Introduction
All examples given here can be found in Subversion at: http://svn.sonatype.org/nexus/trunk/nexus/nexus-webapp/src/main/assembly/base-bundle/conf/examples, or in the Nexus distribution under #(basedir)/conf/examples.
Some things to keep in mind
- Jetty customizations found on this page will only work with Nexus ≥ 1.2.0.2.
- Any custom Jetty configuration must be contained in the
$(basedir)/conf/jetty.xmlfile, or else in the location referenced by thejetty.xmlproperty in$(basedir)/conf/plexus.properties(in case you’ve customized this location). - Custom Jetty rules, handlers, and other components referenced in the examples on this page require a more recent version of
plexus-interpolationthan that bundled with Nexus as of 1.2.0. In order to use these custom components, you’ll need to replace$(basedir)/runtime/apps/nexus/lib/plexus-interpolation-1.1.jarwith the 1.6 version, available at http://repository.sonatype.org/content/groups/public/org/codehaus/plexus/plexus-interpolation/1.6/plexus-interpolation-1.6.jar.
Equivalent base jetty.xml
(This file can be found in #(basedir)/conf/examples/jetty.xml{}{}, inside your Nexus distribution.)
The following jetty.xml configuration file is equivalent to the built-in configuration of Nexus:
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://jetty.mortbay.org/configure.dtd">
<!-- =============================================================== -->
<!-- -->
<!-- NOTE: Copy this file to ../jetty.xml to use it. -->
<!-- -->
<!-- Configure the Jetty Server -->
<!-- -->
<!-- Documentation of this file format can be found at: -->
<!-- http://docs.codehaus.org/display/JETTY/jetty.xml -->
<!-- -->
<!-- =============================================================== -->
<Configure id="Server" class="org.mortbay.jetty.Server">
<Call name="addConnector">
<Arg>
<New class="org.mortbay.jetty.nio.SelectChannelConnector">
<Set name="host">${application-host}</Set>
<Set name="port">${application-port}</Set>
</New>
</Arg>
</Call>
<Set name="handler">
<New id="Contexts" class="org.mortbay.jetty.handler.ContextHandlerCollection">
<!-- The following configuration is REQUIRED, and MUST BE FIRST.
It makes the Plexus container available for use in the Nexus webapp. -->
<Call name="addLifeCycleListener">
<Arg>
<New class="org.sonatype.plexus.jetty.custom.InjectExistingPlexusListener" />
</Arg>
</Call>
<!-- The following configuration disables JSP taglib support, the validation of which
slows down Jetty's startup significantly. -->
<Call name="addLifeCycleListener">
<Arg>
<New class="org.sonatype.plexus.jetty.custom.DisableTagLibsListener" />
</Arg>
</Call>
</New>
</Set>
<New id="NexusWebAppContext" class="org.mortbay.jetty.webapp.WebAppContext">
<Arg><Ref id="Contexts"/></Arg>
<Arg>${webapp}</Arg>
<Arg>${webapp-context-path}</Arg>
<Set name="extractWAR">false</Set>
</New>
<Set name="stopAtShutdown">true</Set>
<Set name="sendServerVersion">true</Set>
<Set name="sendDateHeader">true</Set>
<Set name="gracefulShutdown">1000</Set>
</Configure>
This configuration file will serve as the basis for customizing the Jetty instance used by Nexus in all examples on this page.
Enabling AJP connections
(This file can be found in #(basedir)/conf/examples/jetty-ajp.xml{}{}, inside your Nexus distribution.)
IMPORTANT: First, make sure you review the information found in the introduction at the top of this page.
Out of the box, Nexus is configured to use a HTTP connector to listen on port 8081. If instead you want to connect to Nexus using AJP, modify the nexus-equivalent jetty.xml as follows:
1. Remove the section:
<Call name="addConnector">
<Arg>
<New class="org.mortbay.jetty.nio.SelectChannelConnector">
<Set name="host">${application-host}</Set>
<Set name="port">${application-port}</Set>
</New>
</Arg>
</Call>
2. Add the following AJP configuration in its place:
<Call name="addConnector">
<Arg>
<New class="org.mortbay.jetty.ajp.Ajp13SocketConnector">
<Set name="host">${application-host}</Set>
<Set name="port">${application-port}</Set>
</New>
</Arg>
</Call>
3. Then, adjust your $(basedir)/conf/plexus.properties as needed to set the port you wish to use for AJP connections.
4. look in $(basedir}/runtime/apps/nexus/lib and find the version of Jetty-xxx.jar used by the bundle of Nexus you’re running. Then go to http://repository.sonatype.org/index.html#nexus-search;quick~jetty-ajp and find the matching version of the ajp jar. Download it into $(basedir}/runtime/apps/nexus/lib
Serving SSL directly from Nexus
(This file can be found in #(basedir)/conf/examples/jetty-ssl.xml{}{}, inside your Nexus distribution.)
IMPORTANT: First, make sure you review the information found in the introduction at the top of this page.
Often, it’s simply easier to avoid the extra configuration of putting a web server like Apache Httpd in front of Nexus. However, it still may be important to protect the passwords used to login to Nexus if you’re accessing it from a public network. One simple solution is to configure Nexus to listen for SSL connections directly. To do this, you’ll need to perform the following steps.
Configure the Java keystore
Follow the instructions on the How to configure SSL on the Jetty Wiki to setup the appropriate keys and certificates in a form that Jetty can use. Pay particular attention to steps 1-3, and the section at the bottom called Password Issues.
The jetty-util jar can be found at: http://repository.sonatype.org/content/groups/public/org/mortbay/jetty/jetty-util/6.1.14/, and the jetty main jar can be found at: []
The command line used to import an OpenSSL key+cert in PKCS12 format is:
java -classpath jetty-util-6.1.14.jar:jetty-6.1.14.jar org.mortbay.jetty.security.PKCS12Import <pkcs12-file> <keystore>
The command line used to generate an obfuscated password hash is:
java -classpath jetty-util-6.1.14.jar:jetty-6.1.14.jar org.mortbay.jetty.security.Password <your-password>
Configure Nexus/Jetty to use the new keystore
Modify the nexus-equivalent jetty.xml to replace this:
<Call name="addConnector">
<Arg>
<New class="org.mortbay.jetty.nio.SelectChannelConnector">
<Set name="host">${application-host}</Set>
<Set name="port">${application-port}</Set>
</New>
</Arg>
</Call>
with this:
<Call name="addConnector">
<Arg>
<New class="org.mortbay.jetty.security.SslSelectChannelConnector">
<Set name="host">${application-host}</Set>
<Set name="port">${application-port}</Set>
<Set name="maxIdleTime">30000</Set>
<Set name="keystore">/etc/ssl/keystore</Set>
<Set name="truststore">/etc/ssl/keystore</Set>
<Set name="password">OBF:1v2j1uum1xtv1zej1zer1xtn1uvk1v1v</Set>
<Set name="keyPassword">OBF:1v2j1uum1xtv1zej1zer1xtn1uvk1v1v</Set>
<Set name="trustPassword">OBF:1v2j1uum1xtv1zej1zer1xtn1uvk1v1v</Set>
</New>
</Arg>
</Call>
Modify the application-port property for SSL connections
The application-port property, referenced in the configuration above, has a default configuration that many people would more naturally associate with non-SSL connections. You may wish to modify this port to something like 8443, or even 443 (if you have root access from which to start Nexus). To change this property, modify the $(basedir)/conf/plexus.properties file.
NOTE: You may wish to enable both types of connections, with appropriate rewrite rules between them. Such a configuration is beyond the scope of this section; if you’re interested, please refer to the Jetty Wiki for some information to get you started. Additionally, you may need to add extra port properties to the plexus.properties configuration file to accommodate both SSL and non-SSL connections.
Redirecting non-SSL connections to SSL on Nexus
(This file can be found in #(basedir)/conf/examples/jetty-dual-ports-with-ssl.xml{}{}, inside your Nexus distribution.)
IMPORTANT: First, make sure you review the information found in the introduction at the top of this page.
NOTE: As of this writing, the above configuration also requires an additional Jetty library, called jetty-rewrite-handler, that includes the rewrite support. Add this jar to the $(basedir)/runtime/apps/nexus/lib directory, so it is available when Nexus starts.
Often, if you’ve set out to configure Nexus to serve SSL connections directly, you’d really like to listen on a non-SSL port then redirect traffic on that port over to the SSL side. This allows your main Nexus service to be protected by SSL, while still accepting traffic where some users may expect to find it (i.e. on the non-SSL port).
This configuration amounts to URL rewriting, which is something you normally see done in Apache Httpd or other similar webserver products. To accomplish the same thing with only Jetty (embedded in Nexus), you’ll need to use a custom rewrite rule for Jetty that is bundled in Nexus, inside the plexus-jetty6 library found in $(basedir)/runtime/apps/nexus/lib.
To enable this feature, first follow the steps outlined in the section #Serving SSL directly from Nexus, above. Then, further modify your jetty.xml file with the following:
1. Replace the existing handler/context-collection declaration with a standalone context-collection declaration, by replacing this section:
<Set name="handler">
<New id="Contexts" class="org.mortbay.jetty.handler.ContextHandlerCollection">
<!-- The following configuration is REQUIRED, and MUST BE FIRST.
It makes the Plexus container available for use in the Nexus webapp. -->
<Call name="addLifeCycleListener">
<Arg>
<New class="org.sonatype.plexus.jetty.custom.InjectExistingPlexusListener" />
</Arg>
</Call>
<!-- The following configuration disables JSP taglib support, the validation of which
slows down Jetty's startup significantly. -->
<Call name="addLifeCycleListener">
<Arg>
<New class="org.sonatype.plexus.jetty.custom.DisableTagLibsListener" />
</Arg>
</Call>
</New>
</Set>
with this one:
<New id="Contexts" class="org.mortbay.jetty.handler.ContextHandlerCollection">
<!-- The following configuration is REQUIRED, and MUST BE FIRST.
It makes the Plexus container available for use in the Nexus webapp. -->
<Call name="addLifeCycleListener">
<Arg>
<New class="org.sonatype.plexus.jetty.custom.InjectExistingPlexusListener" />
</Arg>
</Call>
<!-- The following configuration disables JSP taglib support, the validation of which
slows down Jetty's startup significantly. -->
<Call name="addLifeCycleListener">
<Arg>
<New class="org.sonatype.plexus.jetty.custom.DisableTagLibsListener" />
</Arg>
</Call>
</New>
2. Now, configure the rewrite handler for Jetty by adding the following section just above the line with stopAtShutdown in it:
<Set name="handler">
<New id="Handlers" class="org.mortbay.jetty.handler.rewrite.RewriteHandler">
<Set name="rules">
<Array type="org.mortbay.jetty.handler.rewrite.Rule">
<Item>
<New id="redirecedHttps"
class="org.sonatype.plexus.jetty.custom.RedirectToHttpsRule">
<Set name="httpsPort">${application-port-ssl}</Set>
</New>
</Item>
</Array>
</Set>
<Set name="handler">
<New id="Handlers" class="org.mortbay.jetty.handler.HandlerCollection">
<Set name="handlers">
<Array type="org.mortbay.jetty.Handler">
<Item><Ref id="Contexts"/></Item>
<Item><New id="DefaultHandler" class="org.mortbay.jetty.handler.DefaultHandler"/></Item>
<Item><New id="RequestLog" class="org.mortbay.jetty.handler.RequestLogHandler"/></Item>
</Array>
</Set>
</New>
</Set>
</New>
</Set>
3. Finally, modify your $(basedir)/conf/plexus.properties file to include a new property, application-port-ssl. This will allow you to customize both the SSL and non-SSL ports independently:
application-port-ssl=8443
Improving performance on Windows
(This file can be found in #(basedir)/conf/examples/jetty-faster-windows.xml{}{}, inside your Nexus distribution.)
IMPORTANT: First, make sure you review the information found in the introduction at the top of this page.
On some versions of Windows (notably Windows 2003), Jetty’s performance can be less-than-stellar by default. To address this, the Jetty team has developed a tuning step which can make Nexus more responsive on Windows platforms.
Modify the nexus-equivalent jetty.xml, changing this:
<Call name="addConnector">
<Arg>
<New class="org.mortbay.jetty.nio.SelectChannelConnector">
<Set name="host">${application-host}</Set>
<Set name="port">${application-port}</Set>
</New>
</Arg>
</Call>
to this:
<Call name="addConnector">
<Arg>
<New class="org.mortbay.jetty.nio.SelectChannelConnector">
<Set name="host">${application-host}</Set>
<Set name="port">${application-port}</Set>
<Set name="responseBufferSize">512</Set>
</New>
</Arg>
</Call>
NOTE: full documentation for this tuning step can be found on the Jetty wiki at: http://docs.codehaus.org/display/JETTY/Slow+Win2003.
Increasing Jetty’s header buffer to cope with UI column resizing
(This file can be found in #(basedir)/conf/examples/jetty-header-buffer.xml{}{}, inside your Nexus distribution.)
IMPORTANT: First, make sure you review the information found in the introduction at the top of this page.
Nexus uses ExtJS for its UI, which uses a request header to transmit customized column sizes on table layouts. If you resize a lot of the columns in various Nexus UI elements, it’s possible that you may see errors in Nexus, as Jetty’s allocated buffer for request headers overflows. The simplest solution is to increase the header buffer size in Jetty to accommodate the large request header generated by customized ExtJS column sizes.
Modify the nexus-equivalent jetty.xml, changing this:
<Call name="addConnector">
<Arg>
<New class="org.mortbay.jetty.nio.SelectChannelConnector">
<Set name="host">${application-host}</Set>
<Set name="port">${application-port}</Set>
</New>
</Arg>
</Call>
to this:
<Call name="addConnector">
<Arg>
<New class="org.mortbay.jetty.nio.SelectChannelConnector">
<Set name="host">${application-host}</Set>
<Set name="port">${application-port}</Set>
<Set name="headerBufferSize">8192</Set>
</New>
</Arg>
</Call>
NOTE: full documentation for this tuning step can be found on the Jetty wiki at: http://docs.codehaus.org/display/JETTY/Configuring+Connectors#ConfiguringConnectors-headerBufferSize. This example simply doubles the default value of 4K up to 8K.