The webserver section in your Trapperkeeper configuration files configures an embedded
HTTP server inside trapperkeeper.
This sets the hostname to listen on for unencrypted HTTP traffic. If not
supplied, we bind to localhost, which will reject connections from anywhere
but the server process itself. To listen on all available interfaces,
use 0.0.0.0.
This sets what port to use for unencrypted HTTP traffic. If not supplied, we won't listen for unencrypted traffic at all.
This sets the maximum number of threads assigned to responding to HTTP and HTTPS requests, effectively changing how many concurrent requests can be made at one time. Defaults to 50.
Note: Due to how Jetty 7 behaves, this setting must be higher than the number of CPU's on your system or it will stop processing any HTTP requests.
This sets the hostname to listen on for encrypted HTTPS traffic. If not
supplied, we bind to localhost. To listen on all available interfaces,
use 0.0.0.0.
This sets the port to use for encrypted HTTPS traffic. If not supplied, we won't listen for encrypted traffic at all.
This sets the path to the server certificate PEM file used by the web service for HTTPS.
Note: This setting overrides the alternate configuration settings
keystoreandkey-password.
This sets the path to the private key PEM file that corresponds with the
ssl-cert, it used by the web service for HTTPS.
Note: This setting overrides the alternate configuration settings
keystoreandkey-password.
This sets the path to the CA certificate PEM file used for client authentication. Authorized clients must be signed by the CA that that corresponds to this certificate.
Note: This setting overrides the alternate configuration settings
truststoreandtrust-password.
This sets the path to a Java keystore file containing the key and certificate to be used for HTTPS.
This sets the passphrase to use for unlocking the keystore file.
This describes the path to a Java keystore file containing the CA certificate(s) for your infrastructure.
This sets the passphrase to use for unlocking the truststore file.
Optional. A comma-separated list of cryptographic ciphers to allow for incoming SSL connections. Valid names are listed in the official JDK cryptographic providers documentation; you'll need to use the all-caps cipher suite name.
If not supplied, trapperkeeper uses the default cipher suites for your local system on JDK versions older than 1.7.0u6. On newer JDK versions, trapperkeeper will use only non-DHE cipher suites.
Optional. A comma-separated list of protocols to allow for incoming SSL
connections. Valid names are listed in the
official JDK cryptographic protocol documentation;
you'll need to use the names with verbatim capitalization.
For example: SSLv3, TLSv1, TLSv1.1, TLSv1.2.
If not supplied, trapperkeeper uses the default SSL protocols for your local system.
Optional. This determines the mode that the server uses to validate the client's certificate for incoming SSL connections. One of the following values may be specified:
-
need- The server will request the client's certificate and the certificate must be provided and be valid. The certificate must have been issued by a Certificate Authority whose certificate resides in thetruststore. -
want- The server will request the client's certificate. A certificate, if provided by the client, must have been issued by a Certificate Authority whose certificate resides in thetruststore. If the client does not provide a certificate, the server will still consider the client valid. -
none- The server will not request a certificate from the client and will consider the client valid.
If a value is not provided for this setting, need will be used as the default
value.