Secure Socket Layer

Karol Bucek edited this page Dec 28, 2013 · 2 revisions

There are two ways to enable SSL connections in Trinidad.

The --ssl option can be used with trinidad. The default port is 3443 (since 1.4.6 previously 8443), but it can also be passed on the command line jruby -S trinidad --ssl [PORT]

Running with https:// will need a SSL key-store or SSL certificate configuration, but to get started quickly Trinidad auto-generates a dummy key-store (under ssl/keystore) and uses it on sub-sequent runs (check the logs).

For real production setup configure a keystore using the configuration file e.g. config/trinidad.yml :

    port: 3443
    keystore: /etc/trinidad/default.keystore
    keystorePass: "<%= ENV['KEYSTORE_PASS'] %>"

The keystore option is a path (relative from the application root) to the keystore file while the keystorePass is the password for the provided key-store file.

(More) Configuration Options

Tomcat has a bunch of configuration options that can be tuned with SSL connectors (e.g. for using OpenSSL), these options are well documented and are to be specified under the https section :

  https: # or ssl:
    # SSL specific options
    keystoreFile: .ssl/trinidad.jks
    keystorePass: a-trinidad-secret
    clientAuth: true
    # shared (connector) options
    port: 8443
    maxThreads: 500
    minSpareThreads: 100
    connectionTimeout: 10000
    keepAliveTimeout: 2500
    # @see

Using SSL Certificates

  # ...
    SSLCertificateFile: /usr/local/ssl/server.crt
    SSLCertificateKeyFile: /usr/local/ssl/server.pem
    # ...