Secure Socket Layer
Clone this wiki locally
There are two ways to enable SSL connections in Trinidad.
--ssl option can be used with
trinidad. The default port is 3443 (since 1.4.6 previously 8443), but it can also be passed on the command line
jruby -S trinidad --ssl [PORT]
Running with https:// will need a SSL key-store or SSL certificate configuration, but to get started quickly Trinidad auto-generates a dummy key-store (under ssl/keystore) and uses it on sub-sequent runs (check the logs).
For real production setup configure a keystore using the configuration file e.g. config/trinidad.yml :
--- ssl: port: 3443 keystore: /etc/trinidad/default.keystore keystorePass: "<%= ENV['KEYSTORE_PASS'] %>"
The keystore option is a path (relative from the application root) to the keystore file while the keystorePass is the password for the provided key-store file.
(More) Configuration Options
Tomcat has a bunch of configuration options that can be tuned with SSL connectors (e.g. for using OpenSSL), these options are well documented and are to be specified under the https section :
--- https: # or ssl: # SSL specific options keystoreFile: .ssl/trinidad.jks keystorePass: a-trinidad-secret clientAuth: true # shared (connector) options port: 8443 maxThreads: 500 minSpareThreads: 100 connectionTimeout: 10000 keepAliveTimeout: 2500 # @see https://github.com/trinidad/trinidad/wiki/HTTP-Connector
Using SSL Certificates
--- # ... https: SSLCertificateFile: /usr/local/ssl/server.crt SSLCertificateKeyFile: /usr/local/ssl/server.pem # ...