{"type":"doc","content":[{"type":"heading","attrs":{"level":1},"content":[{"text":"Using Jetty 9.4","type":"text"}]},{"type":"panel","attrs":{"panelType":"error"},"content":[{"type":"paragraph","content":[{"text":"Jetty 9.4 is End of Life. This documentation is provided for historical purposes.","type":"text"}]}]},{"type":"panel","attrs":{"panelType":"warning"},"content":[{"type":"paragraph","content":[{"text":"These pages are examples and do not reflect any normative requirements or assumptions on the part of the IdP software and may be a mix of suggestions from both the project team and deployers. You should take any of this advice with a grain of local salt and consider general security/deployment considerations appropriate to the use of web software in your local environment.","type":"text"}]},{"type":"paragraph","content":[{"text":"The official information about containers and versions we support is solely maintained on the ","type":"text"},{"text":"SystemRequirements","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631833"}}]},{"text":" page. If you wish to operate without complete responsibility for your Java servlet container, you may consider the ","type":"text"},{"text":"Windows","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631507"}}]},{"text":" package we provide that includes an embedded container.","type":"text"}]}]},{"type":"extension","attrs":{"layout":"default","extensionType":"com.atlassian.confluence.macro.core","extensionKey":"toc","parameters":{"macroParams":{"minLevel":{"value":"2"},"maxLevel":{"value":"3"}},"macroMetadata":{"macroId":{"value":"77e16e625ead9814f58e917457f556ca"},"schemaVersion":{"value":"1"},"title":"Table of Contents"}},"localId":"74488bca-3787-4ef8-a706-aeb4d975e25b"}},{"type":"paragraph","content":[{"text":"The following conventions are used this document:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"/opt/shibboleth-idp is used to indicate that an absolute path to the IdP installation directory is required","type":"text"},{"type":"hardBreak"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"idp.home","type":"text","marks":[{"type":"code"}]},{"text":" refers to the IdP installation directory (as specified during the installation process)","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"JETTY_HOME","type":"text","marks":[{"type":"code"}]},{"text":" refers to the location of the Jetty installation (jetty-dist-$VERSION)","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"JETTY_BASE","type":"text","marks":[{"type":"code"}]},{"text":" refers to the directory containing your deployment-specific Jetty configuration files","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"All paths are relative to ","type":"text"},{"text":"JETTY_BASE","type":"text","marks":[{"type":"code"}]},{"text":" unless otherwise noted","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"We strongly recommend placing all IdP-specific Jetty configuration under ","type":"text"},{"text":"JETTY_BASE","type":"text","marks":[{"type":"code"}]},{"text":" to facilitate Jetty upgrades. Do ","type":"text"},{"text":"not","type":"text","marks":[{"type":"strong"}]},{"text":" place that directory inside the IdP installation directory; they can be siblings as desired.","type":"text"},{"type":"hardBreak"}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"The examples on this page are based on the use of a number of files that are not included in the Jetty distribution but are part of a project we store in our Git repository, cloneable from ","type":"text"},{"text":"https://git.shibboleth.net/git/java-idp-jetty-base","type":"text","marks":[{"type":"link","attrs":{"href":"https://git.shibboleth.net/git/java-idp-jetty-base"}}]},{"text":". The examples won't work as is without starting from that complete set of example files. The 9.4.0 branch contains the material used in this material.","type":"text"}]},{"type":"paragraph","content":[{"text":"We may publish it in a more \"official\" capacity in the future, but for now it's simply an example to build on. It includes some custom Jetty \"modules\" that help support a simpler configuration and come packaged with logging libraries and other pieces that make the example here much simpler to explain.","type":"text"}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Version Notes","type":"text"}]},{"type":"paragraph","content":[{"text":"The ","type":"text"},{"text":"latest stable version","type":"text","marks":[{"type":"link","attrs":{"href":"https://www.eclipse.org/jetty/download.html"}}]},{"text":" of Jetty should be used.","type":"text"}]},{"type":"paragraph","content":[{"text":"Although this version of Jetty will run under Java 8, Java 11 is required to run the V4+ identity