Jetty 10

Installera Java 17


dnf install java-17-openjdk-headless.x86_64

Installera Jetty 10

Ladda ned latest Jetty 10 (behöver inte vara 10.0.18)


cd /opt
wget https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-home/10.0.18/jetty-home-10.0.18.tar.gz
tar zxvf jetty-home-10.0.18.tar.gz
useradd jetty
chown -R jetty.jetty jetty-home-10.0.18
ln -s jetty-home-10.0.18 jetty

Konfigurera Jetty base

Kör enligt: https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/2936012848/Jetty10

Lägg till error.xml i webapps:


<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd">
<!-- =============================================================== -->
<!-- Configure the error webapp -->
<!-- =============================================================== -->
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
<Set name="war">/opt/jetty/jetty-base/error.war</Set>
<Set name="contextPath">/error</Set>
<Set name="extractWAR">false</Set>
<Set name="copyWebDir">false</Set>
<Set name="copyWebInf">true</Set>
</Configure>

Se till att error.war finns i rätt mapp

Ta fram lämpligt tls-config.xml och lägg till "source" för filen i start.ini, t.ex.

<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_10_0.dtd">

<Configure>
  <Ref refid="sslContextFactory">
    <Call name="addExcludeProtocols">
      <Arg>
        <Array type="String">
          <Item>TLSv1.0</Item>
          <Item>TLSv1.1</Item>
        </Array>
      </Arg>
    </Call>
    <Set name="ExcludeCipherSuites">
      <Array type="String">
        <Item>^TLS_RSA_.*$</Item>
        <Item>^.*_RSA_.*_(MD5|SHA|SHA1)$</Item>
        <Item>^.*_DHE_RSA_.*$</Item>
        <Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
        <Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
        <Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
        <Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
        <Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
        <Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
        <Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
      </Array>
    </Set>
  </Ref>
</Configure>


Skapa eller kopiera https.p12 (idp-userfacing.p12) från gamla till nya och lägga den i den nya credentials mappen under jetty-base

Systemd. Kopiera /opt/jetty/bin/jetty.service till /etc/systemd/system, redigera filen och ändra PIDFile=/opt/jetty/jetty-base/jetty.pid 

Skapa en /etc/defaults/jetty fil:


export JAVA_HOME=/etc/alternatives/jre_17
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
export JAVA_OPTIONS="-Didp.home=/opt/shibboleth-idp"
export JETTY_HOME=/opt/jetty
export JETTY_BASE=/opt/jetty/jetty-base
export JETTY_USER=jetty
export JETTY_START_LOG=/opt/jetty/jetty-base/logs/start.log
export JETTY_RUN=/opt/jetty/jetty-base

Prova starta, lös problem, repeat.



Contact us

Please contact service manager Pål Axelsson, pax@sunet.se

  • No labels