我正在设置一个需要与sql server通信的jetty应用程序。我已经成功地生成了密钥库,但我不确定实际放置文件的最佳位置。默认值为$JETTY_BASE/etc。如果我这样做,我将需要为与该服务器通信的每个jetty应用程序维护一份证书副本,或者设置一个到公共文件的符号链接。
我正在为任何真正将jetty应用程序部署到生产中的人寻求建议。我是走在正确的轨道上,还是有更好的方法来维护一个通用密钥库?
研究使用--include-jetty-dir=<path>概念。
基本上,这就是您保持常见配置的地方。它的布局与${jetty.base}目录完全相同。
所以把这个摆出来。。。
让我们调用这个公共配置位置${common.base.dir}(假设它的路径是/opt/jetty-common/(
您的/opt/jetty-common/目录将具有。。。
/opt/jetty-common/
/etc/
keystore.pk12
/start.d/
configure-keystore.ini
keystore.pk12`` is obvious, but see what配置密钥库.ini中有。
$ cat start.d/configure-keystore.ini
jetty.common.dir=/opt/jetty-common/
jetty.sslContext.keyStoreAbsolutePath=${jetty.common.dir}/etc/keystore.p12
jetty.sslContext.keyStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
jetty.sslContext.keyStoreType=pkcs12
接下来,要使用此通用配置,您需要设置在${jetty.base}实例特定配置中到这个公用目录。
$ ls -la
total 20
drwxr-xr-x 5 joakim joakim 4096 Apr 6 16:35 ./
drwxr-xr-x 67 joakim joakim 4096 Apr 6 16:33 ../
drwxr-xr-x 2 joakim joakim 4096 Sep 30 2020 etc/
drwxrwxr-x 2 joakim joakim 4096 Apr 6 16:38 start.d/
drwxr-xr-x 2 joakim joakim 4096 Sep 30 2020 webapps/
$ ls -la start.d/
total 28
drwxrwxr-x 2 joakim joakim 4096 Apr 6 16:44 ./
drwxr-xr-x 5 joakim joakim 4096 Apr 6 16:35 ../
-rw-rw-r-- 1 joakim joakim 81 Apr 6 16:38 common-config.ini
-rw-rw-r-- 1 joakim joakim 634 Apr 6 16:35 deploy.ini
-rw-rw-r-- 1 joakim joakim 175 Apr 6 16:35 https.ini
-rw-rw-r-- 1 joakim joakim 4233 Apr 6 16:35 ssl.ini
$ cat start.d/common-config.ini
--include-jetty-dir=/opt/jetty-common
您可以看到这是如何与start.jar --list-config输出一起工作的。
$ cd /opt/jetty-bases/base-one/
$ java -jar /opt/jetty-home/start.jar --list-config
Java Environment:
-----------------
java.home = /home/joakim/java/jvm/jdk-11.0.14.1+1 (null)
java.vm.vendor = Eclipse Adoptium (null)
java.vm.version = 11.0.14.1+1 (null)
java.vm.name = OpenJDK 64-Bit Server VM (null)
java.vm.info = mixed mode (null)
java.runtime.name = OpenJDK Runtime Environment (null)
java.runtime.version = 11.0.14.1+1 (null)
java.io.tmpdir = /tmp (null)
user.dir = /opt/jetty-bases/base-one (null)
user.language = en (null)
user.country = US (null)
Jetty Environment:
-----------------
jetty.version = 9.4.46.v20220331
jetty.tag.version = jetty-9.4.46.v20220331
jetty.build = bc17a0369a11ecf40bb92c839b9ef0a8ac50ea18
jetty.home = /opt/jetty-home
jetty.base = /opt/jetty-bases/base-one
Config Search Order:
--------------------
<command-line>
${jetty.base} -> /opt/jetty-bases/base-one
/opt/jetty-common -> /opt/jetty-common
${jetty.home} -> /opt/jetty-home
JVM Arguments:
--------------
(no jvm args specified)
System Properties:
------------------
(no system properties specified)
Properties:
-----------
jetty.base = /opt/jetty-bases/base-one
jetty.base.uri = file:///opt/jetty-bases/base-one
jetty.common.dir = /opt/jetty-common
jetty.home = /opt/jetty-home
jetty.home.uri = file:///opt/jetty-home
jetty.sslContext.keyStoreAbsolutePath = ${jetty.common.dir}/etc/keystore.p12
jetty.sslContext.keyStorePassword = OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
jetty.sslContext.keyStoreType = pkcs12
runtime.feature.alpn = true
Jetty Server Classpath:
-----------------------
Version Information on 11 entries in the classpath.
Note: order presented here is how they would appear on the classpath.
changes to the --module=name command line options will be reflected here.
0: 3.1.0 | ${jetty.home}/lib/servlet-api-3.1.jar
1: 3.1.0.M0 | ${jetty.home}/lib/jetty-schemas-3.1.jar
2: 9.4.46.v20220331 | ${jetty.home}/lib/jetty-http-9.4.46.v20220331.jar
3: 9.4.46.v20220331 | ${jetty.home}/lib/jetty-server-9.4.46.v20220331.jar
4: 9.4.46.v20220331 | ${jetty.home}/lib/jetty-xml-9.4.46.v20220331.jar
5: 9.4.46.v20220331 | ${jetty.home}/lib/jetty-util-9.4.46.v20220331.jar
6: 9.4.46.v20220331 | ${jetty.home}/lib/jetty-io-9.4.46.v20220331.jar
7: 9.4.46.v20220331 | ${jetty.home}/lib/jetty-security-9.4.46.v20220331.jar
8: 9.4.46.v20220331 | ${jetty.home}/lib/jetty-servlet-9.4.46.v20220331.jar
9: 9.4.46.v20220331 | ${jetty.home}/lib/jetty-webapp-9.4.46.v20220331.jar
10: 9.4.46.v20220331 | ${jetty.home}/lib/jetty-deploy-9.4.46.v20220331.jar
Jetty Active XMLs:
------------------
${jetty.home}/etc/jetty-bytebufferpool.xml
${jetty.home}/etc/jetty-threadpool.xml
${jetty.home}/etc/jetty.xml
${jetty.home}/etc/jetty-webapp.xml
${jetty.home}/etc/jetty-deploy.xml
${jetty.home}/etc/jetty-ssl.xml
${jetty.home}/etc/jetty-ssl-context.xml
${jetty.home}/etc/jetty-https.xml
您可以在这个输出中看到,搜索顺序有这个额外的目录,并且您的属性是根据公共位置值设置的。