Skip to content

Configuring HTTPS for Jetty server

Jump to bottom
dbeaver-devops edited this page Sep 15, 2025 · 8 revisions

Table of contents

This guide walks you through creating and configuring SSL certificates, setting up Jetty server configuration, and running your application with SSL enabled.

Important: You must replace {...} blocks with your own values.

Configuration steps

  1. Open the terminal and navigate to the workspace directory

  2. Type the following commands:

    1. openssl genrsa -des3 -passout pass:1 -out {your domain}.pass.key 2048
    2. openssl rsa -passin pass:1 -in {your domain}.pass.key -out {your domain}.key
    3. rm {your domain}.pass.key (or del {your domain}.pass.key on Windows)
    4. openssl req -key {your domain}.key -sha256 -new -out {your domain}.csr
    5. openssl x509 -req -days 3650 -in {your domain}.csr -signkey {your domain}.key -out {your domain}.crt
    6. openssl pkcs12 -export -in {your domain}.crt -inkey {your domain}.key -out {your domain}.p12 -name {your domain} -passout pass:{your password}
    7. keytool -importkeystore -deststorepass {your password} -destkeypass {your password} -destkeystore {your domain}.keystore -srckeystore {your domain}.p12 -srcstoretype PKCS12 -srcstorepass {your password} -alias {your domain}

  3. Create a new file called ssl-config.xml in the .data directory inside the workspace with the following content:

    <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_10_0.dtd">
<Configure id="Server" class="org.eclipse.jetty.server.Server">
    <New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
        <Set name="sendServerVersion">false</Set>
        <Set name="sendDateHeader">false</Set>
    </New>

    <Call name="addBean">
        <Arg>
            <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
                <Set name="keyStorePath">
                    {Full path to your keystore. Example: /opt/cloudbeaver/workspace/cb_keys/domain.test.keystore}
                </Set>
                <Set name="keyStorePassword">
                    {The password you specified when creating certificates}
                </Set>
                <Set name="trustStorePath">
                    {Full path to your keystore example: /opt/cloudbeaver/workspace/cb_keys/domain.test.keystore}
                </Set>
                <Set name="trustStorePassword">
                    {The password you specified when creating certificates}
                </Set>
                <Set name="IncludeProtocols">
                    <Array type="String">
                        <Item>TLSv1.2</Item>
                    </Array>
                </Set>
                <Set name="IncludeCipherSuites">
                    <Array type="String">
                        <Item>TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</Item>
                        <Item>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</Item>
                    </Array>
                </Set>
                <New id="tlsHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
                    <Arg>
                        <Ref refid="httpConfig"/>
                    </Arg>
                    <Call name="addCustomizer">
                        <Arg>
                            <New class="org.eclipse.jetty.server.SecureRequestCustomizer">
                                <Set name="sniHostCheck">false</Set>
                            </New>
                        </Arg>
                    </Call>
                </New>
            </New>
        </Arg>
    </Call>

    <Call id="sslConnector" name="addConnector">
        <Arg>
            <New class="org.eclipse.jetty.server.ServerConnector">
                <Arg name="server">
                    <Ref refid="Server"/>
                </Arg>
                <Arg name="factories">
                    <Array type="org.eclipse.jetty.server.ConnectionFactory">
                        <Item>
                            <New class="org.eclipse.jetty.server.SslConnectionFactory">
                                <Arg name="next">http/1.1</Arg>
                                <Arg name="sslContextFactory">
                                    <Ref refid="sslContextFactory"/>
                                </Arg>
                            </New>
                        </Item>
                        <Item>
                            <New class="org.eclipse.jetty.server.HttpConnectionFactory">
                                <Arg name="config">
                                    <Ref refid="tlsHttpConfig"/>
                                </Arg>
                            </New>
                        </Item>
                    </Array>
                </Arg>
                <Set name="port">
                    8978
                </Set>
                <Set name="idleTimeout">
                    <Property name="jetty.idleTimeout" default="30000"/>
                </Set>
            </New>
        </Arg>
    </Call>
</Configure>

  4. Start the application using the following command:

    • In docker: docker run --name={container name} -p 8978:8978 -ti -v {absolute path to workspace}:/opt/cloudbeaver/workspace dbeaver/cloudbeaver-ee:{container name}
    • From sources: ./run-server.sh

CloudBeaver - Web Database Manager

CloudBeaver Documentation

Clone this wiki locally