For all of my ORDS demos, I’m running it as a standalone process. There’s no Tomcat or Apache involved – and that’s OK. Your needs may require otherwise, and that’s OK too.
When running in a standalone configuration like this, ORDS’ HTTP(S) functionality is being delivered by an embedded Jetty web server. Jetty is an Eclipse project. Very cool stuff – used by LOTS of solutions out there.
Anyhow, a customer asked:
Hi,
Can we hide Jetty version in the header response ?
which is :Server : Jetty(9.2.z-SNAPSHOT)
Or in other words, they’re not a big fan of THIS
Security by obscurity – maybe you don’t want to advertise that you’re running Jetty.
Ok, so how do we make that go away?
Thankfully it’s pretty easy.
The ETC\JETTY XML Config File
In your ORDS-INSTALL-HOME\standalone directory, create a subdirectory ‘etc’
Then in THAT directory, create an jetty-http.xml file.
Then in THAT file, add these lines
<?xml version="1.0"?> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure.dtd"> <Configure id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration"> <Set name="sendServerVersion">false</Set> </Configure>
Restart ORDS.
Refresh your ORDS request, check the response header.
Cool? Cool.
There’s a TON of Jetty Config Options Available
Kris has talked about a few of them before. For example, this post on how to enable Access logs for Jetty pretty much told me HOW to do this post today.
Ok, so what else can I change?
You’ll want to take a look at the Jetty API docs. Here’s the interesting bits on controlling the response header.
9 Comments
Hi jeff,
I am using nssm tool(https://nssm.cc/download) and created a service in windows to startup/shutdown the ords service.
Now I am looking for a way out to capture the output which is observed once you start the ords
e.g java -jar D:\ords21.2\ords.war standalone
Is there anyway i can capture this using any options or anything?
Would really appreciate if you could help me on this.
Sorry I’m not familiar with NSSM, but your Windows service just needs to be told to redirect stdout from ORDS to a file.
https://stackoverflow.com/questions/1420965/how-to-redirect-windows-cmd-stdout-and-stderr-to-a-single-file/1420981#1420981
Hello Jeff,
Were you able to test jetty-html.xml on ORDS 22.3?
Thanks.
Jeff,
With ORDS 22.1 we no longer have a ORDS-INSTALL-HOME\standalone by default when running ORDS in standalone mode…
I’ve not played around with this yet with ORDS 22.1… Should we be adding a \standalone\etc directory to our ORDS-INSTALL-HOME?
Also, correct me if I’m wrong, but wouldn’t this really go into the ORDS-CONFIGURATION-HOME and not the ORDS-INSTALL-HOME?
Thanks!
I’m taking today off will try to catch up to this, tomorrow.
Jeff,
Is it possible to configure cipher suites on Jetty when using it for APEX?
Regards
Edwin
Probably. But you’re on your own at that point. And it might just be easier to move on up to Tomcat.
Hello Jeff,
We were planning to deploy ORDS on Production with the embedded jetty option as our other internal java apps for our project are not on Tomcat/Weblogic.
Do you think standalone is good to go ahead with in this case?
Please can you specify any disadvantages as I am not able to find it anywhere. Thanks.
Not having the features of Tomcat, logging/config/authentication tie in features come to mind. You can get a lot of this from Jetty, but Tomcat makes it much easier.