Bind Jetty only on localhost

Hi all!

I followed the https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Installation/InstallationViaAPT/ guide and now have a working Wiki setup. I also set up an Apache2 reverse proxy to secure the installation. Now I figured XWiki’s Jetty is binding on all interfaces, not only localhost (which is what I want). How can I accomplish that? I figured I need to do things in /etc/xwiki/jetty-web.xml, but the problem is the internets tell me different things about different Jetty versions, some supporting configurative restriction via org.eclipse.jetty.server.handler.IPAccessHandler, other sources tell that this is deprecated, others then again say it can only be done programmatically.

So, what is the “right” way to do it for the current (xwiki-xjetty-common-16.1.0) version of an xwiki-jetty setup?

Thanks in advance,
Thomas.

As a heads-up, a systemctl edit xwiki and adding

[Service]
Environment='JETTY_OPTS=-Djetty.http.host=127.0.0.1'

to the therefor created /etc/systemd/system/xwiki.service.d/override.conf brought success:

$ ps -eo args | grep java
java ... -jar jetty/start.jar -Djetty.http.host=127.0.0.1 jetty.http.port=8080 STOP.KEY=xwiki STOP.PORT=8079

and

$ netstat -lnp | grep 8080
tcp6       0      0 127.0.0.1:8080          :::*                    LISTEN      168875/java

The trick here is to use single-quoting in the override file; double quotes / escaped quotes don’t work.