Login/Register
Enable HTTP2 with maven-jetty-plugin
Asked Answered
jettymaven-jetty-pluginjetty-9http2
F

1

6

I've enabled HTTP/2 connector over SSL with jetty. When I try to connect with the browser I get an 'ERR_SSL_PROTOCOL_ERROR' error. If I switch to HTTP/1.1 connector everything works fine.

Here are my jetty configuration files:

<!-- ============================================================= -->
<!-- Configure the Jetty Server instance with an ID "Server"       -->
<!-- by adding a HTTP connector.                                   -->
<!-- This configuration must be used in conjunction with jetty.xml -->
<!-- ============================================================= -->
<Configure id="Server" class="org.eclipse.jetty.server.Server">

    <New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
        <Set name="secureScheme">https</Set>
        <Set name="securePort"><Property name="jetty.secure.port" default="8443" /></Set>
        <Set name="outputBufferSize">32768</Set>
        <Set name="requestHeaderSize">8192</Set>
        <Set name="responseHeaderSize">8192</Set>
        <Set name="sendServerVersion">true</Set>
        <Set name="sendDateHeader">false</Set>
        <Set name="headerCacheSize">512</Set>

        <!-- Uncomment to enable handling of X-Forwarded- style headers
        <Call name="addCustomizer">
          <Arg><New class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/></Arg>
        </Call>
        -->
    </New>

    <!-- =========================================================== -->
    <!-- Add a HTTP Connector.                                       -->
    <!-- Configure an o.e.j.server.ServerConnector with a single     -->
    <!-- HttpConnectionFactory instance using the common httpConfig  -->
    <!-- instance defined in jetty.xml                               -->
    <!--                                                             -->
    <!-- Consult the javadoc of o.e.j.server.ServerConnector and     -->
    <!-- o.e.j.server.HttpConnectionFactory for all configuration    -->
    <!-- that may be set here.                                       -->
    <!-- =========================================================== -->
    <Call name="addConnector">
        <Arg>
            <New id="httpConnector" class="org.eclipse.jetty.server.ServerConnector">
                <Arg name="server"><Ref refid="Server" /></Arg>
                <Arg name="acceptors" type="int"><Property name="http.acceptors" default="-1"/></Arg>
                <Arg name="selectors" type="int"><Property name="http.selectors" default="-1"/></Arg>
                <Arg name="factories">
                    <Array type="org.eclipse.jetty.server.ConnectionFactory">
                        <!-- uncomment to support proxy protocol
                    <Item>
                          <New class="org.eclipse.jetty.server.ProxyConnectionFactory"/>
                        </Item>-->
                        <Item>
                            <New class="org.eclipse.jetty.server.HttpConnectionFactory">
                                <Arg name="config"><Ref refid="httpConfig" /></Arg>
                            </New>
                        </Item>
                    </Array>
                </Arg>
                <Set name="host"><Property name="jetty.host" /></Set>
                <Set name="port"><Property name="jetty.port" default="8080" /></Set>
                <Set name="idleTimeout"><Property name="http.timeout" default="30000"/></Set>
                <Set name="soLingerTime"><Property name="http.soLingerTime" default="-1"/></Set>
                <Set name="acceptorPriorityDelta"><Property name="http.acceptorPriorityDelta" default="0"/></Set>
                <Set name="selectorPriorityDelta"><Property name="http.selectorPriorityDelta" default="0"/></Set>
                <Set name="acceptQueueSize"><Property name="http.acceptQueueSize" default="0"/></Set>
            </New>
        </Arg>
    </Call>

</Configure>

<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">

<!-- ============================================================= -->
<!-- Configure a HTTPS connector.                                  -->
<!-- This configuration must be used in conjunction with jetty.xml -->
<!-- and jetty-ssl.xml.                                            -->
<!-- ============================================================= -->
<Configure id="sslConnector" class="org.eclipse.jetty.server.ServerConnector">

