logs=/opt/jetty/logs
cp bin/jetty.sh /etc/init.d/jetty
vim /etc/default/jetty
JETTY_HOME=/opt/jetty
Before starting jetty as a service we can verify if the app is running by stepping into {jetty-home}/ and run the command java –jar start.jar –DappConfig=service.properties
sudo service jetty start
sudo service jetty status
After obtaining the certificate file from the CA follow the below steps for configuration:
We need to convert the crt file that is obtained from the CA to PKCS12 format. This can be done with the following steps:
openssl pkcs12 -inkey <privatekey.key> -in <certificate.crt> -export –out <certificate>.pkcs12
2. Enter the pass phrase you have defined : <your password>
3. Define an export password.(We have used same password again; but you are free to alter it.)
4. Enter the export password again: <your password>
After the above commands pfx or pkcs12 file will be generated.
2.Importing the PKCS12 file in your Jetty keystore
We need to import the PKCS12 file in the keystore of Jetty.
The steps are listed below:
keytool -importkeystore -srckeystore <certificate.pkcs12> -srcstoretype PKCS12 -destkeystore keystore
4. Enter a password for the keystore.
5. Re-type the password.
6. Enter the password you have defined before for the PKCS12 file (<your password> that was used earlier in pfx generation).
Now we have created a new keystore and imported our PKCS12 file.
3.Enabling SSL and HTTPS for Jetty
Jetty 9 has a modular architecture, which means that you can enable different modules through the configuration files.
In order to enable HTTPS and Jetty, we have to follow these steps:
--module=https
etcetc/jetty-ssl.xml
-DappConfig=service.properties
-Djetty.logs=<JETTY_HOME>/logs (For data service, it is /opt/jetty/logs and For xconf admin , it is /opt/jetty2/logs)
3. Passwords in Jetty configuration files are stored in an obfuscated form. This obfuscation is reversible and protects the passwords only from casual peeking.
We have defined the password both for keystore and our certificate. Now we are going to obfuscate this password with the following steps:
java -cp jetty-util-9.4.37.v20210219.jar org.eclipse.jetty.util.security.Password <your password>
4. Jetty modules are configured through the XML files under JETTY_HOME/etc folder. By enabling these modules, we are activating jetty-ssl.xml and jetty-https.xml files.The following changes need to be done in the below files:
The obfuscated password generated in step 3 and the path for the keystore generated in JETTY_HOME/etc is updated in the jetty-context.xml :
<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server"> |
---|
2. jetty-ssl.xml
The port number for https connection need to be updated in this file. The following example has selected the port 9092 for xconf data service. For admin service, we have set it as 9093.
<Set name="port"><Property name="jetty.ssl.port" deprecated="ssl.port" default="9092" />