-
Notifications
You must be signed in to change notification settings - Fork 40.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support declaritive SSL termination #1084
Comments
While I remember, I answered a question the other day about configuring SSL on Jetty. This is the code to do it: @Bean
public EmbeddedServletContainerCustomizer servletContainerCustomizer() {
return new EmbeddedServletContainerCustomizer() {
@Override
public void customize(ConfigurableEmbeddedServletContainer container) {
if (container instanceof JettyEmbeddedServletContainerFactory) {
customizeJetty((JettyEmbeddedServletContainerFactory) container);
}
}
private void customizeJetty(JettyEmbeddedServletContainerFactory factory) {
factory.addServerCustomizers(new JettyServerCustomizer() {
@Override
public void customize(Server server) {
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePassword("password");
try {
sslContextFactory.setKeyStorePath(ResourceUtils.getFile(
"classpath:jetty-ssl.keystore").getAbsolutePath());
}
catch (FileNotFoundException ex) {
throw new IllegalStateException("Could not load keystore", ex);
}
SslSocketConnector sslConnector = new SslSocketConnector(
sslContextFactory);
sslConnector.setPort(8443);
server.addConnector(sslConnector);
}
});
}
};
} |
I should also mention that the above (and the same for Tomcat) doesn't work work inside from within a jar (or nested jar). I would think that is okay because typically one doesn't package the keystore with the application, but it should probably be mentioned in the docs if this feature is implemented. |
Good point. Thanks, @btiernay. I've learned today that we can do slightly better with Jetty as it allows the keystore to be configured using a
This allows the keystore to be packaged in a jar if you're using Jetty. Tomcat still requires the keystore to be a file on the filesystem and we'll need to document this. |
Awesome, thanks! |
We support SSL but as pointed out in #101 (comment) it's not all that convenient to configure.
The text was updated successfully, but these errors were encountered: