#SSL configuration

You can configure the SSL with embedded Jetty (described below) or with Reverse Proxy.

There is a special configuration file for the built-in jetty called jetty.properties. It is used to configure connection options of the server like ports, protocols and SSL context. Command-line options have higher priority than this file. Location of this file can be specified by option -j. You can configure following options in this file:

org.webswing.server.host=localhost

org.webswing.server.http=true
org.webswing.server.http.port=8080

org.webswing.server.https=true
org.webswing.server.https.port=8443
org.webswing.server.https.truststore=ssl/truststore.jks
org.webswing.server.https.truststore.password=OBF:18xp18xr18xt18xp18xr18xt
org.webswing.server.https.keystore=ssl/keystore.jks
org.webswing.server.https.keystore.password=OBF:18xp18xr18xt18xp18xr18xt

In case you are not using embedded Jetty, please follow the documentation for setting up SSL for your Servlet container. Additionaly you will need to setup SSL truststore for websocket connection from app sessions (in webswing.properties file), session pool (in webswing-sessionpool.properties file) and admin console (in webswing-admin.properties file).

1. Set the webswing.server.websocketUrl to use wss Url schema.
2. Add truststore containing the CA that signed the SSL certificate. This truststore will only be used for context of websocket connection to Webswing server.:

#Custom ssl context configuration for websocket connection to Webswing server
webswing.server.websocket.truststore.type = PKCS12
webswing.server.websocket.truststore = ssl/truststore.p12
webswing.server.websocket.truststore.password = OBF:18xp18xr18xt18xp18xr18xt

3. If the websocketUrl is not the same as public domain name the SSL certificate is issued for, add the following line: webswing.server.websocket.hostnameVerifier.disabled = true
4. If the websocket connection should connect through a forward proxy, add the following line: webswing.server.websocket.proxyUri = http://myproxy:8080