|
|
@@ -70,6 +70,20 @@ $ docker run -d --read-only -v /tmp/jetty -v /run/jetty %%REPO%%
|
|
|
|
|
|
Since the container is read-only, you'll need to either mount in your webapps directory with `-v /path/to/my/webapps:/var/lib/jetty/webapps` or by populating `/var/lib/jetty/webapps` in a derived image.
|
|
|
|
|
|
+## HTTP/2 Support
|
|
|
+
|
|
|
+Starting with version 9.3, Jetty comes with built-in support for HTTP/2. However, due to potential license compatiblity issues with the ALPN library used to implement HTTP/2, the module is not enabled by default. In order to enable HTTP/2 support in a derived `Dockerfile` for private use, you can add a `RUN` command that enables the `http2` module and approve its license as follows:
|
|
|
+
|
|
|
+```Dockerfile
|
|
|
+FROM jetty
|
|
|
+
|
|
|
+RUN java -jar \$JETTY_HOME/start.jar --add-to-startd=http2 --approve-all-licenses
|
|
|
+```
|
|
|
+
|
|
|
+This will add an `http2.ini` file to the `$JETTY_BASE/start.d` directory and download the required ALPN libraries into `$JETTY_BASE/lib/alpn`, allowing the use of HTTP/2. HTTP/2 connections should be made via the same port as normal HTTPS connections (container port 8443). If you would like to enable the `http2` module via `$JETTY_BASE/start.ini` instead, substitute `--add-to-start` in place of `--add-to-startd` in the `RUN` command above.
|
|
|
+
|
|
|
+Once OpenJDK 9 becomes generally available with built-in support for ALPN, this image will be updated to enable HTTP/2 support by default.
|
|
|
+
|
|
|
# Security
|
|
|
|
|
|
By default, this image starts as user `root` and uses Jetty's `setuid` module to drop privileges to user `jetty` after initialization. The `JETTY_BASE` directory at `/var/lib/jetty` is owned by `jetty:jetty` (uid 999, gid 999).
|
Mike Dillon