Package: jetty Version: 6.1.26-3 Severity: normal /etc/default/jetty says:
# Listen to connections from this network host # Use 0.0.0.0 as host to accept all connections. # Uncomment to restrict access to localhost #JETTY_HOST=$(uname -n) However, setting JETTY_HOST to the actual host name causes it to still be reachable from third party hosts. I need to explicitly set it to "localhost" to get it to only be reachable from localhost. -- System Information: Debian Release: stretch/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.5.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages jetty depends on: ii adduser 3.115 ii apache2-utils 2.4.23-5 ii default-jre-headless [java5-runtime-headless] 2:1.8-57 ii jsvc 1.0.15-6 ii libjetty-java 6.1.26-5 ii openjdk-7-jre-headless [java5-runtime-headless] 7u95-2.6.4-3 ii openjdk-8-jre-headless [java5-runtime-headless] 8u102-b14.1-2 ii openjdk-9-jre-headless [java5-runtime-headless] 9~b133-1 jetty recommends no packages. Versions of packages jetty suggests: ii libjetty-extra 6.1.26-5 ii libjetty-extra-java 6.1.26-5 pn libjetty-java-doc <none> -- Configuration Files: /etc/default/jetty changed: NO_START=0 VERBOSE=yes JETTY_HOST=localhost /etc/jetty/jetty.xml changed: <?xml version="1.0"?> <!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://jetty.mortbay.org/configure.dtd";> <!-- =============================================================== --> <!-- Configure the Jetty Server --> <!-- --> <!-- Documentation of this file format can be found at: --> <!-- http://docs.codehaus.org/display/JETTY/jetty.xml --> <!-- --> <!-- =============================================================== --> <Configure id="Server" class="org.mortbay.jetty.Server"> <!-- =========================================================== --> <!-- Server Thread Pool --> <!-- =========================================================== --> <Set name="ThreadPool"> <New class="org.mortbay.thread.QueuedThreadPool"> <Set name="minThreads">10</Set> <Set name="maxThreads">200</Set> <Set name="lowThreads">20</Set> </New> <!-- Optional Java 5 bounded threadpool with job queue <New class="org.mortbay.thread.concurrent.ThreadPool"> <Set name="corePoolSize">50</Set> <Set name="maximumPoolSize">50</Set> </New> --> </Set> <!-- =========================================================== --> <!-- Set connectors --> <!-- =========================================================== --> <!-- One of each type! --> <!-- =========================================================== --> <!-- Use this connector for many frequently idle connections and for threadless continuations. --> <Call name="addConnector"> <Arg> <New class="org.mortbay.jetty.nio.SelectChannelConnector"> <Set name="host"><SystemProperty name="jetty.host" /></Set> <Set name="port"><SystemProperty name="jetty.port" default="8080"/></Set> <Set name="maxIdleTime">30000</Set> <Set name="Acceptors">2</Set> <Set name="statsOn">false</Set> <Set name="confidentialPort">8443</Set> <Set name="lowResourcesConnections">5000</Set> <Set name="lowResourcesMaxIdleTime">5000</Set> <Set name="headerBufferSize">65536</Set><!-- Old? --> <!-- <Set name="requestHeaderSize">65535</Set>--><!-- New? --> </New> </Arg> </Call> <!-- Use this connector if NIO is not available. <Call name="addConnector"> <Arg> <New class="org.mortbay.jetty.bio.SocketConnector"> <Set name="port">8081</Set> <Set name="maxIdleTime">50000</Set> <Set name="lowResourceMaxIdleTime">1500</Set> </New> </Arg> </Call> --> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - --> <!-- To add a HTTPS SSL listener --> <!-- see jetty-ssl.xml to add an ssl connector. use --> <!-- java -jar start.jar etc/jetty.xml etc/jetty-ssl.xml --> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - --> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - --> <!-- To allow Jetty to be started from xinetd --> <!-- mixin jetty-xinetd.xml: --> <!-- java -jar start.jar etc/jetty.xml etc/jetty-xinetd.xml --> <!-- --> <!-- See jetty-xinetd.xml for further instructions. --> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - --> <!-- =========================================================== --> <!-- Set up global session ID manager --> <!-- =========================================================== --> <!-- <Set name="sessionIdManager"> <New class="org.mortbay.jetty.servlet.HashSessionIdManager"> <Set name="workerName">node1</Set> </New> </Set> --> <!-- =========================================================== --> <!-- Set handler Collection Structure --> <!-- =========================================================== --> <Set name="handler"> <New id="Handlers" class="org.mortbay.jetty.handler.HandlerCollection"> <Set name="handlers"> <Array type="org.mortbay.jetty.Handler"> <Item> <New id="Contexts" class="org.mortbay.jetty.handler.ContextHandlerCollection"/> </Item> <Item> <New id="DefaultHandler" class="org.mortbay.jetty.handler.DefaultHandler"/> </Item> <Item> <New id="RequestLog" class="org.mortbay.jetty.handler.RequestLogHandler"/> </Item> </Array> </Set> </New> </Set> <!-- =========================================================== --> <!-- Configure the context deployer --> <!-- A context deployer will deploy contexts described in --> <!-- configuration files discovered in a directory. --> <!-- The configuration directory can be scanned for hot --> <!-- deployments at the configured scanInterval. --> <!-- --> <!-- This deployer is configured to deploy contexts configured --> <!-- in the $JETTY_HOME/contexts directory --> <!-- --> <!-- =========================================================== --> <Call name="addLifeCycle"> <Arg> <New class="org.mortbay.jetty.deployer.ContextDeployer"> <Set name="contexts"><Ref id="Contexts"/></Set> <Set name="configurationDir"><SystemProperty name="jetty.home" default="."/>/contexts</Set> <Set name="scanInterval">5</Set> </New> </Arg> </Call> <!-- =========================================================== --> <!-- Configure the webapp deployer. --> <!-- A webapp deployer will deploy standard webapps discovered --> <!-- in a directory at startup, without the need for additional --> <!-- configuration files. It does not support hot deploy or --> <!-- non standard contexts (see ContextDeployer above). --> <!-- --> <!-- This deployer is configured to deploy webapps from the --> <!-- $JETTY_HOME/webapps directory --> <!-- --> <!-- Normally only one type of deployer need be used. --> <!-- --> <!-- =========================================================== --> <Call name="addLifeCycle"> <Arg> <New class="org.mortbay.jetty.deployer.WebAppDeployer"> <Set name="contexts"><Ref id="Contexts"/></Set> <Set name="webAppDir"><SystemProperty name="jetty.home" default="."/>/webapps</Set> <Set name="parentLoaderPriority">false</Set> <Set name="extract">true</Set> <Set name="allowDuplicates">false</Set> <Set name="defaultsDescriptor"><SystemProperty name="jetty.home" default="."/>/etc/webdefault.xml</Set> </New> </Arg> </Call> <!-- =========================================================== --> <!-- Configure Authentication Realms --> <!-- Realms may be configured for the entire server here, or --> <!-- they can be configured for a specific web app in a context --> <!-- configuration (see $(jetty.home)/contexts/test.xml for an --> <!-- example). --> <!-- =========================================================== --> <Set name="UserRealms"> <Array type="org.mortbay.jetty.security.UserRealm"> <Item> <New class="org.mortbay.jetty.security.HashUserRealm"> <Set name="name">Test Realm</Set> <Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set> <Set name="refreshInterval">0</Set> </New> </Item> </Array> </Set> <!-- =========================================================== --> <!-- Configure Request Log --> <!-- Request logs may be configured for the entire server here, --> <!-- or they can be configured for a specific web app in a --> <!-- contexts configuration (see $(jetty.home)/contexts/test.xml --> <!-- for an example). --> <!-- =========================================================== --> <Ref id="RequestLog"> <Set name="requestLog"> <New id="RequestLogImpl" class="org.mortbay.jetty.NCSARequestLog"> <Set name="filename"><SystemProperty name="jetty.logs" default="./logs"/>/yyyy_mm_dd.request.log</Set> <Set name="filenameDateFormat">yyyy_MM_dd</Set> <Set name="retainDays">90</Set> <Set name="append">true</Set> <Set name="extended">false</Set> <Set name="logCookies">false</Set> <Set name="LogTimeZone">GMT</Set> </New> </Set> </Ref> <!-- =========================================================== --> <!-- extra options --> <!-- =========================================================== --> <Set name="stopAtShutdown">true</Set> <Set name="sendServerVersion">true</Set> <Set name="sendDateHeader">true</Set> <Set name="gracefulShutdown">1000</Set> </Configure> -- no debconf information
