Configuring HTTPS for Jetty server
IMPORTANT: You must replace {...}
blocks with your own values.
Open the terminal and navigate to the workspace directory
Type the following commands:
openssl genrsa -des3 -passout pass:1 -out {your domain}.pass.key 2048
openssl rsa -passin pass:1 -in {your domain}.pass.key -out {your domain}.key
rm {your domain}.pass.key
(ordel {your domain}.pass.key
on Windows)openssl req -key {your domain}.key -sha256 -new -out {your domain}.csr
openssl x509 -req -days 3650 -in {your domain}.csr -signkey {your domain}.key -out {your domain}.crt
openssl pkcs12 -export -in {your domain}.crt -inkey {your domain}.key -out {your domain}.p12 -name {your domain} -passout pass:{your password}
keytool -importkeystore -deststorepass {your password} -destkeypass {your password} -destkeystore {your domain}.keystore -srckeystore {your domain}.p12 -srcstoretype PKCS12 -srcstorepass {your password} -alias {your domain}
Create a new file called
ssl-config.xml
in the.data
directory inside the workspace with the following content:
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_10_0.dtd">
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
<Set name="sendServerVersion">false</Set>
<Set name="sendDateHeader">false</Set>
</New>
<Call name="addBean">
<Arg>
<New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
<Set name="keyStorePath">
{Full path to your keystore. Example: /opt/cloudbeaver/workspace/cb_keys/domain.test.keystore}
</Set>
<Set name="keyStorePassword">
{The password you specified when creating certificates}
</Set>
<Set name="trustStorePath">
{Full path to your keystore example: /opt/cloudbeaver/workspace/cb_keys/domain.test.keystore}
</Set>
<Set name="trustStorePassword">
{The password you specified when creating certificates}
</Set>
<Set name="IncludeProtocols">
<Array type="String">
<Item>TLSv1.2</Item>
</Array>
</Set>
<Set name="IncludeCipherSuites">
<Array type="String">
<Item>TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</Item>
<Item>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</Item>
</Array>
</Set>
<New id="tlsHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
<Arg>
<Ref refid="httpConfig" />
</Arg>
<Call name="addCustomizer">
<Arg>
<New class="org.eclipse.jetty.server.SecureRequestCustomizer">
<Set name="sniHostCheck">false</Set>
</New>
</Arg>
</Call>
</New>
</New>
</Arg>
</Call>
<Call id="sslConnector" name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ServerConnector">
<Arg name="server">
<Ref refid="Server" />
</Arg>
<Arg name="factories">
<Array type="org.eclipse.jetty.server.ConnectionFactory">
<Item>
<New class="org.eclipse.jetty.server.SslConnectionFactory">
<Arg name="next">http/1.1</Arg>
<Arg name="sslContextFactory">
<Ref refid="sslContextFactory" />
</Arg>
</New>
</Item>
<Item>
<New class="org.eclipse.jetty.server.HttpConnectionFactory">
<Arg name="config">
<Ref refid="tlsHttpConfig" />
</Arg>
</New>
</Item>
</Array>
</Arg>
<Set name="port">
8978
</Set>
<Set name="idleTimeout">
<Property name="jetty.idleTimeout" default="30000" />
</Set>
</New>
</Arg>
</Call>
</Configure>
- Start the application using the following command:
- In docker:
docker run --name={container name} -p 8978:8978 -ti -v {absolute path to workspace}:/opt/cloudbeaver/workspace dbeaver/cloudbeaver-ee:{container name}
- From sources:
./run-server.sh
- In docker: