Scribd
Upload
64 views4 pages

Jetty Web Application Configuration Guide

This document provides instructions for configuring a Java application server like Jetty to run behind Nginx. It describes how to configure the Jetty context file to set the resource base and domain, how to configure Nginx proxy settings and server blocks to proxy requests to Jetty on port 8080, and how to restrict Jetty to only accept requests from localhost for security.

Uploaded by

Kamal Lakis
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
64 views4 pages

Jetty Web Application Configuration Guide

This document provides instructions for configuring a Java application server like Jetty to run behind Nginx. It describes how to configure the Jetty context file to set the resource base and domain, how to configure Nginx proxy settings and server blocks to proxy requests to Jetty on port 8080, and how to restrict Jetty to only accept requests from localhost for security.

Uploaded by

Kamal Lakis
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

[Link]

com/resources/wiki/start/topics/examples/javaservers/

Context of the web application on Jetty


Configure the context of your web application by
editing jetty/contexts/YOUR_WEB_APPLICATION_FOLDER.xml
Be careful to set the resourceBase (YOUR_WEB_APPLICATION_FOLDER) and virtualHosts
(YOUR_DOMAIN) correctly.

<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN"
"[Link]
<Configure class="[Link]">
<Set name="configurationClasses">
<Array type="[Link]">
<Item>[Link]</Item>
<Item>[Link]</Item>
<Item>[Link]</Item>
<Item>[Link]</Item>
<Item>[Link]</Item>
</Array>
</Set>
<Set name="contextPath">/</Set>
<Set name="resourceBase"><SystemProperty name="[Link]"
default="."/>/webapps/YOUR_WEB_APPLICATION_FOLDER</Set>
<Set name="virtualHosts">
<Array type="[Link]">
<Item>YOUR_DOMAIN</Item>
</Array>
</Set>
<New id="YOUR_DB_NAME" class="[Link]">
<Arg>jdbc/YOUR_DB_NAME</Arg>
<Arg>
<New class="[Link]">
<Set name="User">postgres</Set>
<Set name="Password">*****</Set>
<Set name="DatabaseName">YOUR_DB_NAME</Set>
<Set name="ServerName">localhost</Set>
<Set name="PortNumber">5432</Set>
</New>
</Arg>
</New>
</Configure>

Configure the path to the Java web application


root /PATH/TO/YOUR/WEB/APPLICATION;

Configure the address of the Java server


proxy_pass [Link]

Configure the extensions and the servlet path to be


processed by the Java server
location ~ \.do$ {
proxy_pass [Link]
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
location ~ \.jsp$ {
proxy_pass [Link]
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
location ^~/servlets/* {
proxy_pass [Link]
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}

Server section configuration


server {
listen 80;
server_name YOUR_DOMAIN;
root /PATH/TO/YOUR/WEB/APPLICATION;
location / {
index [Link];
}
location ~ \.do$ {
proxy_pass [Link]
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
location ~ \.jsp$ {
proxy_pass [Link]
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
location ^~/servlets/* {
proxy_pass [Link]
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
}

On the same server, protect the Java server from external


access
If you are running NGINX on the same server of the Java, the best practice is to deny access to
port 8080 so only NGINX can access it. On Linux do

/sbin/iptables -A INPUT -p tcp -i eth0 --dport 8080 -j REJECT --reject-with tcp-reset


If you have only 1 web application with Jetty, you can bind your host to localhost so that Jetty
would run only from localhost.

So you don’t need to configure iptables to protect external access.


On conf/[Link]
<Set name="host"><SystemProperty name="[Link]" default="localhost"/></Set>

Or on embedded Jetty server code:

Server server = new Server();


SelectChannelConnector connector = new SelectChannelConnector();
[Link]("localhost"); // bind jetty to run only from localhost
[Link](8080);
[Link](connector);
[Link]();
[Link]();

You might also like