# jetty.ssl.host=0.0.0.0
## Connector port to listen on
-jetty.ssl.port=<%= @FE_https_port %>
+jetty.ssl.port=<%= @https_port %>
## Connector idle timeout in milliseconds
# jetty.ssl.idleTimeout=30000
## Keystore password
# jetty.sslContext.keyStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
+jetty.sslContext.keyStorePassword=OBF:1cp61iuj194s194u194w194y1is31cok
## Keystore type and provider
# jetty.sslContext.keyStoreType=JKS
## KeyManager password
# jetty.sslContext.keyManagerPassword=OBF:1u2u1wml1z7s1z7a1wnl1u2g
+jetty.sslContext.keyManagerPassword=OBF:1cp61iuj194s194u194w194y1is31cok
## Truststore password
# jetty.sslContext.trustStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
+jetty.sslContext.trustStorePassword=OBF:1cp61iuj194s194u194w194y1is31cok
## Truststore type and provider
# jetty.sslContext.trustStoreType=JKS
## Set the timeout (in seconds) of the SslSession cache timeout
# jetty.sslContext.sslSessionTimeout=-1
+
+## Allow SSL renegotiation
+# jetty.sslContext.renegotiationAllowed=true
+# jetty.sslContext.renegotiationLimit=5
"run_list": [
"recipe[sdc-catalog-be::BE_1_cleanup_jettydir]",
"recipe[sdc-catalog-be::BE_2_setup_configuration]",
- "recipe[sdc-catalog-be::BE_4_jetty_Modules]",
- "recipe[sdc-catalog-be::BE_5_setup_elasticsearch]",
- "recipe[sdc-catalog-be::BE_6_setup_portal_properties]",
- "recipe[sdc-catalog-be::BE_7_logback]",
- "recipe[sdc-catalog-be::BE_8_errors_config]"
+ "recipe[sdc-catalog-be::BE_3_locate_keystore]",
+ "recipe[sdc-catalog-be::BE_5_jetty_Modules]",
+ "recipe[sdc-catalog-be::BE_6_setup_elasticsearch]",
+ "recipe[sdc-catalog-be::BE_7_setup_portal_properties]",
+ "recipe[sdc-catalog-be::BE_8_logback]",
+ "recipe[sdc-catalog-be::BE_9_errors_config]"
],
"env_run_lists": {
}
--- /dev/null
+# ---------------------------------------
+# Module: ssl
+--module=ssl
+
+### TLS(SSL) Connector Configuration
+
+## Connector host/address to bind to
+# jetty.ssl.host=0.0.0.0
+
+## Connector port to listen on
+jetty.ssl.port=<%= @https_port %>
+
+## Connector idle timeout in milliseconds
+# jetty.ssl.idleTimeout=30000
+
+## Connector socket linger time in seconds (-1 to disable)
+# jetty.ssl.soLingerTime=-1
+
+## Number of acceptors (-1 picks default based on number of cores)
+# jetty.ssl.acceptors=-1
+
+## Number of selectors (-1 picks default based on number of cores)
+# jetty.ssl.selectors=-1
+
+## ServerSocketChannel backlog (0 picks platform default)
+# jetty.ssl.acceptorQueueSize=0
+
+## Thread priority delta to give to acceptor threads
+# jetty.ssl.acceptorPriorityDelta=0
+
+## Whether request host names are checked to match any SNI names
+# jetty.ssl.sniHostCheck=true
+
+## max age in seconds for a Strict-Transport-Security response header (default -1)
+# jetty.ssl.stsMaxAgeSeconds=31536000
+
+## include subdomain property in any Strict-Transport-Security header (default false)
+# jetty.ssl.stsIncludeSubdomains=true
+
+### SslContextFactory Configuration
+## Note that OBF passwords are not secure, just protected from casual observation
+## See http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html
+
+## Keystore file path (relative to $jetty.base)
+# jetty.sslContext.keyStorePath=etc/keystore
+
+## Truststore file path (relative to $jetty.base)
+# jetty.sslContext.trustStorePath=etc/keystore
+
+## Keystore password
+# jetty.sslContext.keyStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
+jetty.sslContext.keyStorePassword=OBF:1cp61iuj194s194u194w194y1is31cok
+
+## Keystore type and provider
+# jetty.sslContext.keyStoreType=JKS
+# jetty.sslContext.keyStoreProvider=
+
+## KeyManager password
+# jetty.sslContext.keyManagerPassword=OBF:1u2u1wml1z7s1z7a1wnl1u2g
+jetty.sslContext.keyManagerPassword=OBF:1cp61iuj194s194u194w194y1is31cok
+
+## Truststore password
+# jetty.sslContext.trustStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
+jetty.sslContext.trustStorePassword=OBF:1cp61iuj194s194u194w194y1is31cok
+
+## Truststore type and provider
+# jetty.sslContext.trustStoreType=JKS
+# jetty.sslContext.trustStoreProvider=
+
+## whether client certificate authentication is required
+# jetty.sslContext.needClientAuth=false
+
+## Whether client certificate authentication is desired
+# jetty.sslContext.wantClientAuth=false
+
+## Whether cipher order is significant (since java 8 only)
+# jetty.sslContext.useCipherSuitesOrder=true
+
+## To configure Includes / Excludes for Cipher Suites or Protocols see tweak-ssl.xml example at
+## https://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#configuring-sslcontextfactory-cipherSuites
+
+## Set the size of the SslSession cache
+# jetty.sslContext.sslSessionCacheSize=-1
+
+## Set the timeout (in seconds) of the SslSession cache timeout
+# jetty.sslContext.sslSessionTimeout=-1
+
+## Allow SSL renegotiation
+# jetty.sslContext.renegotiationAllowed=true
+# jetty.sslContext.renegotiationLimit=5