    <!--Call name="addIfAbsentConnectionFactory">
        <Arg>
            <New class="org.eclipse.jetty.server.SslConnectionFactory">
                <Arg name="next">http/1.1</Arg>
                <Arg name="sslContextFactory"><Ref refid="sslContextFactory"/></Arg>
            </New>
        </Arg>
    </Call>

    <Call name="addConnectionFactory">
        <Arg>
            <New class="org.eclipse.jetty.server.HttpConnectionFactory">
                <Arg name="config"><Ref refid="sslHttpConfig" /></Arg>
            </New>
        </Arg>
    </Call-->

    <!-- ============================================================= -->
    <!-- Configure a HTTP2 on the ssl connector.                       -->
    <!-- ============================================================= -->
    <Call name="addConnectionFactory">
        <Arg>
            <New class="org.eclipse.jetty.http2.server.HTTP2ServerConnectionFactory">
                <Arg name="config"><Ref refid="sslHttpConfig"/></Arg>
                <Set name="maxConcurrentStreams"><Property name="http2.maxConcurrentStreams" default="1024"/></Set>
            </New>
        </Arg>
    </Call>

</Configure>

<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">

<!-- ============================================================= -->
<!-- Base SSL configuration                                        -->
<!-- This configuration needs to be used together with 1 or more   -->
<!-- of jetty-https.xml or jetty-http2.xml                         -->
<!-- ============================================================= -->
<Configure id="Server" class="org.eclipse.jetty.server.Server">

    <!-- =========================================================== -->
    <!-- Create a TLS specific HttpConfiguration based on the        -->
    <!-- common HttpConfiguration defined in jetty.xml               -->
    <!-- Add a SecureRequestCustomizer to extract certificate and    -->
    <!-- session information                                         -->
    <!-- =========================================================== -->
    <New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
        <Arg><Ref refid="httpConfig"/></Arg>
        <Call name="addCustomizer">
            <Arg><New class="org.eclipse.jetty.server.SecureRequestCustomizer"/></Arg>
        </Call>
    </New>

    <!-- =========================================================== -->
    <!-- Add a SSL Connector with no protocol factories              -->
    <!-- =========================================================== -->
    <Call  name="addConnector">
        <Arg>
            <New id="sslConnector" class="org.eclipse.jetty.server.ServerConnector">
                <Arg name="server"><Ref refid="Server" /></Arg>
                <Arg name="acceptors" type="int"><Property name="ssl.acceptors" default="-1"/></Arg>
                <Arg name="selectors" type="int"><Property name="ssl.selectors" default="-1"/></Arg>
                <Arg name="factories">
                    <Array type="org.eclipse.jetty.server.ConnectionFactory">
                        <!-- uncomment to support proxy protocol
                    <Item>
                          <New class="org.eclipse.jetty.server.ProxyConnectionFactory"/>
                        </Item>-->
                    </Array>
                </Arg>

                <Set name="host"><Property name="jetty.host" /></Set>
                <Set name="port"><Property name="ssl.port" default="443" /></Set>
                <Set name="port"><Property name="port" default="9090" /></Set>
                <Set name="idleTimeout"><Property name="ssl.timeout" default="30000"/></Set>
                <Set name="soLingerTime"><Property name="ssl.soLingerTime" default="-1"/></Set>
                <Set name="acceptorPriorityDelta"><Property name="ssl.acceptorPriorityDelta" default="0"/></Set>
                <Set name="selectorPriorityDelta"><Property name="ssl.selectorPriorityDelta" default="0"/></Set>
                <Set name="acceptQueueSize"><Property name="ssl.acceptQueueSize" default="0"/></Set>
            </New>
        </Arg>
    </Call>

    <!-- ============================================================= -->
    <!-- Create a TLS (SSL) Context Factory  for later reuse           -->
    <!-- ============================================================= -->
    <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
        <Set name="KeyStorePath"><Property name="jetty.base" default="../" />/<Property name="jetty.keystore" default="keystore.jks"/></Set>
        <Set name="KeyStorePassword"><Property name="jetty.keystore.password" default="storepwd"/></Set>
        <Set name="KeyManagerPassword"><Property name="jetty.keymanager.password" default="storepwd"/></Set>
        <Set name="TrustStorePath"><Property name="jetty.base" default="../" />/<Property name="jetty.truststore" default="truststore.jks"/></Set>
        <Set name="TrustStorePassword"><Property name="jetty.truststore.password" default="storepwd"/></Set>
        <Set name="EndpointIdentificationAlgorithm"></Set>
        <Set name="NeedClientAuth"><Property name="jetty.ssl.needClientAuth" default="false"/></Set>
        <Set name="WantClientAuth"><Property name="jetty.ssl.wantClientAuth" default="false"/></Set>
        <Set name="ExcludeCipherSuites">
            <Array type="String">
                <Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
                <Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
                <Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
                <Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
                <Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
                <Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
                <Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
            </Array>
        </Set>
    </New>
</Configure>

I'm using jetty-server, http2-server and jetty-alpn-server artifacts version 9.3.0.M1, is there any additional dependency to be added? I'm using JDK7.

Thanks

Frampton answered 1/4, 2015 at 11:34 Comment(0)
F
6

It finally works with jetty 9.3.0! We need to make sure ALPN is well configured and we use JDK8.

Here is what I configured for maven-jetty-plugin:

<build>
    <finalName>${project.artifactId}</finalName>
    <plugins>
        <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-compiler-plugin</artifactId>
            <configuration>
                <source>1.8</source>
                <target>1.8</target>
                <verbose>true</verbose>
            </configuration>
        </plugin>
        <plugin>
            <groupId>org.eclipse.jetty</groupId>
            <artifactId>jetty-maven-plugin</artifactId>
            <version>${jetty-version}</version>
            <configuration>
                <webAppSourceDirectory>${project.build.directory}/${project.name}</webAppSourceDirectory>
                <systemProperties>
                    <force>true</force>
                </systemProperties>
                <scanIntervalSeconds>10</scanIntervalSeconds>
                <webAppConfig>
                    <contextPath>/</contextPath>
                </webAppConfig>
                <jettyXml>../jetty.xml,../jetty-ssl.xml,../jetty-https.xml</jettyXml>
                <jvmArgs>-Xbootclasspath/p:${settings.localRepository}/org/mortbay/jetty/alpn/alpn-boot/${alpn-version}/alpn-boot-${alpn-version}.jar</jvmArgs>
            </configuration>
            <dependencies>
                <dependency>
                    <groupId>org.eclipse.jetty.http2</groupId>
                    <artifactId>http2-server</artifactId>
                    <version>${jetty-version}</version>
                </dependency>
                <dependency>
                    <groupId>org.eclipse.jetty</groupId>
                    <artifactId>jetty-alpn-server</artifactId>
                    <version>${jetty-version}</version>
                </dependency>
            </dependencies>
        </plugin>
    </plugins>
</build>

<properties>
    <jetty-version>9.3.0.M2</jetty-version>
    <alpn-version>8.1.0.v20141016</alpn-version>
</properties>

Chose the ALPN artifact version according to the JDK version: http://eclipse.org/jetty/documentation/current/alpn-chapter.html

I also added those two ConnectioFactory before the HTTP2ServerConnectionFactory

<Call name="addConnectionFactory">
    <Arg>
        <New class="org.eclipse.jetty.server.SslConnectionFactory">
            <Arg name="next">alpn</Arg>
            <Arg name="sslContextFactory"><Ref refid="sslContextFactory"/></Arg>
        </New>
    </Arg>
</Call>

<Call name="addConnectionFactory">
    <Arg>
        <New id="alpn" class="org.eclipse.jetty.alpn.server.ALPNServerConnectionFactory">
            <Arg type="String">
                <Property name="alpn.protocols" default="" />
            </Arg>
            <Set name="defaultProtocol">
                <Property name="alpn.defaultProtocol" />
            </Set>
        </New>
    </Arg>
</Call>
Frampton answered 3/4, 2015 at 9:43 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.