Configuration properties for the Jetty transport.

Note: Under heavy load, the gateway's SSL handshake may start to fail. This is addressed by allowing Jetty to manage its properties acceptThreads and requestQueueSize based on machine configuration. If the Jetty configuration properties acceptThreads and requestQueueSize values are set to -1, Jetty manages the configuration and provides improved container performance.

Allow Cross-Context Session IDs (session.manager.factory.crossContextSessionIDs)

Allow sessions to be used in multiple contexts/applications. This applies only to web applications.

Default: true

Allow Http Only Cookies (session.manager.factory.httpOnlyCookies)

Prevents cookies from being accessed from javascript on modern Browsers. Safeguards against Cross Site scripting.

Default: true

Allow Secure Cookies (session.manager.factory.secureCookies)

Encrypts cookies during when browser uses HTTPS.

Default: false

Session Idle Timeout (session.manager.factory.sessionTimeout)

The default session idle timeout in seconds. This applies only to web applications. Note that this value may be overridden by applications. Changes to this value require a restart.

Default: 3600

Accept Backlog (http.incoming.transport.config.acceptQueueSize)

The size of the accept socket queue. This is also known as the 'backlog'.

Default: 100

Accept Threads (http.incoming.transport.config.acceptThreads)

The number of accept threads.

Default: 1

Accept Socket Timeout (http.incoming.transport.config.acceptTimeout)

The accept socket timeout in milliseconds. This is also used as the SO_TIMEOUT for incoming data sockets. Warning: setting a small value for this may result in frequent recycling of the accept socket which may cause dropped connections.

Default: 1800000

SSL Protocols (http.incoming.transport.config.enabledProtocols)

The set of SSL protocols to allow. Note that this property is only used at the time a listener is created. If a listener is already configured, changes will not take effect until the following restart.

Security protocol (http.incoming.transport.config.securityProtocol)

The default SSL protocol. With IBM stacks this should usually be set to 'SSL' or 'SSL_TLS'. Note that this property is only used at the time a listener is created. If a listener is already configured, changes will not take effect until the following restart. This may also be set for individual endpoints using the connection property 'https.security.protocol'.

Default: TLS

SSL Cipher Suites (http.incoming.transport.config.cipherSuites)

The set of SSL cipher suites allow. Note that this property is only used at the time a listener is created. If a listener is already configured, changes will not take effect until the following restart or the listener is reconfigured. The value is a comma-separated list where each item in the list can be a string matching a specific cipher suite, according to the defined values for the JRE at https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites. Alternatively, values can be a regular expression used to identify a set of cipher suites. The regular expression uses the Java java.util.regex.Pattern syntax.

Excluded SSL Cipher Suites (http.incoming.transport.config.excludeCipherSuites)

The set of SSL cipher suites to exclude. Note that this property is only used at the time a listener is created. If a listener is already configured, changes will not take effect until the following restart or the listener is reconfigured. The value is a comma-separated list where each item in the list can be a string matching a specific cipher suite, according to the defined values for the JRE at https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites. Alternatively, values can be a regular expression used to identify a set of cipher suites. The regular expression uses the Java java.util.regex.Pattern syntax. Note that if a value is not configured, the default Jetty setting will be used.

Default: ^SSL_.*$

Enable/Disable Cipher SuiteOrdering (http.incoming.transport.config.useCipherSuitesOrder)

Enable or disables ordering of local cipher suites during SSL/TLS handshaking. Ordering will be according to the sequence in http.incoming.transport.config.cipherSuites if enabled.

Default: true

Enable SSL Renegotiation (http.incoming.transport.config.allowRenegotiate)

Enable/disable all client SSL renegotiations. Note that this property is only used at the time a listener is created. If a listener is already configured, changes will not take effect until the following restart or the listener is reconfigured.

Default: true

Incoming Request Buffer Size (http.incoming.transport.config.requestBufferSize)

Set the size of the incoming request buffer in bytes. This must be set to a valid value.

Default: 32768

Incoming Header Buffer Size (http.incoming.transport.config.requestHeaderSize)

Set the size of the incoming header buffer in bytes. This must be set to a valid value. This buffer is used to hold the request line and headers.

Default: 32768

Response Buffer Size (http.incoming.transport.config.responseBufferSize)

Set the size of the response buffer in bytes. This must be set to a valid value.

Default: 32768

Response Header Buffer Size (http.incoming.transport.config.responseHeaderSize)

Set the size of the response header buffer in bytes. This must be set to a valid value.

Default: 32768

Use X-Forward headers (http.incoming.transport.config.forwarded)

Uses X-Forward headers to calculate HttpServletRequest attributes. Useful if container is accessed using a reverse proxy. Requires a restart.

Default: false

Incoming Request Queue Size (http.incoming.transport.config.requestQueueSize)

Set the size of the incoming request queue for listeners. A change to this value requires a restart.

Default: 16

Max Connections Per Client (http.incoming.transport.config.maxConnectionsPerClient)

Set the maxmimum number of concurrent connections from a single client. A value of 0 indicates no limit. Note that if running behind a layer 7 load balancer, this constraint will restrict the number of connections from the load balancer, not the originating client, and therefore should not be used under those circumstances. If this limit is exceeded, the incoming connection is simply closed.

Default: 0

Max Requests Per Client (http.incoming.transport.config.maxRequestsPerClient)

Set the maxmimum number of concurrent requests from a single client. A value of 0 indicates no limit. If running behind a load balancer, the http.incoming.transport.config.forwarded property must be set in order to properly interpret the X-Forwarded-* headers. If this limit is exceeded, the client will receive a 503 (Service Unavailable) response.

