diff --git a/documentation/jetty-documentation/pom.xml b/documentation/jetty-documentation/pom.xml index cc2bbe65f01a..297b7afcf46d 100644 --- a/documentation/jetty-documentation/pom.xml +++ b/documentation/jetty-documentation/pom.xml @@ -46,13 +46,13 @@ ${project.basedir} ${settings.localRepository} + ../programming-guide/index.html http://www.eclipse.org/jetty/javadoc/${project.version} http://download.eclipse.org/jetty/stable-9/xref ${basedir}/.. https://github.com/eclipse/jetty.project/tree/master https://github.com/eclipse/jetty.project/tree/jetty-10.0.x-doc-refactor/jetty-documentation/src/main/asciidoc ../operations-guide/index.html - ../programming-guide/index.html ../gettingstarted-guide/index.html ../contribution-guide/index.html https://repo1.maven.org/maven2 diff --git a/documentation/jetty-documentation/src/main/asciidoc/config.adoc b/documentation/jetty-documentation/src/main/asciidoc/config.adoc index 5528584fd01c..430aa7f786da 100644 --- a/documentation/jetty-documentation/src/main/asciidoc/config.adoc +++ b/documentation/jetty-documentation/src/main/asciidoc/config.adoc @@ -23,6 +23,8 @@ :sectlinks: :sectanchors: +:source-highlighter: coderay + // Use fonts for admonitions. :icons: font diff --git a/documentation/jetty-documentation/src/main/asciidoc/old_docs/startup/chapter.adoc b/documentation/jetty-documentation/src/main/asciidoc/old_docs/startup/chapter.adoc index abb572a38943..16d6ec790744 100644 --- a/documentation/jetty-documentation/src/main/asciidoc/old_docs/startup/chapter.adoc +++ b/documentation/jetty-documentation/src/main/asciidoc/old_docs/startup/chapter.adoc @@ -14,6 +14,5 @@ [[startup]] == Starting Jetty -include::custom-modules.adoc[] include::startup-unix-service.adoc[] include::startup-windows-service.adoc[] diff --git a/documentation/jetty-documentation/src/main/asciidoc/old_docs/startup/custom-modules.adoc b/documentation/jetty-documentation/src/main/asciidoc/old_docs/startup/custom-modules.adoc deleted file mode 100644 index 4403e82d75cc..000000000000 --- a/documentation/jetty-documentation/src/main/asciidoc/old_docs/startup/custom-modules.adoc +++ /dev/null @@ -1,242 +0,0 @@ -// -// ======================================================================== -// Copyright (c) 1995-2021 Mort Bay Consulting Pty Ltd and others. -// -// This program and the accompanying materials are made available under the -// terms of the Eclipse Public License v. 2.0 which is available at -// https://www.eclipse.org/legal/epl-2.0, or the Apache License, Version 2.0 -// which is available at https://www.apache.org/licenses/LICENSE-2.0. -// -// SPDX-License-Identifier: EPL-2.0 OR Apache-2.0 -// ======================================================================== -// - -[[custom-modules]] -=== Custom Modules - -In addition to the modules that come packaged with the Jetty distribution, users are able to create and define their own custom modules for use with their Jetty implementation. -Custom modules can be used for a number of reasons - they can extend features in Jetty, add new features, manage additional libraries available to the server...etc. - -At the heart of a Jetty module is the `{name}.mod` file itself. -A jetty `.mod` file defines the following: - -[NOTE] --- -It is important to note that when creating your own module, none of these sections are required - simply use those which are applicable to your implementation. --- - -Module Description - `[description]`:: -The description of the module. -This will be showing when viewing the `.mod` file itself or using the `--list-modules` command. -List of Dependent Modules - `[depend]`:: -All modules can declare that they depend on other modules with the `[depend]` section. -The list of dependencies is used to transitively resolve other modules that are deemed to be required based on the modules that you activate. -The order of modules defined in the graph of active modules is used to determine various execution order for configuration, such as Jetty IoC XML configurations, and to resolve conflicting property declarations. -Optional Modules - `[optional]`;; -Of note: there is a special section `[optional]` used to describe structurally dependent modules that are not technically required, but might be of use to your specific configuration. -List of Libraries - `[lib]`:: -Modules can optionally declare that they have libraries that they need to function properly. -The `[lib]` section declares a set of pathnames that follow the link:#base-vs-home-resolution[Jetty Base and Jetty Home path resolution rules]. -List of Jetty IoC XML Configurations - `[xml]`:: -A Module can optionally declare a list of Jetty IoC XML configurations used to wire up the functionality that this module defines. -The `[xml]` section declares a set of pathnames that follow the link:#base-vs-home-resolution[Jetty Base and Jetty Home path resolution rules]. -Ideally, all XML files are parameterized to accept properties to configure the various elements of the standard configuration. -Allowing for a simplified configuration of Jetty for the vast majority of deployments. -The execution order of the Jetty IoC XML configurations is determined by the graph of active module dependencies resolved via the `[depend]` sections. -If the default XML is not sufficient to satisfy your needs, you can override this XML by making your own in the `${jetty.base}/etc/` directory, with the same name. -The resolution steps for Jetty Base and Jetty Home will