Hi, On Tue, Mar 19, 2024 at 3:33 PM Lansing Chen via jetty-users <jetty-users@eclipse.org> wrote: > > Dear Jetty team, > > For security enhancement purposes, we are seeking to configure the Jetty > server to listen on trusted interfaces instead of "0.0.0.0". Currently, we > could achieve that by specifying an IP address for the "jetty.ssl.host=xxx" > property in the "ssl.ini" file. > > Given the interface IP address could change upon network configuration > adjustments(more likely than the interface name in our case), we wonder if > it's possible to configure the SSL connector to bind to a specific interface > using its name? For example, instead of "jetty.ssl.host=xxx", could we > configure "jetty.ssl.interface=eth0"? The expected behavior is: Even if the > IP address associated with the interface changes, the Jetty server can > seamlessly identify and bind the connector using the new IP. >
While you can specify a name as the bind address, it will be resolved to an IP address and the channel bound to that address. The behavior you expect is not possible at the Java runtime level: the Java runtime won't know you have reconfigured the network, and won't rebind automatically. Your only option, to my knowledge, is to close the ServerSocketChannel (i.e. stop the Jetty ServerConnector), reconfigure it, and re-bind it (i.e. re-start it). -- Simone Bordet ---- http://cometd.org http://webtide.com Developer advice, training, services and support from the Jetty & CometD experts. _______________________________________________ jetty-users mailing list jetty-users@eclipse.org To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
