On Debian 13:
sudo apt update
sudo apt install openjdk-17-jdk
On RHEL 10:
sudo dnf install java-17-openjdk-devel
Verify:
java -version
sudo useradd --system --home /opt/jetty --shell /usr/sbin/nologin jetty
cd /tmp
JETTY_VERSION=12.1.7
curl -LO "https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-home/${JETTY_VERSION}/jetty-home-${JETTY_VERSION}.tar.gz"
sudo mkdir -p /opt/jetty
sudo tar -xzf "jetty-home-${JETTY_VERSION}.tar.gz" -C /opt/jetty --strip-components=1
sudo chown -R jetty:jetty /opt/jetty
Check the latest version before installation:
https://jetty.org/download.html
sudo mkdir -p /opt/jetty-base
sudo chown -R jetty:jetty /opt/jetty-base
sudo -u jetty /bin/sh -c 'cd /opt/jetty-base && /usr/bin/java -jar /opt/jetty/start.jar --add-to-start=server,http'
sudo tee /etc/systemd/system/jetty.service >/dev/null <<'SERVICE'
[Unit]
Description=Eclipse Jetty Web Server
After=network.target
[Service]
Type=simple
User=jetty
Group=jetty
Environment=JETTY_HOME=/opt/jetty
Environment=JETTY_BASE=/opt/jetty-base
Environment=JAVA_HOME=/usr/lib/jvm/java-17-openjdk
WorkingDirectory=/opt/jetty-base
ExecStart=/usr/bin/java -jar /opt/jetty/start.jar
Restart=on-failure
NoNewPrivileges=yes
PrivateTmp=yes
ProtectSystem=full
ProtectHome=true
ProtectControlGroups=yes
ProtectKernelTunables=yes
ProtectKernelModules=yes
LockPersonality=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
RestrictNamespaces=yes
SystemCallArchitectures=native
CapabilityBoundingSet=
AmbientCapabilities=
[Install]
WantedBy=multi-user.target
SERVICE
Note: On Debian, you may need to set JAVA_HOME to /usr/lib/jvm/java-17-openjdk-amd64.
If your app needs write access outside /opt/jetty-base, add ReadWritePaths= entries to the service.
Stronger hardening (optional). This limits system access and may require ReadWritePaths for logs or uploads. If Jetty fails to start, remove or relax these:
ProtectSystem=strict
PrivateDevices=yes
ProtectClock=yes
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectProc=invisible
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictFileSystems=ext4 xfs
UMask=0077
Enable and start:
sudo systemctl daemon-reload
sudo systemctl enable --now jetty
On UFW:
sudo ufw allow 8080/tcp
On firewalld:
sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --reload
Open http://SERVER_IP:8080 in your browser.
JETTY_BASE.Do you need help or support for Jetty? Feel free to contact us!
Prefer automation? Choose your deployment method:
| Method | Description | Playbook |
|---|---|---|
| Native Installation | Installs Jetty directly on the host system | Eclipse Jetty Ansible Setup |
| Docker Deployment | Deploys Jetty using Docker Compose | Eclipse Jetty Docker Ansible Setup |
Prefer manual container setup? See Eclipse Jetty Docker Setup.
See Jetty Configuration for configuration guidance.
See Jetty Security for hardening and operational security controls.
Any questions?
Feel free to contact us. Find all contact information on our contact page.