Configuring HTTPS for Jetty server
Table of contents
Overview
This guide walks you through creating and configuring SSL certificates, setting up Jetty server configuration, and running your application with SSL enabled.
Important: You must replace
{...}blocks with your own values.
Configuration steps
Open the terminal and navigate to the workspace directory
Type the following commands:
openssl genrsa -des3 -passout pass:1 -out {your domain}.pass.key 2048openssl rsa -passin pass:1 -in {your domain}.pass.key -out {your domain}.keyrm {your domain}.pass.key(ordel {your domain}.pass.keyon Windows)openssl req -key {your domain}.key -sha256 -new -out {your domain}.csropenssl x509 -req -days 3650 -in {your domain}.csr -signkey {your domain}.key -out {your domain}.crtopenssl pkcs12 -export -in {your domain}.crt -inkey {your domain}.key -out {your domain}.p12 -name {your domain} -passout pass:{your password}keytool -importkeystore -deststorepass {your password} -destkeypass {your password} -destkeystore {your domain}.keystore -srckeystore {your domain}.p12 -srcstoretype PKCS12 -srcstorepass {your password} -alias {your domain}
Create a new file called
ssl-config.xmlin the.datadirectory inside the workspace with the following content:
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_10_0.dtd">
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
<Set name="sendServerVersion">false</Set>
<Set name="sendDateHeader">false</Set>
</New>
<Call name="addBean">
<Arg>
<New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
<Set name="keyStorePath">
{Full path to your keystore. Example: /opt/cloudbeaver/workspace/cb_keys/domain.test.keystore}
</Set>
<Set name="keyStorePassword">
{The password you specified when creating certificates}
</Set>
<Set name="trustStorePath">
{Full path to your keystore example: /opt/cloudbeaver/workspace/cb_keys/domain.test.keystore}
</Set>
<Set name="trustStorePassword">
{The password you specified when creating certificates}
</Set>
<Set name="IncludeProtocols">
<Array type="String">
<Item>TLSv1.2</Item>
</Array>
</Set>
<Set name="IncludeCipherSuites">
<Array type="String">
<Item>TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</Item>
<Item>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</Item>
</Array>
</Set>
<New id="tlsHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
<Arg>
<Ref refid="httpConfig" />
</Arg>
<Call name="addCustomizer">
<Arg>
<New class="org.eclipse.jetty.server.SecureRequestCustomizer">
<Set name="sniHostCheck">false</Set>
</New>
</Arg>
</Call>
</New>
</New>
</Arg>
</Call>
<Call id="sslConnector" name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ServerConnector">
<Arg name="server">
<Ref refid="Server" />
</Arg>
<Arg name="factories">
<Array type="org.eclipse.jetty.server.ConnectionFactory">
<Item>
<New class="org.eclipse.jetty.server.SslConnectionFactory">
<Arg name="next">http/1.1</Arg>
<Arg name="sslContextFactory">
<Ref refid="sslContextFactory" />
</Arg>
</New>
</Item>
<Item>
<New class="org.eclipse.jetty.server.HttpConnectionFactory">
<Arg name="config">
<Ref refid="tlsHttpConfig" />
</Arg>
</New>
</Item>
</Array>
</Arg>
<Set name="port">
8978
</Set>
<Set name="idleTimeout">
<Property name="jetty.idleTimeout" default="30000" />
</Set>
</New>
</Arg>
</Call>
</Configure>
- Start the application using the following command:
- In docker:
docker run --name={container name} -p 8978:8978 -ti -v {absolute path to workspace}:/opt/cloudbeaver/workspace dbeaver/cloudbeaver-ee:{container name} - From sources:
./run-server.sh
- In docker: