Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Updating SSL keystore

On Feb 6, 2017 10:45 AM, "Simone Bordet" <sbordet@xxxxxxxxxxx> wrote:
Hi,

Hey again, Simone. 

On Mon, Feb 6, 2017 at 7:57 AM, Travis Spencer <travislspencer@xxxxxxxxx> wrote:
> What about ciphers,

Ciphers are part of the crypto material you reload with #918.

Nice 

> port, listening address,

This requires to shutdown the server socket

This is what we do now by shutting down our embedded Jetty instance. Afterwards, we immediately start a new one on the new port/address. 

which means that clients
won't be able to connect and that the server would need to wait for
existing clients to finish to use their connections.

I guess we'd have to bring up the new Jetty instance on the new port/address while old connections on the old Jetty instance drain out. Then, we can shutdown the old instance. Would be nice if Jetty did this itself, but we can as well, I suppose. How can we tell if all the connections have drained? Any clue? 

It is typically best achieved with a load balancer in front of Jetty
and a Jetty restart.

We can't assume our customers have one of these. They pretty much all do, but we can't require it. 

> min/max threads,

These are already modifiable on-the-fly via JMX.

We completely disable JMX. Any other way to do this without a restart? 

Thanks again, 

Travis Spencer 

Back to the top