Scribd
Upload
24 views

Context of The Web Application On Jetty

This document provides instructions for configuring a Java application server like Jetty to run behind Nginx. It describes how to configure the Jetty context file to set the resource base and domain, how to configure Nginx proxy settings and server blocks to proxy requests to Jetty on port 8080, and how to restrict Jetty to only accept requests from localhost for security.

Uploaded by

Kamal Lakis
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
24 views

Context of The Web Application On Jetty

This document provides instructions for configuring a Java application server like Jetty to run behind Nginx. It describes how to configure the Jetty context file to set the resource base and domain, how to configure Nginx proxy settings and server blocks to proxy requests to Jetty on port 8080, and how to restrict Jetty to only accept requests from localhost for security.

Uploaded by

Kamal Lakis
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

https://www.nginx.

com/resources/wiki/start/topics/examples/javaservers/

Context of the web application on Jetty


Configure the context of your web application by
editing jetty/contexts/YOUR_WEB_APPLICATION_FOLDER.xml
Be careful to set the resourceBase (YOUR_WEB_APPLICATION_FOLDER) and virtualHosts
(YOUR_DOMAIN) correctly.

<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN"
"http://jetty.mortbay.org/configure.dtd">
<Configure class="org.mortbay.jetty.webapp.WebAppContext">
<Set name="configurationClasses">
<Array type="java.lang.String">
<Item>org.mortbay.jetty.webapp.WebInfConfiguration</Item>
<Item>org.mortbay.jetty.plus.webapp.EnvConfiguration</Item>
<Item>org.mortbay.jetty.plus.webapp.Configuration</Item>
<Item>org.mortbay.jetty.webapp.JettyWebXmlConfiguration</Item>
<Item>org.mortbay.jetty.webapp.TagLibConfiguration</Item>
</Array>
</Set>
<Set name="contextPath">/</Set>
<Set name="resourceBase"><SystemProperty name="jetty.home"
default="."/>/webapps/YOUR_WEB_APPLICATION_FOLDER</Set>
<Set name="virtualHosts">
<Array type="java.lang.String">
<Item>YOUR_DOMAIN</Item>
</Array>
</Set>
<New id="YOUR_DB_NAME" class="org.mortbay.jetty.plus.naming.Resource">
<Arg>jdbc/YOUR_DB_NAME</Arg>
<Arg>
<New class="org.postgresql.ds.PGConnectionPoolDataSource">
<Set name="User">postgres</Set>
<Set name="Password">*****</Set>
<Set name="DatabaseName">YOUR_DB_NAME</Set>
<Set name="ServerName">localhost</Set>
<Set name="PortNumber">5432</Set>
</New>
</Arg>
</New>
</Configure>

Configure the path to the Java web application


root /PATH/TO/YOUR/WEB/APPLICATION;

Configure the address of the Java server


proxy_pass http://localhost:8080;

Configure the extensions and the servlet path to be


processed by the Java server
location ~ \.do$ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
location ~ \.jsp$ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
location ^~/servlets/* {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}

Server section configuration


server {
listen 80;
server_name YOUR_DOMAIN;
root /PATH/TO/YOUR/WEB/APPLICATION;
location / {
index index.jsp;
}
location ~ \.do$ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
location ~ \.jsp$ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
location ^~/servlets/* {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
}

On the same server, protect the Java server from external


access
If you are running NGINX on the same server of the Java, the best practice is to deny access to
port 8080 so only NGINX can access it. On Linux do

/sbin/iptables -A INPUT -p tcp -i eth0 --dport 8080 -j REJECT --reject-with tcp-reset


If you have only 1 web application with Jetty, you can bind your host to localhost so that Jetty
would run only from localhost.

So you don’t need to configure iptables to protect external access.


On conf/jetty.xml
<Set name="host"><SystemProperty name="jetty.host" default="localhost"/></Set>

Or on embedded Jetty server code:

Server server = new Server();


SelectChannelConnector connector = new SelectChannelConnector();
connector.setHost("localhost"); // bind jetty to run only from localhost
connector.setPort(8080);
server.addConnector(connector);
server.start();
server.join();

You might also like