Configuration properties for the Jetty transport.
Note: Under heavy load, the gateway's SSL handshake may start to fail. This is addressed by allowing Jetty to manage its properties acceptThreads and requestQueueSize based on machine configuration. If the Jetty configuration properties acceptThreads and requestQueueSize values are set to -1, Jetty manages the configuration and provides improved container performance.
Allow sessions to be used in multiple contexts/applications. This applies only to web applications.
Default: true
Prevents cookies from being accessed from javascript on modern Browsers. Safeguards against Cross Site scripting.
Default: true
Encrypts cookies during when browser uses HTTPS.
Default: false
The default session idle timeout in seconds. This applies only to web applications. Note that this value may be overridden by applications. Changes to this value require a restart.
Default: 3600
The size of the accept socket queue. This is also known as the 'backlog'.
Default: 100
The number of accept threads.
Default: 1
The accept socket timeout in milliseconds. This is also used as the SO_TIMEOUT for incoming data sockets. Warning: setting a small value for this may result in frequent recycling of the accept socket which may cause dropped connections.
Default: 1800000
The set of SSL protocols to allow. Note that this property is only used at the time a listener is created. If a listener is already configured, changes will not take effect until the following restart.
The default SSL protocol. With IBM stacks this should usually be set to 'SSL' or 'SSL_TLS'. Note that this property is only used at the time a listener is created. If a listener is already configured, changes will not take effect until the following restart. This may also be set for individual endpoints using the connection property 'https.security.protocol'.
Default: TLS
The set of SSL cipher suites allow. Note that this property is only used at the time a listener is created. If a listener is already configured, changes will not take effect until the following restart or the listener is reconfigured. The value is a comma-separated list where each item in the list can be a string matching a specific cipher suite, according to the defined values for the JRE at https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites. Alternatively, values can be a regular expression used to identify a set of cipher suites. The regular expression uses the Java java.util.regex.Pattern syntax.
The set of SSL cipher suites to exclude. Note that this property is only used at the time a listener is created. If a listener is already configured, changes will not take effect until the following restart or the listener is reconfigured. The value is a comma-separated list where each item in the list can be a string matching a specific cipher suite, according to the defined values for the JRE at https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites. Alternatively, values can be a regular expression used to identify a set of cipher suites. The regular expression uses the Java java.util.regex.Pattern syntax. Note that if a value is not configured, the default Jetty setting will be used.
Default: ^SSL_.*$
Enable or disables ordering of local cipher suites during SSL/TLS handshaking. Ordering will be according to the sequence in http.incoming.transport.config.cipherSuites if enabled.
Default: true
Enable/disable all client SSL renegotiations. Note that this property is only used at the time a listener is created. If a listener is already configured, changes will not take effect until the following restart or the listener is reconfigured.
Default: true
Set the size of the incoming request buffer in bytes. This must be set to a valid value.
Default: 32768
Set the size of the incoming header buffer in bytes. This must be set to a valid value. This buffer is used to hold the request line and headers.
Default: 32768
Set the size of the response buffer in bytes. This must be set to a valid value.
Default: 32768
Set the size of the response header buffer in bytes. This must be set to a valid value.
Default: 32768
Uses X-Forward headers to calculate HttpServletRequest attributes. Useful if container is accessed using a reverse proxy. Requires a restart.
Default: false
Set the size of the incoming request queue for listeners. A change to this value requires a restart.
Default: 16
Set the maxmimum number of concurrent connections from a single client. A value of 0 indicates no limit. Note that if running behind a layer 7 load balancer, this constraint will restrict the number of connections from the load balancer, not the originating client, and therefore should not be used under those circumstances. If this limit is exceeded, the incoming connection is simply closed.
Default: 0
Set the maxmimum number of concurrent requests from a single client. A value of 0 indicates no limit. If running behind a load balancer, the http.incoming.transport.config.forwarded property must be set in order to properly interpret the X-Forwarded-* headers. If this limit is exceeded, the client will receive a 503 (Service Unavailable) response.
