RDK Resources
[*RDK Preferred*]
Code Management Facility
RDK Forums
[RDK Conferences]
RDK Support
Archives
Papers & Presentations Archive
In the Xconf RDK community instance , the data service and Admin UI is added standalone jetty services and both are deployed in the same VM. This documentation explains the steps that were followed to achieve it.
cd /opt
mkdir jetty
cd jetty
wget https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/9.4.37.v20210219/jetty-distribution-9.4.37.v20210219.tar.gz
gzip –d jetty-distribution-9.4.37.v20210219.tar.gz
tar -xf jetty-distribution-9.4.37.v20210219.tar.gz--strip=1
To rename – sudo mv xconf-dataservice.war ROOT.war
--module=https
etc/jetty-ssl.xml
-DappConfig=service.properties
-Djetty.logs=/opt/jetty/logs
cp bin/jetty.sh /etc/init.d/jetty
vim /etc/default/jetty
JETTY_HOME=/opt/jetty
Before starting jetty as a service we can verify if the app is running by stepping into {jetty-home}/ and run the command java –jar start.jar –DappConfig=service.properties
sudo service jetty start
sudo service jetty status
cd /opt
mkdir jetty2
cd jetty2
wget https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/9.4.37.v20210219/jetty-distribution-9.4.37.v20210219.tar.gz /copy the tarball file from /opt/jetty
gzip –d jetty-distribution-9.4.37.v20210219.tar.gz
tar -xf jetty-distribution-9.4.37.v20210219.tar.gz--strip=1
(Or copy the jetty tar ball file from data service setup)
mv xconfAdminService2.war admin.war
--module=https
jetty.http.port=9093
etc/jetty-ssl.xml
-DappConfig=service.properties
cp bin/jetty.sh /etc/init.d/jetty2
Create the file /etc/default/jetty2 with the following data
vim /etc/default/jetty2
JETTY_HOME=/opt/jetty2
Before starting jetty as a service we can verify if the app is running by stepping opt/jetty2 and run the command java –jar start.jar –DappConfig=service.properties
sudo service jetty2 start
sudo service jetty2 status
After obtaining the certificate file from the CA follow the below steps for configuration:
We need to convert the crt file that is obtained from the CA to PKCS12 format. This can be done with the following steps:
openssl pkcs12 -inkey <privatekey.key> -in <certificate.crt> -export –out <certificate>.pkcs12
2. Enter the pass phrase you have defined : <your password>
3. Define an export password.(We have used same password again; but you are free to alter it.)
4. Enter the export password again: <your password>
After the above commands pfx or pkcs12 file will be generated.
We need to import the PKCS12 file in the keystore of Jetty.
The steps are listed below:
keytool -importkeystore -srckeystore <certificate.pkcs12> -srcstoretype PKCS12 -destkeystore keystore
4. Enter a password for the keystore.
5. Re-type the password.
6. Enter the password you have defined before for the PKCS12 file (<your password> that was used earlier in pfx generation).
Now we have created a new keystore and imported our PKCS12 file.
Jetty 9 has a modular architecture, which means that you can enable different modules through the configuration files.
In order to enable HTTPS and Jetty, we have to follow these steps:
--module=https
etc/jetty-ssl.xml
-DappConfig=service.properties
-Djetty.logs=<JETTY_HOME>/logs (For data service, it is /opt/jetty/logs and For xconf admin , it is /opt/jetty2/logs)
3. Passwords in Jetty configuration files are stored in an obfuscated form. This obfuscation is reversible and protects the passwords only from casual peeking.
We have defined the password both for keystore and our certificate. Now we are going to obfuscate this password with the following steps:
java -cp jetty-util-9.4.37.v20210219.jar org.eclipse.jetty.util.security.Password <your password>
Jetty modules are configured through the XML files under JETTY_HOME/etc folder. By enabling these modules, we are activating jetty-ssl.xml and jetty-https.xml files.The following changes need to be done in the below files:
The obfuscated password generated in step 3 and the path for the keystore generated in JETTY_HOME/etc is updated in the jetty-context.xml :
<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server"> |
---|
2. jetty-ssl.xml
The port number for https connection need to be updated in this file. The following example has selected the port 9092 for xconf data service. For admin service, we have set it as 9093.
<Set name="port"><Property name="jetty.ssl.port" deprecated="ssl.port" default="9092" />