Default: 0

Connection Max Idle Time (http.incoming.transport.config.maxIdleTime)

Set the default maximum number of milliseconds that a connection can remain idle before it is closed. If the thread pool idle time is not specified for a listener, this is also used as the default thread idle time for the connector.

Default: 200000

Low Resource Connection Idle Time (http.incoming.transport.config.lowResourceIdleTime)

Set the number of milliseconds that a connection can remain idle when server resources are low. A value of -1 disables low resource checking. This is triggered when the number of active conenctions reaches the limit set by 'lowResourcesConnections'.

Default: -1

Low Resource Connections (http.incoming.transport.config.lowResourceConnections)

Set the number of active connections that will trigger the low resources state, as a percentage of the max thread pool size. This is only used when lowResourceIdleTime > 0.

Default: 100

SO_LINGER Value (http.incoming.transport.config.linger)

Set the SO_LINGER value for a connection. This value is in milliseconds, but Jetty will divide this by 1000 before setting the value on the socket.

Default: 10000

Enable HTTP2 (http.incoming.transport.config.enableHttp2)

Enable/disable incoming HTTP2 connections.

Default: false

HTTP Compliance Level (http.incoming.transport.config.compliance)

Set the HTTP parser compliance level. Note that from Jetty 9.2 version onwards, the values for request headers such as Content-Type are normalized to uppercase. To disable the normalization of Content-type, select Legacy as the HTTP compliance level to pass values as it is in the request header. Requires restart of the container.

Default: RFC7230

Enable NCSA Access Log (ncsa.access.log.writer.enable)

Enable/disable writing of the NCSA access log. This flag enables the overalll NCSA request log writer.

Default: true

Enable NCSA File Access Log (ncsa.access.log.enable)

Enable/disable the NCSA file-based access log.

Default: false

Enable Extended Log Format (ncsa.access.log.extended)

Enable/disable the extended log format.

Default: false

NCSA Access Log Filename (ncsa.access.log.filename)

The filename to use for the NCSA access log. The filename should include the string 'yyyy_mm_dd', which is replaced with the actual date when creating and rolling over the file.

Default: log/access_yyyy_mm_dd.log

NCSA Access Log Retention (ncsa.access.log.retainDays)

The number of days to retain log files for the NCSA access log.

Default: 30

NCSA Access Log Append (ncsa.access.log.append)

Control whether to append or overwrite log files for the NCSA access log.

Default: true

NCSA Access Log Latency (ncsa.access.log.logLatency)

Show the request processing time in the NCSA access log.

Default: true

Enable Status Servlet (jetty.information.servlet.enable)

Enable the Jetty status servlet. Default path to status page is /admin/com.soa.transport.jetty/information.

Default: false

Max Form Keys (context.manager.maxFormKeys)

Set the max number of keys allowed in a form. If not specified or 0, the default of 1000 is used.

Default: 1000

Max Form Size (context.manager.maxFormSize)

Set the max size in bytes allowed in a form. If not specified or 0, the default of 200K is used.

Default: 200000

Enable Sessions (context.manager.enableSessions)

Enable/disable session support globally.

Default: true

Strict Context Matching (context.manager.strict)

Enable or disable strict context matching. If set to true, only the first context selected by Jetty will be used. If the request is not satisfied by that context, then no others will be tried.

Default: false

Enable Statistics Gathering (connector.manager.stats)

Enable or disable statistics gathering for connectors.

Default: true

Send Date Header (jetty.server.sendDateHeader)

Force Jetty to send a Date header in responses. The default is false internally but the spec requires servers to send a Date if possible. See http://jira.codehaus.org/browse/JETTY-1137.

Default: true

Send Server Header (jetty.server.sendServerVersion)

Force Jetty to send a Server header in responses.

Default: false

Response Header Templates (response.header.generator.templates)

Templates used to generate response headers. The value is a comma-separated list where each item in the list has the format name:value. The header value can be generated either using a static string, or dynamically based on template parameters. Valid template parameter names are: incoming.scheme, incoming.hostname, incoming.port, incoming.path, incoming.uri, now (the current time as a long value), or the name of any available request header (case-insensitive). Template parameters are enclosed in braces, e.g. {now}. If a specified parameter cannot be found, the parameter name appears as the header value. If allowSystemProperties is set to true, any system properties can also be included. Note that blocked header rules in the transport do not impact these headers. Response header generation is only applicable to Web applications, such as the Policy Manager user interface, and is not used for API invocations.

Default: Strict-Transport-Security:max-age=31536000;includeSubDomains

Response Header Generation Contexts (response.header.generator.contexts)

Specify the list of contexts for which generation of response headers will be performed. This is a comma-separated list of context paths that will have header generation applied.

Default: ${info.getDefaults(${attr})}

Enable Response Header Generation (response.header.generator.enable)

Enable/disable generation of response headers.

Default: false

Enable Response Header System Properties (response.header.generator.allowSystemProperties)

Allow system properties in generation of response headers.

Default: false

Error Logging Category (jetty.error.logger.category)

Category to use when logging Jetty errors. Any errors detected by Jetty that match !SC_NO_CONTENT && !SC_NOT_MODIFIED && !SC_PARTIAL_CONTENT && >=SC_OK, will be written to the container log using this category. Each log entry is recorded at WARN level.

Default: http.request.error

Error Logging Message (jetty.error.logger.message)

Message to use when logging Jetty errors.

Default: HTTP Request Error

Deploy Managed Endpoints (endpoint.factory.deployManaged)

Should endpoints defined in the ConfigAdmin as managed endpoints be deployed? If this is set to false, endpoints defined in the Config Admin will be published to Policy Manager when the container is registered, and will be controlled from there. These endpoints will not be exposed until instructed by PM.

Default: false