provider.","type":"text"}]},{"type":"paragraph","content":[{"text":"The Jetty 9.4 release includes a number of configuration changes from earlier releases, mostly refactoring and property renaming. Starting from scratch is advisable if upgrading from 9.2 or 9.3.","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Required Configuration","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Configure Jetty Modules and JVM Settings","type":"text"}]},{"type":"paragraph","content":[{"text":"The bulk of the configuration is established by setting properties in \"ini\" files that are combined in the start.d directory. Some of the properties are defined by Jetty and configure built-in modules and others are specific to the IdP and configure the custom modules we created.","type":"text"}]},{"type":"paragraph","content":[{"text":"File(s):","type":"text","marks":[{"type":"strong"}]},{"text":" ","type":"text"},{"text":"start.d","type":"text","marks":[{"type":"em"}]},{"text":"/","type":"text"},{"text":"start.ini","type":"text","marks":[{"type":"em"}]}]},{"type":"paragraph","content":[{"text":"This is a file you can create to add any specific options you want to use in addition to the defaults, such as enabling additional modules or setting JVM or other system properties.","type":"text"}]},{"type":"heading","attrs":{"level":5},"content":[{"text":"start.ini","type":"text","marks":[{"type":"strong"}]}]},{"type":"codeBlock","attrs":{"language":"plaintext"},"content":[{"text":"# Any other required Jetty modules...\n \n# Allows setting Java system properties (-Dname=value)\n# and JVM flags (-X, -XX) in this file\n# NOTE: spawns child Java process\n--exec\n\n# Uncomment if IdP is installed somewhere other than /opt/shibboleth-idp\n#-Didp.home=/path/to/shibboleth-idp\n\n# Newer garbage collector that reduces memory needed for larger metadata files\n-XX:+UseG1GC\n \n# Maximum amount of memory that Jetty may use, at least 1.5G is recommended\n# for handling larger (> 25M) metadata files but you will need to test on\n# your particular metadata configuration\n-Xmx1500m\n\n# Prevent blocking for entropy.\n-Djava.security.egd=file:/dev/urandom\n\n# Set Java tmp location\n-Djava.io.tmpdir=tmp","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Configure HTTP/HTTPS Connectors","type":"text"}]},{"type":"paragraph","content":[{"text":"File(s):","type":"text","marks":[{"type":"strong"}]},{"text":" credentials/idp-userfacing.p12","type":"text","marks":[{"type":"em"}]},{"text":", ","type":"text"},{"text":"start.d/idp.ini","type":"text","marks":[{"type":"em"}]}]},{"type":"paragraph","content":[{"text":"The basic HTTP/HTTPS port, address, etc. configuration is handled within the custom \"idp\" module and the ","type":"text"},{"text":"idp.ini","type":"text","marks":[{"type":"em"}]},{"text":" property file.","type":"text"}]},{"type":"paragraph","content":[{"text":"The example below shows some of the basic properties you can use to configure networking and TLS credentials.","type":"text"}]},{"type":"paragraph","content":[{"text":"One challenge remains that if you want to use standard ports, you would need to pick one of these options to avoid running as root:","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Use the setuid extension to support listening on the privileged ports as a non-root user.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Use a port forwarding approach (load balancer, iptables rules, etc).","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Use ","type":"text"},{"text":"POSIX capabilities","type":"text","marks":[{"type":"link","attrs":{"href":"https://en.wikipedia.org/wiki/Capability-based_security#POSIX_capabilities"}}]},{"text":" to allow use of priviledged ports by an unpriviledged process, e.g. when using ","type":"text"},{"text":"systemd","type":"text","marks":[{"type":"link","attrs":{"href":"https://www.freedesktop.org/software/systemd/man/systemd.exec.html#AmbientCapabilities="}}]},{"text":" by setting ","type":"text"},{"text":"AmbientCapabilities=CAP_NET_BIND_SERVICE","type":"text","marks":[{"type":"code"}]},{"text":" ","type":"text"}]}]}]},{"type":"heading","attrs":{"level":5},"content":[{"text":"idp.ini","type":"text","marks":[{"type":"strong"}]}]},{"type":"codeBlock","content":[{"text":"# --------------------------------------- \n# Module: idp\n# Shibboleth IdP\n# --------------------------------------- \n--module=idp\n\n## Keystore file path (relative to $jetty.base)\njetty.sslContext.keyStorePath=../credentials/idp-userfacing.p12\n## Truststore file path (relative to $jetty.base)\njetty.sslContext.trustStorePath=../credentials/idp-userfacing.p12\n\n## Keystore type\njetty.sslContext.keyStoreType=PKCS12\n## Truststore type and provider\njetty.sslContext.trustStoreType=PKCS12\n\n## Keystore password\njetty.sslContext.keyStorePassword=changeit\n## Truststore password\njetty.sslContext.trustStorePassword=changeit\n## KeyManager password\njetty.sslContext.keyManagerPassword=changeit\n\n## Deny SSL renegotiation\njetty.sslContext.renegotiationAllowed=false\n\n## Connector host/address to bind to\n# jetty.ssl.host=0.0.0.0\n\n## Connector port to listen on\njetty.ssl.port=443\n\n# Allows use of default IdP command line tools.