4.3

HTTPS & TLS

Enable secure HTTPS on Lenses with TLS.

Options 

  1. Direct TLS (read below). Supported types: jks, pkcs12.
  2. TLS termination proxy in front.
To secure and encrypt all HTTPS connections to Lenses via TLS termination.
# Java Keystore location and passwords
lenses.ssl.keystore.location = "/path/to/keystore.jks"
lenses.ssl.keystore.password = "changeit"
lenses.ssl.key.password      = "changeit"

# You can also tweak the TLS version, algorithm and ciphers
#lenses.ssl.enabled.protocols = "TLSv1.2"
#lenses.ssl.cipher.suites     = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384"
You can enforce client mutual authentication via a TLS client certificate. This will be in addition to normal user authentication.
# Provide Java Keystore location and passwords
lenses.ssl.keystore.location = "/path/to/keystore.jks"
lenses.ssl.keystore.password = "changeit"
lenses.ssl.key.password      = "changeit"

# To enable client TLS auth, set a truststore, password, and
lenses.ssl.truststore.location = "/path/to/truststore.jks"
lenses.ssl.truststore.password = "changeit"
lenses.ssl.client.auth = true

See configuration settings.