Secure Socket Layer

Karol Bucek edited this page Dec 28, 2013 · 2 revisions

There are two ways to enable SSL connections in Trinidad.

The --ssl option can be used with trinidad. The default port is 3443 (since 1.4.6 previously 8443), but it can also be passed on the command line jruby -S trinidad --ssl [PORT]

Running with https:// will need a SSL key-store or SSL certificate configuration, but to get started quickly Trinidad auto-generates a dummy key-store (under ssl/keystore) and uses it on sub-sequent runs (check the logs).

For real production setup configure a keystore using the configuration file e.g. config/trinidad.yml :

---
  ssl:
    port: 3443
    keystore: /etc/trinidad/default.keystore
    keystorePass: "<%= ENV['KEYSTORE_PASS'] %>"

The keystore option is a path (relative from the application root) to the keystore file while the keystorePass is the password for the provided key-store file.

(More) Configuration Options

Tomcat has a bunch of configuration options that can be tuned with SSL connectors (e.g. for using OpenSSL), these options are well documented and are to be specified under the https section :

---
  https: # or ssl:
    # SSL specific options
    keystoreFile: .ssl/trinidad.jks
    keystorePass: a-trinidad-secret
    clientAuth: true
    # shared (connector) options
    port: 8443
    maxThreads: 500
    minSpareThreads: 100
    connectionTimeout: 10000
    keepAliveTimeout: 2500
    # @see https://github.com/trinidad/trinidad/wiki/HTTP-Connector

Using SSL Certificates

---
  # ...
  https:
    SSLCertificateFile: /usr/local/ssl/server.crt
    SSLCertificateKeyFile: /usr/local/ssl/server.pem
    # ...