\njetty.http.host=127.0.0.1\njetty.http.port=80","type":"text"}]},{"type":"paragraph","content":[{"text":"The TLS credential example relies on a PKCS12 file containing the X.509 certificate and private key used to secure the HTTPS channel that users access during authentication and other browser-based message exchanges involving the IdP. This is generally the one you get from a browser-compatible CA, and the example shows it being loaded from a directory inside the ","type":"text"},{"text":"JETTY_BASE","type":"text","marks":[{"type":"code"}]},{"text":" tree.","type":"text"}]},{"type":"paragraph","content":[{"text":"A variety of other networking properties can be set based on the built-in Jetty http and https modules; refer to their documentation.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Configure IdP Context Descriptor","type":"text"}]},{"type":"paragraph","content":[{"text":"File(s):","type":"text","marks":[{"type":"strong"}]},{"text":" webapps/idp.xml","type":"text","marks":[{"type":"em"}]}]},{"type":"paragraph","content":[{"text":"In order to deploy the IdP, Jetty must be informed of the location of the IdP war file. This file is called a context descriptor and the recommended content is provided below.","type":"text"}]},{"type":"paragraph","content":[{"text":"Note this file assumes the location of the IdP installation is explicitly set in the file, and controls the context path to which the application is deployed, which is ","type":"text"},{"text":"/idp","type":"text","marks":[{"type":"strong"}]},{"text":" in the following configuration block.","type":"text"}]},{"type":"heading","attrs":{"level":5},"content":[{"text":"idp.xml","type":"text","marks":[{"type":"strong"}]}]},{"type":"codeBlock","attrs":{"language":"xml"},"content":[{"text":"\n /opt/shibboleth-idp/war/idp.war\n /idp\n false\n false\n true\n false\n","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Recommended Configuration","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Jetty Logging","type":"text"}]},{"type":"paragraph","content":[{"text":"File(s):","type":"text","marks":[{"type":"strong"}]},{"text":" ","type":"text","marks":[{"type":"strong"},{"type":"em"}]},{"text":"start.d/idp-logging.ini, resources/logback.xml, resources/logback-access.xml","type":"text","marks":[{"type":"em"}]}]},{"type":"paragraph","content":[{"text":"The recommended approach is to use logback for all Jetty logging. The ","type":"text"},{"text":"logback","type":"text","marks":[{"type":"link","attrs":{"href":"http://logback.qos.ch/download.html"}}]},{"text":" and ","type":"text"},{"text":"slf4j","type":"text","marks":[{"type":"link","attrs":{"href":"http://www.slf4j.org/download.html"}}]},{"text":" libraries are needed to support this configuration must be added to ","type":"text"},{"text":"JETTY_BASE/lib/logback","type":"text","marks":[{"type":"strong"}]},{"text":" and ","type":"text"},{"text":"JETTY_BASE/lib/slf4j","type":"text","marks":[{"type":"strong"}]},{"text":" folders respectively.","type":"text"}]},{"type":"paragraph","content":[{"text":"If you ","type":"text"},{"text":"don't","type":"text","marks":[{"type":"strong"}]},{"text":" want to use this feature, just remove the ","type":"text"},{"text":"etc/idp-logging.ini","type":"text","marks":[{"type":"em"}]},{"text":" file.","type":"text"}]},{"type":"paragraph","content":[{"text":"Configure logging policy for Jetty internals logging and request/access logging. Sample logback configuration files are provided for convenience and are in the resources directory.","type":"text"}]},{"type":"paragraph","content":[{"text":"If you have a need (maybe temporarily) to include the TLS cipher suite used by a client (e.g., to determine when it's safe to disable older versions), you can adjust logback-access.xml to include that in its output. Instead of a pattern of \"combined\", you can include the actual combined log format pattern and add the cipher string on the end:","type":"text"}]},{"type":"codeBlock","content":[{"text":"%h %l %u [%t] \"%r\" %s %b \"%i{Referer}\" \"%i{User-Agent}\" %reqAttribute{javax.servlet.request.cipher_suite}","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Disable Directory Indexing","type":"text"}]},{"type":"paragraph","content":[{"text":"Jetty has had vulnerabilities related to directory indexing (sigh) so we suggest disabling that feature at this point. There are a few different ways this can be done (see ","type":"text"},{"text":"https://webtide.com/indexing-listing-vulnerability-in-jetty/","type":"text","marks":[{"type":"link","attrs":{"href":"https://webtide.com/indexing-listing-vulnerability-in-jetty/"}}]},{"text":"), but one method that's fairly self-contained within the IdP footprint is to modify web.xml (i.e. copy the original version from idp.home/dist/webapp/WEB-INF/web.xml to idp.home/edit-webapp/WEB-INF/web.xml) and then rebuild the war file.","type":"text"}]},{"type":"heading","attrs":{"level":5},"content":[{"text":"web.xml addition","type":"text","marks":[{"type":"strong"}]}]},{"type":"codeBlock","attrs":{"language":"xml"},"content":[{"text":" \n default\n org.eclipse.jetty.servlet.DefaultServlet\n \n dirAllowed\n false\n \n 0\n ","type":"text"}]},{"type":"paragraph","content":[{"text":"You can place it above the existing ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" elements in the file.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"TLS Ciphers","type":"text"}]},{"type":"paragraph","content":[{"text":"As with all web servers, it's a challenge to stay on top of all the best practices related to TLS/SSL versions, ciphers, etc. Jetty has been good of late in shipping reasonable defaults, but they frequently get bad advice pressuring them to be \"more interoperable\", so it's hard to count on things staying good. It's usually best to be in a position to make adjustments to this quickly, and test after upgrades.","type":"text"}]},{"type":"paragraph","content":[{"text":"Jetty documents a way to adjust this sort of thing ","type":"text"},{"text":"here","type":"text","marks":[{"type":"link","attrs":{"href":"https://www.eclipse.org/jetty/documentation/jetty-9/index.html#configuring-sslcontextfactory"}}]},{"text":". The basic procedure is to create a file at ","type":"text"},{"text":"etc/tweak-ssl.xml","type":"text","marks":[{"type":"em"}]},{"text":" to adjust the settings. A starting point to further adjust is shown below.","type":"text"}]},{"type":"heading","attrs":{"level":5},"content":[{"text":"etc/tweak-ssl.xml","type":"text","marks":[{"type":"strong"}]}]},{"type":"codeBlock","attrs":{"language":"xml"},"content":[{"text":"\n\n \n \n TLSv1.3\n TLSv1.2\n \n \n \n \n TLSv1.1\n TLSv1\n SSL\n SSLv2\n SSLv3\n \n \n \n \n TLS_ECDHE.*\n TLS_AES.*\n TLS_RSA.*\n \n \n \n \n .*NULL.*\n .*RC4.*\n .*MD5.*\n .*DES.*\n .*DSS.*\n TLS_DHE.*\n \n \n","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Optional Configuration","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Supporting SOAP Endpoints","type":"text"}]},{"type":"paragraph","content":[{"text":"File(s):","type":"text","marks":[{"type":"strong"}]},{"text":" /opt/shibboleth-idp/credentials/idp-backchannel.p12","type":"text","marks":[{"type":"em"}]},{"text":", ","type":"text"},{"text":"etc/idp-backchannel.xml, modules/idp-backchannel.mod, start.d/idp-backchannel.ini","type":"text","marks":[{"type":"em"}]},{"type":"hardBreak"}]},{"type":"paragraph","content":[{"text":"The use of the back-channel is discussed in the ","type":"text"},{"text":"SecurityAndNetworking","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631506"}}]},{"text":" topic, and you should review that to understand whether or not you need to support this feature.","type":"text"}]},{"type":"paragraph","content":[{"text":"If you do need this support, these connections generally require special security properties that are not appropriate for user-facing/browser use. Therefore an additional endpoint must be configured.","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"The ","type":"text"},{"text":"jetty94-dta-ssl-1.0.0.jar","type":"text","marks":[{"type":"link","attrs":{"href":"https://build.shibboleth.net/nexus/content/repositories/releases/net/shibboleth/utilities/jetty9/jetty94-dta-ssl/1.0.0/jetty94-dta-ssl-1.0.0.jar"}}]},{"text":" (","type":"text"},{"text":"asc","type":"text","marks":[{"type":"link","attrs":{"href":"https://build.shibboleth.net/nexus/content/repositories/releases/net/shibboleth/utilities/jetty9/jetty94-dta-ssl/1.0.0/jetty94-dta-ssl-1.0.0.jar.asc"}}]},{"text":") plugin can be placed in ","type":"text"},{"text":"JETTY_BASE/lib/ext","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"We provide a backchannel module to control the feature and turn it on or off. Note that because we were forced to update the plugin to accomodate a Jetty change, it has been renamed, the class renamed, and the XML file loaded by the module updated to reflect this change.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Adjust ","type":"text"},{"text":"JETTY_BASE/start.d/idp-backchannel.ini","type":"text","marks":[{"type":"em"}]},{"text":" as required:","type":"text"}]},{"type":"codeBlock","content":[{"text":"# --------------------------------------- \n# Module: idp-backchannel\n# Shibboleth IdP Dedicated SOAP Connector\n# --------------------------------------- \n--module=idp-backchannel\n\n## Backchannel connector port to listen on\n# idp.backchannel.port=8443\n\n## Backchannel keystore file path (relative to $jetty.base)\n# idp.backchannel.keyStorePath=../credentials/idp-backchannel.p12\n\n## Backchannel keystore password\n# idp.backchannel.keyStorePassword=changeit\n\n## Backchannel keystore type\n# idp.backchannel.keyStoreType=PKCS12\n","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Modify","type":"text"},{"text":" JETTY_BASE/etc/idp-backchannel.xml","type":"text","marks":[{"type":"em"}]},{"text":" if desired. You get more control over the TLS settings if you need them, but normally this file is just used to plug in the properties we support from the ini file.","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Other Modules","type":"text"}]},{"type":"paragraph","content":[{"text":"Jetty has a ton of advanced and optional functionality available in the form of modules that can be enabled selectively. They don't function in the way Apache modules do, but they're basically packaged \"example\" configuration files that will get copied from ","type":"text"},{"text":"JETTY_HOME","type":"text","marks":[{"type":"code"}]},{"text":" into ","type":"text"},{"text":"JETTY_BASE","type":"text","marks":[{"type":"code"}]},{"text":" when you need them and you get \"just\" the minimum files needed to support the feature but keep future upgrades simple.","type":"text"}]},{"type":"paragraph","content":[{"text":"To enable a module, you run the Jetty start file from within ","type":"text"},{"text":"JETTY_BASE","type":"text","marks":[{"type":"code"}]},{"text":":","type":"text"}]},{"type":"codeBlock","content":[{"text":"$ cd jetty-base\n$ java -jar /opt/jetty-distribution-9.4.14.v20181114/start.jar --add-to-start=modulename","type":"text"}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Supporting X-Forwarded-For Natively","type":"text"}]},{"type":"paragraph","content":[{"text":"File(s):","type":"text","marks":[{"type":"strong"}]},{"text":" modules/idp.mod","type":"text","marks":[{"type":"em"}]},{"text":", ","type":"text"},{"text":"start.d/idp.ini","type":"text","marks":[{"type":"em"}]}]},{"type":"paragraph","content":[{"text":"If you are running the Jetty engine behind a proxy or load balancer Jetty has built-in support for forwarding the client address and other details via headers using its http-forwarded module, and after enabling it as above you can edit the resulting properties file to configure it.","type":"text"}]},{"type":"paragraph","content":[{"text":"If your IdP is behind Apache, you probably only need it to listen for HTTP traffic locally. At present, this involves commenting out or removing two lines from the [depend] section of idp.mod: the lines containing https and ssl.","type":"text"}]},{"type":"paragraph","content":[{"text":"Next, add modules to be loaded in ","type":"text"},{"text":"start.d/idp.ini.","type":"text","marks":[{"type":"em"}]},{"text":" Alternatively, create your own ","type":"text"},{"text":"start.d/http.ini","type":"text","marks":[{"type":"em"}]},{"text":" to keep this configuration separate. Add the following to one of these files.","type":"text"}]},{"type":"paragraph","content":[{"text":"--module=http","type":"text","marks":[{"type":"code"}]}]},{"type":"paragraph","content":[{"text":"The http-forwarded module mentioned above is required so that requests coming to the IdP aren't seen as coming from localhost. Follow the instructions above to install this module or, since its defaults are acceptable, just add the following to start.d/idp.ini or start.d/http.ini:","type":"text"}]},{"type":"paragraph","content":[{"text":"--module=http-forwarded","type":"text","marks":[{"type":"code"}]}]},{"type":"paragraph","content":[{"text":"Finally, make sure the ","type":"text"},{"text":"jetty.http.host","type":"text","marks":[{"type":"strong"}]},{"text":" and ","type":"text"},{"text":"jetty.http.port","type":"text","marks":[{"type":"strong"}]},{"text":" are set apropriately in ","type":"text"},{"text":"idp.ini","type":"text","marks":[{"type":"em"}]},{"text":", or remove them from there and add them to ","type":"text"},{"text":"http.ini","type":"text","marks":[{"type":"em"}]},{"text":".","type":"text"}]},{"type":"codeBlock","content":[{"text":"jetty.http.host=127.0.0.1\njetty.http.port=8080","type":"text"}]},{"type":"paragraph","content":[{"text":"Since 8080 is the default http port for Jetty, It's also okay to leave this unset.","type":"text"}]}],"version":1}