Help
{{sidenavigation.sidenavigationExpandLabel}}
{{banner.text}} {{banner.linkText||banner.linkHref}}
{{getMsg('Help_YouAreHere')}}: {{page.title}} {{page.title}}
{{$root.getMsg("downLoadHelpAsPdf")}} {{helpModel.downloadHelpPdfDataStatus}}

Web ServerActive

The following information is derived from the plugin description.

Provides the webserver implementation for standalone installation of the server.

Configuring the webserver includes setting up ports for HTTP and HTTPS connections, encryption and additional custom HTTP headers. Custom SSL certificates can be created for testing purposes. Let's Encrypt is included in the configuration for production use to obtain globally valid certificates for servers that are publicly available.

A Task Planner task renews the Let's Encrypt certificates and checks user-defined certificates for changes - e.g. when they have been updated.

This plugin embedds the Jetty webserver and should not be used in third party webserver implementations like Tomcat, JBoss etc.

Migration Information

Migration to Version 22.10

  • The Allowed Cross Origins option is renamed to Allowed Origins and performs additional checks on the server side when configured.
    • The external visible URL is also sent as allowed origin using the CORS header
    • Connections to the server (either HTTPs or WSs) are also checked against the list of allowed origins and the external visible URL

Changelog Information

Changes in version 24.10

  • Update Bouncy Castle encryption library to FIPS-certified edition. FIPS certification ensures cryptographic modules meet rigorous security standards, enhancing security and trust.

Changes in version 23.10

  • Added option the security section of the webserver configuration to control embedding the application using X-Frame-Options.

Changes in version 23.4

Security Fixes

  • Security Update for CVE-2023-44487
    • The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Changes in version 22.10

  • Added placeholders for start and expiration date of the HTTPS certificate that is currently being used. The placeholders can then be used in Task Planner actions.
  • Changed Jetty server from version 9.4.x to 10.0.x.
  • Added support for HTTP/2 protocol.
  • Allowed Cross Origins is now called Allowed Origins

Security Fixes

  • If Allowed Origins is set, it will send CORS headers that also include the external visible URL.
    • The server now checks that it is addressed using any of the given values from either the external visible URL or the Alowed Origins
    • The server checks HTTP/s as well as WS/s connections

Changes in version 22.4

  • An optional web context of the web server can be set if the server should not run in the root context.
Version: 24.10.284 (2025-01-18)
i-net CoWork
This application uses cookies to allow login. By continuing to use this application, you agree to the use of cookies.


Help - Web Server