cloud.tencent.com
is used as an example.jetty-distribution-9.4.28.v20200408
version is used as an example.443
on the Jetty server so that HTTPS can be enabled after the certificate is installed. For more information, see How Do I Enable Port 443 for a VM?.Name | Description |
Server IP address | IP address of the server, which is used to connect the PC to the server. |
Username | The username used to log in to the server. |
Password | The password used to log in to the server. |
.jks
certificate./usr/local/jetty
directory.cloud.tencent.com
certificate file package to the local directory.
After decompression, you can get the certificate file of the corresponding type, which includes the cloud.tencent.com_jks
folder.cloud.tencent.com_jks
cloud.tencent.com.jks
: keystore filekeystorePass.txt
: password file (if you have set a private key password, this file will not be generated)/usr/local/jetty/jetty-distribution-9.4.28.v20200408/etc
directory, run the mkdir cert
command to create the cert
folder.cloud.tencent.com.jks
from the local directory to the cert
folder./usr/local/jetty/jetty-distribution-9.4.28.v20200408/etc
directory, modify the configuration in the jetty-ssl-context.xml
file.keystorePass.txt
file in the cloud.tencent.com_jks
folder.keystorePass.txt
file in the cloud.tencent.com_jks
folder.<?xml version="1.0"?><!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd"><!-- ============================================================= --><!-- SSL ContextFactory configuration --><!-- ============================================================= --><!--To configure Includes / Excludes for Cipher Suites or Protocols see tweak-ssl.xml example athttps://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#configuring-sslcontextfactory-cipherSuites--><Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server"><Set name="Provider"><Property name="jetty.sslContext.provider"/></Set><Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.sslContext.keyStorePath" deprecated="jetty.keystore" default="etc/cert/cloud.tencent.com.jks"/></Set><Set name="KeyStorePassword"><Property name="jetty.sslContext.keyStorePassword" deprecated="jetty.keystore.password" default="4d5jtdq238j1l"/></Set><Set name="KeyStoreType"><Property name="jetty.sslContext.keyStoreType" default="JKS"/></Set><Set name="KeyStoreProvider"><Property name="jetty.sslContext.keyStoreProvider"/></Set><Set name="KeyManagerPassword"><Property name="jetty.sslContext.keyManagerPassword" deprecated="jetty.keymanager.password" default="4d5jtdq238j1l"/></Set><Set name="TrustStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.sslContext.trustStorePath" deprecated="jetty.truststore" default="etc/cert/cloud.tencent.com.jks"/></Set><Set name="TrustStorePassword"><Property name="jetty.sslContext.trustStorePassword" deprecated="jetty.truststore.password"/></Set><Set name="TrustStoreType"><Property name="jetty.sslContext.trustStoreType"/></Set><Set name="TrustStoreProvider"><Property name="jetty.sslContext.trustStoreProvider"/></Set><Set name="EndpointIdentificationAlgorithm"><Property name="jetty.sslContext.endpointIdentificationAlgorithm"/></Set><Set name="NeedClientAuth"><Property name="jetty.sslContext.needClientAuth" deprecated="jetty.ssl.needClientAuth" default="false"/></Set><Set name="WantClientAuth"><Property name="jetty.sslContext.wantClientAuth" deprecated="jetty.ssl.wantClientAuth" default="false"/></Set><Set name="useCipherSuitesOrder"><Property name="jetty.sslContext.useCipherSuitesOrder" default="true"/></Set><Set name="sslSessionCacheSize"><Property name="jetty.sslContext.sslSessionCacheSize" default="-1"/></Set><Set name="sslSessionTimeout"><Property name="jetty.sslContext.sslSessionTimeout" default="-1"/></Set><Set name="RenegotiationAllowed"><Property name="jetty.sslContext.renegotiationAllowed" default="true"/></Set><Set name="RenegotiationLimit"><Property name="jetty.sslContext.renegotiationLimit" default="5"/></Set><Set name="SniRequired"><Property name="jetty.sslContext.sniRequired" default="false"/></Set><!-- Example of how to configure a PKIX Certificate Path revocation Checker<Call id="pkixPreferCrls" class="java.security.cert.PKIXRevocationChecker$Option" name="valueOf"><Arg>PREFER_CRLS</Arg></Call><Call id="pkixSoftFail" class="java.security.cert.PKIXRevocationChecker$Option" name="valueOf"><Arg>SOFT_FAIL</Arg></Call><Call id="pkixNoFallback" class="java.security.cert.PKIXRevocationChecker$Option" name="valueOf"><Arg>NO_FALLBACK</Arg></Call><Call class="java.security.cert.CertPathBuilder" name="getInstance"><Arg>PKIX</Arg><Call id="pkixRevocationChecker" name="getRevocationChecker"><Call name="setOptions"><Arg><Call class="java.util.EnumSet" name="of"><Arg><Ref refid="pkixPreferCrls"/></Arg><Arg><Ref refid="pkixSoftFail"/></Arg><Arg><Ref refid="pkixNoFallback"/></Arg></Call></Arg></Call></Call></Call><Set name="PkixCertPathChecker"><Ref refid="pkixRevocationChecker"/></Set>--></Configure>
/usr/local/jetty/jetty-distribution-9.4.28.v20200408/etc
directory, change the port number to 443 in the jetty-ssl.xml
file.<Call name="addConnector"><Arg><New id="sslConnector" class="org.eclipse.jetty.server.ServerConnector"><Arg name="server"><Ref refid="Server" /></Arg><Arg name="acceptors" type="int"><Property name="jetty.ssl.acceptors" deprecated="ssl.acceptors" default="-1"/></Arg><Arg name="selectors" type="int"><Property name="jetty.ssl.selectors" deprecated="ssl.selectors" default="-1"/></Arg><Arg name="factories"><Array type="org.eclipse.jetty.server.ConnectionFactory"><!-- uncomment to support proxy protocol<Item><New class="org.eclipse.jetty.server.ProxyConnectionFactory"/></Item>--></Array></Arg><Set name="host"><Property name="jetty.ssl.host" deprecated="jetty.host" /></Set><Set name="port"><Property name="jetty.ssl.port" deprecated="ssl.port" default="443" /></Set><Set name="idleTimeout"><Property name="jetty.ssl.idleTimeout" deprecated="ssl.timeout" default="30000"/></Set><Set name="acceptorPriorityDelta"><Property name="jetty.ssl.acceptorPriorityDelta" deprecated="ssl.acceptorPriorityDelta" default="0"/></Set><Set name="acceptQueueSize"><Property name="jetty.ssl.acceptQueueSize" deprecated="ssl.acceptQueueSize" default="0"/></Set><Get name="SelectorManager"><Set name="connectTimeout"><Property name="jetty.ssl.connectTimeout" default="15000"/></Set></Get></New></Arg></Call>
/usr/local/jetty/jetty-distribution-9.4.28.v20200408
directory, add the following content to the start.ini
file:etc/jetty-ssl.xmletc/jetty-ssl-context.xmletc/jetty-https.xml
java -jar start.jar
command to start the Jetty server and then you can access it through https://cloud.tencent.com
.https://cloud.tencent.com
:
ROOT
file from the /usr/local/jetty/jetty-distribution-9.4.28.v20200408/demo-base/webapps
directory to the /usr/local/jetty/jetty-distribution-9.4.28.v20200408/webapps
directory, and then restart the Jetty server.
Was this page helpful?