-
Notifications
You must be signed in to change notification settings - Fork 397
Configuring HTTPS for Jetty server
dbeaver-devops edited this page Dec 4, 2024
·
4 revisions
IMPORTANT: You must replace {...}
blocks with your own values.
-
Open the terminal and navigate to the workspace directory
-
Type the following commands:
openssl genrsa -des3 -passout pass:1 -out {your domain}.pass.key 2048
openssl rsa -passin pass:1 -in {your domain}.pass.key -out {your domain}.key
-
rm {your domain}.pass.key
(ordel {your domain}.pass.key
on Windows) openssl req -key {your domain}.key -sha256 -new -out {your domain}.csr
openssl x509 -req -days 3650 -in {your domain}.csr -signkey {your domain}.key -out {your domain}.crt
openssl pkcs12 -export -in {your domain}.crt -inkey {your domain}.key -out {your domain}.p12 -name {your domain} -passout pass:{your password}
keytool -importkeystore -deststorepass {your password} -destkeypass {your password} -destkeystore {your domain}.keystore -srckeystore {your domain}.p12 -srcstoretype PKCS12 -srcstorepass {your password} -alias {your domain}
-
Create a new file called
ssl-config.xml
in the.data
directory inside the workspace with the following content:
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_10_0.dtd">
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
<Set name="sendServerVersion">false</Set>
<Set name="sendDateHeader">false</Set>
</New>
<Call name="addBean">
<Arg>
<New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
<Set name="keyStorePath">
{Full path to your keystore. Example: /opt/cloudbeaver/workspace/cb_keys/domain.test.keystore}
</Set>
<Set name="keyStorePassword">
{The password you specified when creating certificates}
</Set>
<Set name="trustStorePath">
{Full path to your keystore example: /opt/cloudbeaver/workspace/cb_keys/domain.test.keystore}
</Set>
<Set name="trustStorePassword">
{The password you specified when creating certificates}
</Set>
<Set name="IncludeProtocols">
<Array type="String">
<Item>TLSv1.2</Item>
</Array>
</Set>
<Set name="IncludeCipherSuites">
<Array type="String">
<Item>TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</Item>
<Item>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</Item>
</Array>
</Set>
<New id="tlsHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
<Arg>
<Ref refid="httpConfig"/>
</Arg>
<Call name="addCustomizer">
<Arg>
<New class="org.eclipse.jetty.server.SecureRequestCustomizer">
<Set name="sniHostCheck">false</Set>
</New>
</Arg>
</Call>
</New>
</New>
</Arg>
</Call>
<Call id="sslConnector" name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ServerConnector">
<Arg name="server">
<Ref refid="Server"/>
</Arg>
<Arg name="factories">
<Array type="org.eclipse.jetty.server.ConnectionFactory">
<Item>
<New class="org.eclipse.jetty.server.SslConnectionFactory">
<Arg name="next">http/1.1</Arg>
<Arg name="sslContextFactory">
<Ref refid="sslContextFactory"/>
</Arg>
</New>
</Item>
<Item>
<New class="org.eclipse.jetty.server.HttpConnectionFactory">
<Arg name="config">
<Ref refid="tlsHttpConfig"/>
</Arg>
</New>
</Item>
</Array>
</Arg>
<Set name="port">
8978
</Set>
<Set name="idleTimeout">
<Property name="jetty.idleTimeout" default="30000"/>
</Set>
</New>
</Arg>
</Call>
</Configure>
- Start the application using the following command:
- In docker:
docker run --name={container name} -p 8978:8978 -ti -v {absolute path to workspace}:/opt/cloudbeaver/workspace dbeaver/cloudbeaver-ee:{container name}
- From sources:
./run-server.sh
- In docker:
- Application overview
- Demo Server
- Administration
- Server configuration
- Create Connection
- Connection Templates Management
- Access Management
-
Authentication methods
- Local Access Authentication
- Anonymous Access Configuration
- Reverse proxy header authentication
- LDAP
- Single Sign On
- SAML
- OpenID
- AWS OpenID
- AWS SAML
- AWS IAM
- AWS OpenId via Okta
- Snowflake SSO
- Okta OpenId
- Cognito OpenId
- JWT authentication
- Kerberos authentication
- NTLM
- Microsoft Entra ID authentication
- Google authentication
- User credentials storage
- Cloud Explorer
- Cloud storage
- Query Manager
- Drivers Management
- Supported databases
- Accessibility
- Keyboard shortcuts
- Features
- Server configuration
- CloudBeaver and Nginx
- Domain manager
- Configuring HTTPS for Jetty server
- Product configuration parameters
- Command line parameters
- Local Preferences
- API
-
CloudBeaver Community
-
CloudBeaver AWS
-
CloudBeaver Enterprise
-
Deployment options
-
Development