Default: 0
Set the default maximum number of milliseconds that a connection can remain idle before it is closed. If the thread pool idle time is not specified for a listener, this is also used as the default thread idle time for the connector.
Default: 200000
Set the number of milliseconds that a connection can remain idle when server resources are low. A value of -1 disables low resource checking. This is triggered when the number of active conenctions reaches the limit set by 'lowResourcesConnections'.
Default: -1
Set the number of active connections that will trigger the low resources state, as a percentage of the max thread pool size. This is only used when lowResourceIdleTime > 0.
Default: 100
Set the SO_LINGER value for a connection. This value is in milliseconds, but Jetty will divide this by 1000 before setting the value on the socket.
Default: 10000
Enable/disable incoming HTTP2 connections.
Default: false
Set the HTTP parser compliance level. Note that from Jetty 9.2 version onwards, the values for request headers such as Content-Type are normalized to uppercase. To disable the normalization of Content-type, select Legacy as the HTTP compliance level to pass values as it is in the request header. Requires restart of the container.
Default: RFC7230
Enable/disable writing of the NCSA access log. This flag enables the overalll NCSA request log writer.
Default: true
Enable/disable the NCSA file-based access log.
Default: false
Enable/disable the extended log format.
Default: false
The filename to use for the NCSA access log. The filename should include the string 'yyyy_mm_dd', which is replaced with the actual date when creating and rolling over the file.
Default: log/access_yyyy_mm_dd.log
The number of days to retain log files for the NCSA access log.
Default: 30
Control whether to append or overwrite log files for the NCSA access log.
Default: true
Show the request processing time in the NCSA access log.
Default: true
Enable the Jetty status servlet. Default path to status page is /admin/com.soa.transport.jetty/information.
Default: false
Set the max number of keys allowed in a form. If not specified or 0, the default of 1000 is used.
Default: 1000
Set the max size in bytes allowed in a form. If not specified or 0, the default of 200K is used.
Default: 200000
Enable/disable session support globally.
Default: true
Enable or disable strict context matching. If set to true, only the first context selected by Jetty will be used. If the request is not satisfied by that context, then no others will be tried.
Default: false
Enable or disable statistics gathering for connectors.
Default: true
Force Jetty to send a Date header in responses. The default is false internally but the spec requires servers to send a Date if possible. See http://jira.codehaus.org/browse/JETTY-1137.
Default: true
Force Jetty to send a Server header in responses.
Default: false
Templates used to generate response headers. The value is a comma-separated list where each item in the list has the format name:value. The header value can be generated either using a static string, or dynamically based on template parameters. Valid template parameter names are: incoming.scheme, incoming.hostname, incoming.port, incoming.path, incoming.uri, now (the current time as a long value), or the name of any available request header (case-insensitive). Template parameters are enclosed in braces, e.g. {now}. If a specified parameter cannot be found, the parameter name appears as the header value. If allowSystemProperties is set to true, any system properties can also be included. Note that blocked header rules in the transport do not impact these headers. Response header generation is only applicable to Web applications, such as the Policy Manager user interface, and is not used for API invocations.
Default: Strict-Transport-Security:max-age=31536000;includeSubDomains
Specify the list of contexts for which generation of response headers will be performed. This is a comma-separated list of context paths that will have header generation applied.
Default: ${info.getDefaults(${attr})}
Enable/disable generation of response headers.
Default: false
Allow system properties in generation of response headers.
Default: false
Category to use when logging Jetty errors. Any errors detected by Jetty that match !SC_NO_CONTENT && !SC_NOT_MODIFIED && !SC_PARTIAL_CONTENT && >=SC_OK, will be written to the container log using this category. Each log entry is recorded at WARN level.
Default: http.request.error
Message to use when logging Jetty errors.
Default: HTTP Request Error
Should endpoints defined in the ConfigAdmin as managed endpoints be deployed? If this is set to false, endpoints defined in the Config Admin will be published to Policy Manager when the container is registered, and will be controlled from there. These endpoints will not be exposed until instructed by PM.
Default: false