Where is the best location for the keystore in Jetty 10

Question

Where is the best location for the keystore in Jetty 10

489 Views Asked by pbuchheit At 06 April 2022 at 15:50

I'm setting up a jetty application that needs to communicate with a sql server. I have successfully generated the keystore, but I'm not sure where the best location is to actually put the file. The default is $JETTY_BASE/etc . If I do that I'm going to either need to maintain a copy of the cert for every jetty application that communicates with this server, or set up a symlink to a common file.

I'm looking for advice for anyone who has actually deployed a jetty app to production. Am I on the right track, or is there a better way to maintain a common keystore?

Original Q&A

There are 1 best solutions below

**Joakim Erdfelt** · Answer 1 · 2022-04-06T21:50:12.950000

Look into using the --include-jetty-dir=<path> concept.

Basically, this is where you keep common configuration. It's layout is identical to a ${jetty.base} directory.

So lay this out ...

Lets call this common configuration location ${common.base.dir} (lets say its path is /opt/jetty-common/)

Your /opt/jetty-common/ directory would have ...

/opt/jetty-common/
   /etc/
      keystore.pk12
   /start.d/
      configure-keystore.ini

The keystore.pk12`` is obvious, but see what configure-keystore.ini` has in it.

$ cat start.d/configure-keystore.ini
jetty.common.dir=/opt/jetty-common/
jetty.sslContext.keyStoreAbsolutePath=${jetty.common.dir}/etc/keystore.p12
jetty.sslContext.keyStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
jetty.sslContext.keyStoreType=pkcs12

Next, to use this common configuration, you'll need to setup in your ${jetty.base} instance specific configuration a reference to this common directory.

$ ls -la
total 20
drwxr-xr-x  5 joakim joakim 4096 Apr  6 16:35 ./
drwxr-xr-x 67 joakim joakim 4096 Apr  6 16:33 ../
drwxr-xr-x  2 joakim joakim 4096 Sep 30  2020 etc/
drwxrwxr-x  2 joakim joakim 4096 Apr  6 16:38 start.d/
drwxr-xr-x  2 joakim joakim 4096 Sep 30  2020 webapps/

$ ls -la start.d/
total 28
drwxrwxr-x 2 joakim joakim 4096 Apr  6 16:44 ./
drwxr-xr-x 5 joakim joakim 4096 Apr  6 16:35 ../
-rw-rw-r-- 1 joakim joakim   81 Apr  6 16:38 common-config.ini
-rw-rw-r-- 1 joakim joakim  634 Apr  6 16:35 deploy.ini
-rw-rw-r-- 1 joakim joakim  175 Apr  6 16:35 https.ini
-rw-rw-r-- 1 joakim joakim 4233 Apr  6 16:35 ssl.ini

$ cat start.d/common-config.ini 
--include-jetty-dir=/opt/jetty-common

You can see how this works with the start.jar --list-config output.

$ cd /opt/jetty-bases/base-one/
$ java -jar /opt/jetty-home/start.jar --list-config

Java Environment:
-----------------
 java.home = /home/joakim/java/jvm/jdk-11.0.14.1+1 (null)
 java.vm.vendor = Eclipse Adoptium (null)
 java.vm.version = 11.0.14.1+1 (null)
 java.vm.name = OpenJDK 64-Bit Server VM (null)
 java.vm.info = mixed mode (null)
 java.runtime.name = OpenJDK Runtime Environment (null)
 java.runtime.version = 11.0.14.1+1 (null)
 java.io.tmpdir = /tmp (null)
 user.dir = /opt/jetty-bases/base-one (null)
 user.language = en (null)
 user.country = US (null)

Jetty Environment:
-----------------
 jetty.version = 9.4.46.v20220331
 jetty.tag.version = jetty-9.4.46.v20220331
 jetty.build = bc17a0369a11ecf40bb92c839b9ef0a8ac50ea18
 jetty.home = /opt/jetty-home
 jetty.base = /opt/jetty-bases/base-one

Config Search Order:
--------------------
 <command-line>
 ${jetty.base} -> /opt/jetty-bases/base-one
 /opt/jetty-common -> /opt/jetty-common
 ${jetty.home} -> /opt/jetty-home


JVM Arguments:
--------------
 (no jvm args specified)

System Properties:
------------------
 (no system properties specified)

Properties:
-----------
 jetty.base = /opt/jetty-bases/base-one
 jetty.base.uri = file:///opt/jetty-bases/base-one
 jetty.common.dir = /opt/jetty-common
 jetty.home = /opt/jetty-home
 jetty.home.uri = file:///opt/jetty-home
 jetty.sslContext.keyStoreAbsolutePath = ${jetty.common.dir}/etc/keystore.p12
 jetty.sslContext.keyStorePassword = OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
 jetty.sslContext.keyStoreType = pkcs12
 runtime.feature.alpn = true

Jetty Server Classpath:
-----------------------
Version Information on 11 entries in the classpath.
Note: order presented here is how they would appear on the classpath.
      changes to the --module=name command line options will be reflected here.
 0:                    3.1.0 | ${jetty.home}/lib/servlet-api-3.1.jar
 1:                 3.1.0.M0 | ${jetty.home}/lib/jetty-schemas-3.1.jar
 2:         9.4.46.v20220331 | ${jetty.home}/lib/jetty-http-9.4.46.v20220331.jar
 3:         9.4.46.v20220331 | ${jetty.home}/lib/jetty-server-9.4.46.v20220331.jar
 4:         9.4.46.v20220331 | ${jetty.home}/lib/jetty-xml-9.4.46.v20220331.jar
 5:         9.4.46.v20220331 | ${jetty.home}/lib/jetty-util-9.4.46.v20220331.jar
 6:         9.4.46.v20220331 | ${jetty.home}/lib/jetty-io-9.4.46.v20220331.jar
 7:         9.4.46.v20220331 | ${jetty.home}/lib/jetty-security-9.4.46.v20220331.jar
 8:         9.4.46.v20220331 | ${jetty.home}/lib/jetty-servlet-9.4.46.v20220331.jar
 9:         9.4.46.v20220331 | ${jetty.home}/lib/jetty-webapp-9.4.46.v20220331.jar
10:         9.4.46.v20220331 | ${jetty.home}/lib/jetty-deploy-9.4.46.v20220331.jar

Jetty Active XMLs:
------------------
 ${jetty.home}/etc/jetty-bytebufferpool.xml
 ${jetty.home}/etc/jetty-threadpool.xml
 ${jetty.home}/etc/jetty.xml
 ${jetty.home}/etc/jetty-webapp.xml
 ${jetty.home}/etc/jetty-deploy.xml
 ${jetty.home}/etc/jetty-ssl.xml
 ${jetty.home}/etc/jetty-ssl-context.xml
 ${jetty.home}/etc/jetty-https.xml

You can see in this output that the search order has this extra directory, and your properties are set according to the common location values.

Where is the best location for the keystore in Jetty 10

There are 1 best solutions below

Related Questions in SSL-CERTIFICATE

Related Questions in JETTY

Related Questions in KEYSTORE

Related Questions in JETTY-10

Trending Questions

Popular # Hahtags

Popular Questions