This document is a guide to configuring the Bamboo distribution (not EAR-WAR) with basic HTTPS authentication. For further reference please visit the Jetty page on configuring SSL with Jetty.
1. Adding Certificate to your Keystore
Option 1. Using a self-signed Certificate
The simplest way to generate keys and certificates is to use the keytool application that comes with the JDK, as it generates keys and certificates directly into the keystore.
The following command will generate a key pair and certificate directly into a keystore:
keytool -keystore keystore -alias jetty -genkey -keyalg RSA
This command will prompt for information about the certificate and for passwords to protect both the keystore and the keys within it. The only mandatory response is to provide the fully qualified host name of the server at the "first and last name" prompt.
Option 2. Use a Certificate Issued by a Certificate Authority
When running Bamboo in a production environment, you will need a certificate issued by a certificate authority (CA, sometimes also called a 'certification authority') such as VeriSign, Thawte or TrustCenter. The instructions below are adapted from the Tomcat documentation.
First you will generate a local certificate and create a 'certificate signing request' (CSR) based on that certificate. You will submit the CSR to your chosen certificate authority. The CA will use that CSR to generate a certificate for you.
- Use Java's
keytoolutility to generate a local certificate, as described in the previous section. Use the
keytoolutility to generate a CSR, replacing the text<MY_KEYSTORE_FILENAME>with the path to and file name of the.keystorefile generated for your local certificate:keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore <MY_KEYSTORE_FILENAME>
- Submit the generated file called
certreq.csrto your chosen certificate authority. Refer to the documentation on the CA's website to find out how to do this. - The CA will send you a certificate.
Import the new certificate into your local keystore:
keytool -importcert -alias tomcat -keystore <MY_KEYSTORE_FILENAME> -file <MY_CERTIFICATE_FILENAME>
2. Configuring Jetty
Now, we need to configure an SSL listener.
Using the Sun JVM, add the SunJsseListener as a HttpListeners, In the ../<Bamboo_Application_Directory>/webapp/WEB-INF/classes/jetty.xml file add the following lines.
This will make Bamboo accessible in port 8443 on https://localhost:8443/
If you are using Bamboo 1.2.4 (or earlier)
<Call name="addListener">
<Arg>
<New class="org.mortbay.http.SunJsseListener">
<Set name="Port">8443</Set>
<Set name="Keystore"><SystemProperty name="jetty.home" default="."/>/keystore</Set>
<Set name="Password">password</Set>
<Set name="KeyPassword">password</Set>
</New>
</Arg>
</Call>
If you are using Bamboo 2.0 (or newer version)
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<Set name="Port">8443</Set>
<Set name="Keystore"><SystemProperty name="jetty.home" default="."/>/keystore</Set>
<Set name="Password">password</Set>
<Set name="KeyPassword">password</Set>
</New>
</Arg>
</Call>
The keystore file in this example is given relative to the Bamboo Application Directory.
Please ensure that jcert.jar, jnet.jar and jsse.jar are on your classpath.
3. Getting Bamboo to use the jetty.xml file
Follow this Knowledge Base article, to instruct Bamboo to use the jetty.xml file configured in step 2.
Overview
Content Tools
Apps
Log a request with our support team.
Raise an issue for our developers.
See answers from the community.
Blog and update our documentation.
Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 2.5 Australia License.
4 Comments
Anonymous
Apr 19, 2010if bamboo installation is at "C:\Program Files\Bamboo\" , what is the default "jetty.home" dir ?
Anonymous
Feb 18, 2011What about Bamboo 3.0?
How can I configure SSL with it?
Anonymous
Jun 08, 2011This information is outdated for Bamboo 3.x.
How do we configure SSL for bamboo 3.x?
ESI
Jun 10, 2011Our Configuration with Bamboo 3.1.1
However I haven't configured a redirect from http to https yet.
<?xml version="1.0"?> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure.dtd"> <Configure id="Server" class="org.eclipse.jetty.server.Server"> <Call name="addConnector"> <Arg> <New class="org.eclipse.jetty.server.nio.SelectChannelConnector"> <Set name="host"><Property name="jetty.host" /></Set> <Set name="port"><Property name="jetty.port" default="80"/></Set> <Set name="confidentialPort"><SystemProperty name="jetty.ssl.port" default="443"/></Set> <Set name="IntegralPort">443</Set> </New> </Arg> </Call> <Call name="addConnector"> <Arg> <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector"> <Set name="host"><Property name="jetty.host" /></Set> <Set name="port"><Property name="jetty.port" default="443"/></Set> <Set name="Keystore"><SystemProperty name="jetty.home" default="."/>/keystore</Set> <Set name="Password">password</Set> <Set name="KeyPassword">password</Set> <Set name="truststore"><SystemProperty name="jetty.home" default="." />/truststore</Set> <Set name="trustPassword">password</Set> </New> </Arg> </Call> <Call name="setHandler"> <Arg> <New class="org.eclipse.jetty.webapp.WebAppContext"> <Arg name="webApp"> <SystemProperty name="bamboo.webapp" default="../webapp"/> </Arg> <Arg name="contextPath">/</Arg> <Set name="defaultsDescriptor">webdefault.xml</Set> <Get name="sessionHandler"> <Set name="sessionManager"> <New class="org.eclipse.jetty.server.session.HashSessionManager"> <Set name="httpOnly">true</Set> <!-- use M$ http only cookies? --> </New> </Set> </Get> </New> </Arg> </Call> </Configure>