ensure that your copy from `${jetty.base}` will be picked up over the default one in `${jetty.home}`. -List of Module Tags - `[tags]`:: -For ease of sorting, modules can be assigned tags. -When using the `--list-modules` command, modules will be groups by the first tag that exists in this section. -Modules can also be listed specifically by these tags using `--list-modules=` on the command line. -Ini Variables - `[ini]`:: -The `[ini]` section is used to add or change server parameters at startup. -The `[ini]` section can also include a the path of a file or several files which should be made available to the _server_ only. -This is helpful when you want to control what jars are available to deployed webapps. -Jetty INI Template - `[ini-template]`:: -Each module can optionally declare a startup ini template that is used to insert/append/inject sample configuration elements into the `start.ini` or `start.d/*.ini` files when using the `--add-to-start=` command line argument in `start.jar`. -Commonly used to present some of the parameterized property options from the Jetty IoC XML configuration files also referenced in the same module. -Required Files and Directories - `[files]`:: -If the activation of a module requires some paths to exist, the `[files]` section defines them. -There are 2 modes of operation of the entries in this section. -Ensure Directory Exists;; -If you add a pathname that ends in `"/"` (slash), such as `"webapps/"`, then that directory will be created if it does not yet exist in `${jetty.base}/` (eg: `"webapps/"` will result in `${jetty.base}/webapps/` being created). -Download File;; -There is a special syntax to allow you to download a file into a specific location if it doesn't exist yet: `:`. -Currently, the `` must be a `http://` scheme URL. -The `` portion follows the link:#base-vs-home-resolution[Jetty Base and Jetty Home path resolution rules]. -Example: `http://repo.corp.com/maven/corp-security-policy-1.0.jar:lib/corp-security-policy.jar` -This will check for the existence of `lib/corp-security-policy.jar`, and if it doesn't exist, it will download the jar file from `http://repo.corp.com/maven/corp-security-policy-1.0.jar` -Licenses - `[license]`:: -If you are implementing a software/technology that has a license, it's text can be placed here. -When a user attempts to activate the module they will be asked if they accept the license agreement. -If a user does not accept the license agreement, the module will not be activated. -Additional Startup Commands - `[exec]`:: -The `[exec]` section is used to define additional parameters specific to the module. -These commands are added to the server startup. -JPMS Module-Path Definitions - `[jpms]`:: -The `[jpms]` section is used to add link:#startup-jpms[JPMS modules] to the module-path for startup when using the `--jpms` command. - -[[custom-module-properties]] -==== Module Properties - -Properties are used to parameterize: - -* XML files using the `` element -* Module files using the `${pname}` syntax - -Properties and System Properties may be set on the command line, in a ini file or in a `[ini]` section of a module using the following syntax. - -`name=value`;; -Set a property that can be expanded in XML files with the element. - -`name+=value`;; -Append value to an existing property value. - -`name+=,value`;; -Append value to an existing property value, using a comma separator if needed. - -`name?=value`;; -Set a property only if it is not already set. - -If any of the previous formats is preceded by `-D`, then a system property is set as well as a start property. - -[[custom-module-location]] -==== Location of Modules -Jetty comes with dozens of modules as part of the distribution package. -By default these are located in the `${JETTY_HOME}/modules` directory. -These modules should not be modified. -In the unlikely circumstance you need to make changes to a stock module, copy it to your `${JETTY_BASE}` in a `modules` directory. - -Custom modules should also be maintained separately as part of the `${JETTY_BASE}/modules` directory, though you can optionally place them in `${JETTY_HOME}/modules` for convenience if you have several `{$JETTY_BASE}` locations in your implementation. - -[[custom-module-examples]] -==== Creating Custom Modules -As shown above, there are several options that can be utilized when creating custom module files. -This may seem daunting, but the good news is that creating custom modules is actually quite easy. - -For example, here is a look at the `http.mod` file which defines parameters for enabling HTTP features for the server: - -[source, screen] ----- -include::{SRCDIR}/jetty-server/src/main/config/modules/http.mod[] ----- - -You'll notice that the `http.mod` file only includes a handful of the possible sections available - `[description]`, `[tags]`, `[depend]`, `[xml]`, and `[ini-template]`. -When configuring your own modules, you are free to pick and choose what you include. - -As an example, below is a module file that defines a custom XML and lib, and activates a number of additional modules. -A module like this could be used to enable a set of standard modules and resources for a new JETTY_BASE without having to define them all manually. - -[source, screen] ----- -[description] -Enables the standard set of modules and resources for ACME Corp servers. - -[tags] -core - -[depend] -server -client -http -http2 -jsp -console-capture -requestlog -stats -gzip -deploy -jmx - -[files] -basehome:modules/acme/acme.xml|etc/acme.xml - -[lib] -lib/acme/ACMECustom.jar ----- - -Activating this module will activate all the dependent modules, create any required directories and copy in any required files: - -[source,screen] ----- -[my-base]$ java -jar /path/to/jetty-home/start.jar --add-to-start=acme - -ALERT: There are enabled module(s) with licenses. -The following 1 module(s): - + contains software not provided by the Eclipse Foundation! - + contains software not covered by the Eclipse Public License! - + has not been audited for compliance with its license - - Module: alpn-impl/alpn-8 - + ALPN is a hosted at github under the GPL v2 with ClassPath Exception. - + ALPN replaces/modifies OpenJDK classes in the sun.security.ssl package. - + http://github.com/jetty-project/jetty-alpn - + http://openjdk.java.net/legal/gplv2+ce.html - -Proceed (y/N)? y -INFO : webapp transitively enabled, ini template available with --add-to-start=webapp -INFO : server transitively enabled, ini template available with --add-to-start=server -INFO : requestlog transitively enabled, ini template available with --add-to-start=requestlog -INFO : alpn transitively enabled, ini template available with --add-to-start=alpn -INFO : jsp transitively enabled -INFO : servlet transitively enabled -INFO : alpn-impl/alpn-8 dynamic dependency of alpn -INFO : annotations transitively enabled -INFO : gzip transitively enabled, ini template available with --add-to-start=gzip -INFO : ssl transitively enabled, ini template available with --add-to-start=ssl -INFO : plus transitively enabled -INFO : deploy transitively enabled, ini template available with --add-to-start=deploy -INFO : alpn-impl/alpn-1.8.0_92 dynamic dependency of alpn-impl/alpn-8 -INFO : security transitively enabled -INFO : jmx transitively enabled -INFO : apache-jsp transitively enabled -INFO : stats transitively enabled, ini template available with --add-to-start=stats -INFO : acme initialized in ${jetty.base}/start.d/acme.ini -INFO : jndi transitively enabled -INFO : console-capture transitively enabled, ini template available with --add-to-start=console-capture -INFO : client transitively enabled -INFO : http transitively enabled, ini template available with --add-to-start=http -INFO : http2 transitively enabled, ini template available with --add-to-start=http2 -MKDIR : ${jetty.base}/logs -MKDIR : ${jetty.base}/lib -MKDIR : ${jetty.base}/lib/alpn -MKDIR : ${jetty.base}/etc -COPY : ${jetty.home}/modules/ssl/keystore to ${jetty.base}/etc/keystore -MKDIR : ${jetty.base}/webapps -DOWNLD: https://repo1.maven.org/maven2/org/mortbay/jetty/alpn/alpn-boot/8.1.8.v20160420/alpn-boot-8.1.8.v20160420.jar to ${jetty.base}/lib/alpn/alpn-boot-8.1.8.v20160420.jar -COPY : ${jetty.home}/modules/acme/acme.xml to ${jetty.base}/etc/acme.xml -INFO : Base directory was modified ----- - -==== Dependencies -When dependent modules are enabled, they are done so *transitively* by default. -This means that any `ini` files for dependent modules are not created in the `${JETTY_BASE}/start.d` directory (or added to `${JETTY_BASE}/start.ini`) and are as such not configurable. - -For Jetty to create/add the `ini-template` parameters to `start.d` or `start.ini` the associated module must be enabled explicitly. - -For example, if I activate the `http` module, it will be enabled, and the `server` module will be enabled transitively: - -[source,screen] ----- -[my-base]$ java -jar /path/to/jetty-home/start.jar --add-to-start=http -INFO : server transitively enabled, ini template available with --add-to-start=server -INFO : http initialized in ${jetty.base}/start.d/http.ini -INFO : Base directory was modified ----- - -You'll notice that Jetty informs you of what modules were enabled, and where there associated ini files are located (when applicable). -It also tells the user what command they would need to run to enable any missing or desired ini files for the selected modules, in this case `--add-to-start=server`. - -[source,screen] ----- -[my-base]$ java -jar /path/to/jetty-home/start.jar --add-to-start=server -INFO : server initialized in ${jetty.base}/start.d/server.ini -INFO : Base directory was modified ----- - -____ -[NOTE] -It is important to keep in mind that when activating a dependency, Jetty does not just go one layer down. -If a dependent module also has dependencies they too will be enabled. -____ diff --git a/documentation/jetty-documentation/src/main/asciidoc/operations-guide/architecture/architecture.adoc b/documentation/jetty-documentation/src/main/asciidoc/operations-guide/architecture/architecture.adoc index 9a5e2ada087e..422e736fba53 100644 --- a/documentation/jetty-documentation/src/main/asciidoc/operations-guide/architecture/architecture.adoc +++ b/documentation/jetty-documentation/src/main/asciidoc/operations-guide/architecture/architecture.adoc @@ -14,6 +14,41 @@ [[og-arch]] === Architecture Overview +[[og-arch-concepts]] +==== Main Concepts + +Jetty is an HTTP server and Servlet Container, and supports deployments of web applications. + +The Jetty _server_ listens on one or more network ports using one or more __connector__s. + +Clients send HTTP requests for specific URIs, such as `+https://host/store/cart+`. + +The HTTP requests arrive to the connectors through the network; the Jetty server processes the requests and, based on their URIs, forwards them to the appropriate web application. + +[plantuml] +---- +skinparam backgroundColor transparent +skinparam monochrome true +skinparam shadowing false +skinparam roundCorner 10 + +scale 1.25 + +cloud Internet as internet +rectangle "Jetty Server" as server +rectangle "HTTP/1.1 Connector" as http +rectangle "HTTP/2 Connector" as http2 +rectangle "WebApp "Store"" as store +rectangle "WebApp "Catalog"" as catalog + +internet -- http +internet -- http2 +http -- server +http2 -- server +server -- store +server -- catalog +---- + There are three main concepts on which the Jetty standalone server is based: * The xref:og-arch-modules[Jetty _module_ system], where Jetty modules provides Jetty features. diff --git a/documentation/jetty-documentation/src/main/asciidoc/operations-guide/deploy/chapter.adoc b/documentation/jetty-documentation/src/main/asciidoc/operations-guide/deploy/chapter.adoc index 65a0ae11699a..7d1ee7cb155e 100644 --- a/documentation/jetty-documentation/src/main/asciidoc/operations-guide/deploy/chapter.adoc +++ b/documentation/jetty-documentation/src/main/asciidoc/operations-guide/deploy/chapter.adoc @@ -12,7 +12,7 @@ // [[og-deploy]] -=== Customizing Web Application Deployment +=== Web Application Deployment Most of the times you want to be able to customize the deployment of your web applications, for example by changing the `contextPath`, or by adding JNDI entries, or by configuring virtual hosts, etc. diff --git a/documentation/jetty-documentation/src/main/asciidoc/operations-guide/index.adoc b/documentation/jetty-documentation/src/main/asciidoc/operations-guide/index.adoc index f7c00e3b62bc..b18d235724e1 100644 --- a/documentation/jetty-documentation/src/main/asciidoc/operations-guide/index.adoc +++ b/documentation/jetty-documentation/src/main/asciidoc/operations-guide/index.adoc @@ -29,7 +29,6 @@ include::modules/chapter.adoc[] include::deploy/chapter.adoc[] include::protocols/chapter.adoc[] include::keystore/chapter.adoc[] -include::xml/chapter.adoc[] include::sessions/chapter.adoc[] include::quickstart/chapter.adoc[] include::annotations/chapter.adoc[] @@ -39,3 +38,4 @@ include::jaas/chapter.adoc[] include::jmx/chapter.adoc[] include::logging/chapter.adoc[] include::troubleshooting/chapter.adoc[] +include::xml/chapter.adoc[] diff --git a/documentation/jetty-documentation/src/main/asciidoc/operations-guide/keystore/chapter.adoc b/documentation/jetty-documentation/src/main/asciidoc/operations-guide/keystore/chapter.adoc index 4d1b1a3657b5..ecbad068fd78 100644 --- a/documentation/jetty-documentation/src/main/asciidoc/operations-guide/keystore/chapter.adoc +++ b/documentation/jetty-documentation/src/main/asciidoc/operations-guide/keystore/chapter.adoc @@ -12,7 +12,7 @@ // [[og-keystore]] -=== Configuring KeyStores +=== Configuring SSL/TLS KeyStores A KeyStore is a file on the file system that contains a private key and a public certificate, along with the certificate chain of the certificate authorities that issued the certificate. The private key, the public certificate and the certificate chain, but more generally the items present in a KeyStore, are typically referred to as "cryptographic material". diff --git a/documentation/jetty-documentation/src/main/asciidoc/operations-guide/modules/modules-custom.adoc b/documentation/jetty-documentation/src/main/asciidoc/operations-guide/modules/modules-custom.adoc index 49b5325f0fce..d152d40426ae 100644 --- a/documentation/jetty-documentation/src/main/asciidoc/operations-guide/modules/modules-custom.adoc +++ b/documentation/jetty-documentation/src/main/asciidoc/operations-guide/modules/modules-custom.adoc @@ -14,4 +14,223 @@ [[og-modules-custom]] ==== Custom Jetty Modules -TODO +In addition to the modules that come packaged with Jetty, you can create your own custom modules. + +NOTE: Make sure you have read the xref:og-modules[Jetty modules section] if you are not familiar with the concepts used in this section. + +Custom modules can be used for a number of reasons -- they can extend Jetty features, or add new features, or make additional libraries available to the server, etc. + +[[og-modules-custom-modify]] +===== Modifying an Existing Module + +The standard Jetty modules typically come with a number of configurable properties that can be easily customized without the need of writing a custom module. + +However, there may be cases where the customization is more complex than a simple property, and a custom module is necessary. + +For example, let's assume that you want to modify the order of the TLS cipher suites offered by the server when a client connects, using the link:https://www.openssl.org/docs/man1.1.0/man1/ciphers.html[OpenSSL cipher list format]. + +The Jetty class that handles the TLS configuration is `SslContextFactory`, and it already has a method `setCipherComparator(Comparator)`; however, you need to pass your custom implementation, which cannot be represented with a simple module property. + +The `SslContextFactory` component is already allocated by the standard Jetty module `ssl`, so what you need to do is the following: + +* Write the custom cipher `Comparator` and package it into a `+*.jar+` file (exercise left to reader). +* Write a custom Jetty XML file that calls the `SslContextFactory.setCipherComparator(Comparator)` method. +* Write a custom Jetty module file that depends on the standard `ssl` module. + +Start with the custom Jetty XML file, `$JETTY_BASE/etc/custom-ssl.xml`: + +.custom-ssl.xml +[source,xml] +---- + + + + + + + + + ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!ADH + + + + + + +---- +<1> Reference the existing `SslContextFactory` object created by the standard `ssl` module using its `id`. +<2> Call the `setCipherComparator()` method. +<3> Instantiate your custom cipher comparator. +<4> Pass to the constructor the ordering string in OpenSSL format, reading it from the module property `com.acme.ssl.cipherList`. + +CAUTION: The cipher list used above may not be secure -- it's just an example. + +Then write your custom module in the `$JETTY_BASE/modules/custom-ssl.mod` file: + +.custom-ssl.mod +[source,subs=verbatim] +---- +[description] +Customizes the standard ssl module. + +[tags] <1> +acme + +[depends] <2> +ssl + +[lib] <3> +lib/custom-cipher-comparator.jar + +[xml] <4> +etc/custom-ssl.xml + +[ini-template] <5> +## The cipher list in OpenSSL format. +# com.acme.ssl.cipherList=ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!ADH + +---- +<1> A tag that characterizes this custom module (see xref:og-modules-directive-tags[here]). +<2> This custom module depends on the standard `ssl` module. +<3> The custom cipher comparator class is compiled and packaged into this `+*.jar+` file. +<4> The custom Jetty XML file from above. +<5> The text that will be copied in the `custom-ssl.ini` file when this custom module will be enabled. + +Now you can xref:og-start-configure-enable[enable] the custom module with the following command issued from the `$JETTY_BASE` directory: + +---- +$ java -jar $JETTY_HOME/start.jar --add-modules=https,custom-ssl +---- + +The command above will produce the following `$JETTY_BASE` directory structure: + +[source,subs=normal] +---- +$JETTY_BASE +├── etc +│ └── custom-ssl.xml +├── modules +│ └── custom-ssl.mod +├── resources +│ └── jetty-logging.properties +└── start.d + ├── https.ini + └── ##custom-ssl.ini## +---- + +In the custom XML file you have used a custom module property to parametrize your custom cipher comparator. +This custom module property was then referenced in the `[ini-template]` section of the custom module file, so that when the custom module is enabled, a correspondent `custom-ssl.ini` file is created. + +In this way, updating the cipher list won't require you to update the XML file, but just the `custom-ssl.ini` file. + +[[og-modules-custom-create]] +===== Creating a New Module + +In the cases where you need to enhance Jetty with a custom functionality, you can write a new Jetty module that provides it. + +For example, let's assume that you need to add a custom auditing component that integrates with the auditing tools used by your company. +This custom auditing component should measure the HTTP request processing times and record them (how they are recorded is irrelevant here -- could be in a local log file or sent via network to an external service). + +The Jetty libraries already provide a way to measure HTTP request processing times via xref:{prog_guide}#pg-server-http-channel-events[`HttpChannel` events]: you write a custom component that implements the `HttpChannel.Listener` interface and add it as a bean to the `ServerConnector` that receives the HTTP requests. + +The steps to create a Jetty module are similar to those necessary to xref:og-modules-custom-modify[modify an existing module]: + +* Write the auditing component and package it into a `+*.jar+` file. +* Write a custom Jetty XML file that wires the auditing component to the `ServerConnector`. +* Write a custom Jetty module file that puts everything together. + +Let's start with the auditing component, sketched below: + +[source,java] +---- +package com.acme.audit; + +public class AuditingHttpChannelListener implements HttpChannel.Listener { + // Auditing is implemented here. +} +---- + +Let's assume that this class is compiled and packaged into `acme-audit.jar`, and that it has a dependency on `acme-util.jar`. +Both `+*.jar+` files will be put in the `$JETTY_BASE/lib/` directory. + +Next, let's write the Jetty XML file that wires the auditing component to the `ServerConnector`, `$JETTY_BASE/etc/acme-audit.xml`: + +.acme-audit.xml +[source,xml,subs=verbatim,options=nowrap] +---- + + + + + + + + + + + + + + + + +---- +<1> Reference the existing clear-text HTTP `ServerConnector` object created by the standard `http` module. +<2> Call `addBean()` on the `ServerConnector` to wire the auditing component. +<3> Instantiate the auditing component. +<4> Configure the auditing component with a property. + +The last step is to create the custom Jetty module file for the auditing component, `$JETTY_BASE/modules/acme-audit.mod`: + +.acme-audit.mod +---- +[description] +Adds auditing to the clear-text HTTP connector + +[tags] <1> +acme +audit + +[depends] <2> +http + +[libs] <3> +lib/acme-audit.jar +lib/acme-util.jar + +[xml] <4> +etc/acme-audit.xml + +[ini-template] <5> +## An auditing property. +# com.acme.audit.some.property=42 +---- +<1> The tags that characterize this custom module (see xref:og-modules-directive-tags[here]). +<2> This custom module depends on the standard `http` module. +<3> The `+*.jar+` files that contains the custom auditing component, and its dependencies. +<4> The custom Jetty XML file from above. +<5> The text that will be copied in the `acme-audit.ini` file when this custom module will be enabled. + +Now you can xref:og-start-configure-enable[enable] the custom auditing module with the following command issued from the `$JETTY_BASE` directory: + +---- +$ java -jar $JETTY_HOME/start.jar --add-modules=http,acme-audit +---- + +The command above will produce the following `$JETTY_BASE` directory structure: + +[source,subs=normal] +---- +$JETTY_BASE +├── etc +│ └── acme-audit.xml +├── modules +│ └── acme-audit.mod +├── resources +│ └── jetty-logging.properties +└── start.d + ├── http.ini + └── ##acme-audit.ini## +---- + +Enabling the custom auditing component will create the `$JETTY_BASE/start.d/acme-audit.ini` module configuration file that you can edit to configure auditing properties. diff --git a/documentation/jetty-documentation/src/main/asciidoc/operations-guide/modules/modules.adoc b/documentation/jetty-documentation/src/main/asciidoc/operations-guide/modules/modules.adoc index cc5034e0d6ff..64f515622bf8 100644 --- a/documentation/jetty-documentation/src/main/asciidoc/operations-guide/modules/modules.adoc +++ b/documentation/jetty-documentation/src/main/asciidoc/operations-guide/modules/modules.adoc @@ -131,6 +131,7 @@ This is useful to append a value to properties that accept a comma separated lis jetty.webapp.addServerClasses+=,com.acme ---- + +// TODO: check what happens if the property is empty and +=,value is done: is the comma stripped? If so add a sentence about this. ?=:: Sets the property value only if it is not already set. This is useful to define default values, for example for "version" properties, where the "version" property can be explicitly configured to a newer version, but if it is not explicitly configured it will have a default version (see also xref:og-start-configure-custom-module[here]). diff --git a/documentation/jetty-documentation/src/main/asciidoc/operations-guide/protocols/chapter.adoc b/documentation/jetty-documentation/src/main/asciidoc/operations-guide/protocols/chapter.adoc index 887808fb647c..3a99f3153f83 100644 --- a/documentation/jetty-documentation/src/main/asciidoc/operations-guide/protocols/chapter.adoc +++ b/documentation/jetty-documentation/src/main/asciidoc/operations-guide/protocols/chapter.adoc @@ -12,7 +12,7 @@ // [[og-protocols]] -=== Configuring Eclipse Jetty Connectors and Protocols +=== Jetty Connectors and Protocols Connectors are the network components through which Jetty accepts incoming network connections. diff --git a/documentation/jetty-documentation/src/main/asciidoc/operations-guide/protocols/protocols-http.adoc b/documentation/jetty-documentation/src/main/asciidoc/operations-guide/protocols/protocols-http.adoc index 1c713e9d7709..7113bfc84c17 100644 --- a/documentation/jetty-documentation/src/main/asciidoc/operations-guide/protocols/protocols-http.adoc +++ b/documentation/jetty-documentation/src/main/asciidoc/operations-guide/protocols/protocols-http.adoc @@ -12,7 +12,7 @@ // [[og-protocols-http]] -==== Configuring Clear-Text HTTP/1.1 +==== Clear-Text HTTP/1.1 Clear text HTTP/1.1 is enabled with the `http` Jetty module with the following command (issued from within the `$JETTY_BASE` directory): diff --git a/documentation/jetty-documentation/src/main/asciidoc/operations-guide/protocols/protocols-http2c.adoc b/documentation/jetty-documentation/src/main/asciidoc/operations-guide/protocols/protocols-http2c.adoc index 9f30ee051c3b..72ee3404a869 100644 --- a/documentation/jetty-documentation/src/main/asciidoc/operations-guide/protocols/protocols-http2c.adoc +++ b/documentation/jetty-documentation/src/main/asciidoc/operations-guide/protocols/protocols-http2c.adoc @@ -12,7 +12,7 @@ // [[og-protocols-http2c]] -==== Configuring Clear-Text HTTP/2 +==== Clear-Text HTTP/2 When you enable clear-text HTTP/2 you typically want to enable also clear-text HTTP/1.1, for backwards compatibility reasons and to allow clients to link:https://tools.ietf.org/html/rfc7540#section-3.2[upgrade] from HTTP/1.1 to HTTP/2. diff --git a/documentation/jetty-documentation/src/main/asciidoc/operations-guide/protocols/protocols-http2s.adoc b/documentation/jetty-documentation/src/main/asciidoc/operations-guide/protocols/protocols-http2s.adoc index e3e728f838a1..e4fbc50ddab7 100644 --- a/documentation/jetty-documentation/src/main/asciidoc/operations-guide/protocols/protocols-http2s.adoc +++ b/documentation/jetty-documentation/src/main/asciidoc/operations-guide/protocols/protocols-http2s.adoc @@ -12,7 +12,7 @@ // [[og-protocols-http2s]] -==== Configuring Secure HTTP/2 +==== Secure HTTP/2 When you enable secure HTTP/2 you typically want to enable also secure HTTP/1.1, for backwards compatibility reasons: in this way, old browsers or other clients that do not support HTTP/2 will be able to connect to your server. diff --git a/documentation/jetty-documentation/src/main/asciidoc/operations-guide/protocols/protocols-https.adoc b/documentation/jetty-documentation/src/main/asciidoc/operations-guide/protocols/protocols-https.adoc index e4a08992be25..8f40efe695e6 100644 --- a/documentation/jetty-documentation/src/main/asciidoc/operations-guide/protocols/protocols-https.adoc +++ b/documentation/jetty-documentation/src/main/asciidoc/operations-guide/protocols/protocols-https.adoc @@ -12,7 +12,7 @@ // [[og-protocols-https]] -==== Configuring Secure HTTP/1.1 +==== Secure HTTP/1.1 Secure HTTP/1.1 is enabled with both the `ssl` and `https` Jetty modules with the following command (issued from within the `$JETTY_BASE` directory): diff --git a/documentation/jetty-documentation/src/main/asciidoc/operations-guide/protocols/protocols-proxy.adoc b/documentation/jetty-documentation/src/main/asciidoc/operations-guide/protocols/protocols-proxy.adoc index b8a34166fc97..9208d3ec4551 100644 --- a/documentation/jetty-documentation/src/main/asciidoc/operations-guide/protocols/protocols-proxy.adoc +++ b/documentation/jetty-documentation/src/main/asciidoc/operations-guide/protocols/protocols-proxy.adoc @@ -12,7 +12,7 @@ // [[og-protocols-proxy]] -==== Configuring Eclipse Jetty Behind a Load Balancer or Reverse Proxy +==== Jetty Behind a Load Balancer or Reverse Proxy You may need to configure one or more Jetty instances behind an _intermediary_, typically a load balancer such as link:https://haproxy.org[HAProxy], or a reverse proxy such as link:https://httpd.apache.org[Apache HTTP Server] or link:https://nginx.org[Nginx]. @@ -58,7 +58,7 @@ In both methods, web applications that call `HttpServletRequest.getRemoteAddr()` Likewise, `HttpServletRequest.getRemotePort()` will return the remote client IP port as specified by the client information sent by the intermediary, and `HttpServletRequest.isSecure()` will return whether the client made a secure request using the `https` scheme as specified by the client information sent by the intermediary. [[og-protocols-proxy-forwarded]] -===== Configuring Jetty for the Forwarded Header +===== Configuring the Forwarded Header The `Forwarded` HTTP header is added by the intermediary with information about the client and the client request, for example: @@ -92,7 +92,7 @@ With the `http-forwarded` Jetty module enabled, Jetty interprets the `Forwarded` For further information about configuring the `http-forwarded` Jetty module, see xref:og-module-http-forwarded[this section]. [[og-protocols-proxy-protocol]] -===== Configuring Jetty for the Proxy Protocol +===== Configuring the Proxy Protocol The link:https://www.haproxy.org/download/2.2/doc/proxy-protocol.txt[Proxy Protocol] is the _de facto_ standard, introduced by link:https://haproxy.org[HAProxy], to communicate client information to backend servers via the TCP connection, rather than via HTTP headers. @@ -174,7 +174,7 @@ include::jetty[setupArgs="--add-modules=https,test-keystore,proxy-protocol-ssl", Note how in the example above the list of protocols for the secure connector is first `proxy`, then `ssl` and then `http/1.1`. [[og-protocols-proxy-haproxy]] -===== Configuring HAProxy and Jetty for HTTP/1.1 and HTTP/2 +===== HAProxy and Jetty with HTTP/1.1 and HTTP/2 link:https://haproxy.org[HAProxy] is an open source solution that offers load balancing and proxying for TCP and HTTP based application, and can be used as a replacement for Apache or Nginx when these are used as reverse proxies. diff --git a/documentation/jetty-documentation/src/main/asciidoc/operations-guide/protocols/protocols-ssl.adoc b/documentation/jetty-documentation/src/main/asciidoc/operations-guide/protocols/protocols-ssl.adoc index 62a02bc1ea19..5410bf40d045 100644 --- a/documentation/jetty-documentation/src/main/asciidoc/operations-guide/protocols/protocols-ssl.adoc +++ b/documentation/jetty-documentation/src/main/asciidoc/operations-guide/protocols/protocols-ssl.adoc @@ -30,7 +30,7 @@ If you enable _both_ the `https` and the `http2` module, you will have a single TIP: Recall from the xref:og-modules[section about modules], that only modules that are explicitly enabled get their module configuration file (`+*.ini+`) saved in `$JETTY_BASE/start.d/`, and you want `$JETTY_BASE/start.d/ssl.ini` to be present so that you can configure the connector properties, the KeyStore properties and the TLS properties. [[og-protocols-ssl-customize]] -===== Customizing KeyStore and TLS Configuration +===== Customizing KeyStore and SSL/TLS Configuration Secure protocols have a slightly more complicated configuration since they require to configure a _KeyStore_. Refer to the xref:og-keystore[KeyStore section] for more information about how to create and manage a KeyStore. @@ -74,7 +74,7 @@ Refer to the link:{JDURL}/org/eclipse/jetty/util/ssl/SslContextFactory.html[SslC CAUTION: Use module properties whenever possible, and only resort to use a Jetty XML file for advanced configuration that you cannot do using module properties. [[og-protocols-ssl-customize-versions]] -====== Customizing TLS Protocol Versions +====== Customizing SSL/TLS Protocol Versions By default, the SSL protocols (SSL, SSLv2, SSLv3, etc.) are already excluded because they are vulnerable. To explicitly add the exclusion of TLSv1.0 and TLSv1.1 (that are also vulnerable -- which leaves only TLSv1.2 and TLSv1.3 available), you want to use this XML: @@ -100,7 +100,7 @@ To explicitly add the exclusion of TLSv1.0 and TLSv1.1 (that are also vulnerable ---- [[og-protocols-ssl-customize-ciphers]] -====== Customizing TLS Ciphers +====== Customizing SSL/TLS Ciphers You can precisely set the list of excluded ciphers, completely overriding Jetty's default, with this XML: @@ -160,7 +160,7 @@ $ java -jar $JETTY_HOME/start.jar --add-module=ssl-reload For more information about the configuration of the `ssl-reload` Jetty module, see xref:og-module-ssl-reload[this section]. [[og-protocols-ssl-conscrypt]] -===== Using Conscrypt as TLS Provider +===== Using Conscrypt as SSL/TLS Provider By default, the standard TLS provider that comes with the JDK is used. diff --git a/documentation/jetty-documentation/src/main/asciidoc/operations-guide/sessions/session-overview.adoc b/documentation/jetty-documentation/src/main/asciidoc/operations-guide/sessions/session-overview.adoc index 83790e6f595a..9fa99bc774e0 100644 --- a/documentation/jetty-documentation/src/main/asciidoc/operations-guide/sessions/session-overview.adoc +++ b/documentation/jetty-documentation/src/main/asciidoc/operations-guide/sessions/session-overview.adoc @@ -48,7 +48,7 @@ CachingSessionDataStore:: is an L2 cache of session data. A `SessionCache` can use a `CachingSessionDataStore` as its backing store. -More details on these concepts can be found in the link:{PROGGUIDE}/server/sessions/sessions[Programming Guide]. +More details on these concepts can be found in the xref:{prog_guide}#pg-server-session[Programming Guide]. [NOTE] ==== diff --git a/documentation/jetty-documentation/src/main/asciidoc/operations-guide/sessions/session-usecases.adoc b/documentation/jetty-documentation/src/main/asciidoc/operations-guide/sessions/session-usecases.adoc index 5f530438c7b5..9b62d18f5d16 100644 --- a/documentation/jetty-documentation/src/main/asciidoc/operations-guide/sessions/session-usecases.adoc +++ b/documentation/jetty-documentation/src/main/asciidoc/operations-guide/sessions/session-usecases.adoc @@ -22,7 +22,7 @@ If you wish to pare back support for sessions because you know your app doesn't * enable the xref:og-session-base[base sessions module] and xref:og-session-base[configure the scavenge interval] to 0 to prevent scavenging * enable the xref:og-session-cache-null[null session cache module] to prevent sessions being cached in memory -If you wish to do any further minimization, you should consult the link:{PROGGUIDE}[Programming Guide]. +If you wish to do any further minimization, you should consult the xref:{prog_guide}#pg-server-session[Programming Guide]. ===== Clustering with a Sticky Load Balancer diff --git a/documentation/jetty-documentation/src/main/asciidoc/operations-guide/start/chapter.adoc b/documentation/jetty-documentation/src/main/asciidoc/operations-guide/start/chapter.adoc index ae47c535dfcc..2f7498024d82 100644 --- a/documentation/jetty-documentation/src/main/asciidoc/operations-guide/start/chapter.adoc +++ b/documentation/jetty-documentation/src/main/asciidoc/operations-guide/start/chapter.adoc @@ -39,12 +39,18 @@ include::start-start.adoc[] include::start-jpms.adoc[] include::start-stop.adoc[] -==== Logging and Debugging +==== Start Mechanism Logging The steps performed by the Jetty start mechanism are logged by the `StartLog` class, that outputs directly, by default, to `System.err`. This is necessary to avoid that the Jetty start mechanism depend on logging libraries that may clash with those defined by Jetty logging modules, when Jetty is started in-VM. +[NOTE] +==== +This section is about the logging performed by the Jetty start mechanism _before_ it configures and starts Jetty. +See the xref:og-logging[logging section] for information about logging when Jetty starts. +==== + You can enable DEBUG level logging with the `--debug` command line option, for both the _tool_ and _start_ modes: ---- diff --git a/documentation/jetty-documentation/src/main/asciidoc/operations-guide/xml/chapter.adoc b/documentation/jetty-documentation/src/main/asciidoc/operations-guide/xml/chapter.adoc index 9ce77fe09169..25f6fb3c842a 100644 --- a/documentation/jetty-documentation/src/main/asciidoc/operations-guide/xml/chapter.adoc +++ b/documentation/jetty-documentation/src/main/asciidoc/operations-guide/xml/chapter.adoc @@ -14,6 +14,8 @@ [[og-xml]] === Jetty XML +// TODO: merge this small section into the syntax and maybe call it "Jetty XML Reference". + The Jetty XML format is a straightforward mapping of XML elements to Java APIs so that any object can be instantiated and getters, setters, and methods can be called. The Jetty XML format is very similar to that of frameworks like Spring or Plexus, although it predates all of them and it's typically more powerful as it can invoke any Java API. diff --git a/documentation/jetty-documentation/src/main/asciidoc/operations-guide/xml/xml-syntax.adoc b/documentation/jetty-documentation/src/main/asciidoc/operations-guide/xml/xml-syntax.adoc index 93147c1bfb23..3958559955ba 100644 --- a/documentation/jetty-documentation/src/main/asciidoc/operations-guide/xml/xml-syntax.adoc +++ b/documentation/jetty-documentation/src/main/asciidoc/operations-guide/xml/xml-syntax.adoc @@ -338,8 +338,7 @@ You must give a unique `id` attribute to the objects you want to reference. [[og-xml-syntax-property]] ===== `` -Element `` retrieves the value of the Jetty module property specified by the `name` attribute, and it is mostly used when creating xref:og-modules[custom Jetty modules] or when using xref:og-deploy-jetty[Jetty context XML files]. -// TODO: xref to the custom module section. +Element `` retrieves the value of the Jetty module property specified by the `name` attribute, and it is mostly used when creating xref:og-modules-custom[custom Jetty modules] or when using xref:og-deploy-jetty[Jetty context XML files]. The `deprecated` attribute allows you to specify a comma separated list of old, deprecated, property names for backward compatibility. diff --git a/documentation/jetty-documentation/src/main/asciidoc/styles.css b/documentation/jetty-documentation/src/main/asciidoc/styles.css index c23f06fecf74..0f4d3804df67 100644 --- a/documentation/jetty-documentation/src/main/asciidoc/styles.css +++ b/documentation/jetty-documentation/src/main/asciidoc/styles.css @@ -11,6 +11,10 @@ * ======================================================================== */ +#header, #content, #footnotes, #footer { + max-width: 80em; +} + .listingblock > .title { font-style: normal; }