You are not logged in. Click here to log in.

codebeamer Application Lifecycle Management (ALM)

Search In Project

Search inClear

Tags:  docker SSL

How to Set Up SSL for codebeamer

How to create keystore for Tomcat

The path and the key names (values between '<...>' characters) need to be replaced which might affect the certificates available.

  1. openssl pkcs12 -export -in sslcert/star.codebeamer.com/STAR_codebeamer_com.crt -inkey sslcert/star.codebeamer.com/codebeamer.com.key -out cb.pem -name codebeamer
  2. keytool -importkeystore -deststorepass <password> -destkeypass -destkeystore keystore.p12 -srckeystore cb.pem -srcstoretype PKCS12 -srcstorepass -alias codebeamer -noprompt
  3. keytool -importkeystore -srckeystore keystore.p12 -destkeystore keystore.p12 -deststoretype pkcs12
  4. keytool -import -trustcacerts -alias AddTrustExternalCARoot -file sslcert/star.codebeamer.com/AddTrustExternalCARoot.crt -keystore keystore.p12
  5. keytool -import -trustcacerts -alias USERTrustRSAAddTrustCA -file sslcert/star.codebeamer.com/USERTrustRSAAddTrustCA.crt -keystore keystore.p12
  6. keytool -import -trustcacerts -alias SectigoRSADomainValidationSecureServerCA -file sslcert/star.codebeamer.com/SectigoRSADomainValidationSecureServerCA.crt -keystore keystore.p12

How to Set Up SSL with Docker

Environment Variables

TOMCAT_CONNECTOR_KEYSTORE_FILE

Absolute path of the keystore file, e.g. /home/appuser/ssl/keystore.p12.

The keystore file stores the server's private key and self-signed certificate which is needed to establish SSL protocols. For more information about Tomcat's SSL protocols, see: Apache Tomcat - Introduction to SSL.

TOMCAT_CONNECTOR_KEYSTORE_PASS

Password of the keystore file.

The keystore.p12 file is password protected. In case it needs to be edited, this variable stores the password required to open the file.

TOMCAT_CONNECTOR_USE_SERVER_CIPHER_SUITES_ORDER

Set to true to enforce the server's cipher order (from the ciphers setting) instead of allowing the client to choose the cipher.

The default value is true.

The use of this feature requires Java 8 or newer.

TOMCAT_CONNECTOR_CIPHERS

Comma separated list of Ciphers.


Default value is:

TLS_AES_256_GCM_SHA384,
TLS_CHACHA20_POLY1305_SHA256,
TLS_AES_128_GCM_SHA256,
TLS_AES_128_CCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_DHE_RSA_WITH_AES_256_CCM_8,
TLS_DHE_RSA_WITH_AES_256_CCM,
TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_128_CCM_8,
TLS_DHE_RSA_WITH_AES_128_CCM,
TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256



Docker Compose

# Copyright by Intland Software, https://www.intland.com
#
# All rights reserved.
#
# Please note that if you change this docker file, we do not take any responsibility and we are not liable for
# any damage caused through use of this image, be it indirect, special, incidental
# or consequential damages (including but not limited to damages for loss of business, loss of profits, interruption or the like).

version: '2.1'

services:
  codebeamer-db:
    image: intland/mysql:debian-8.0.23-utf8mb4
    environment:
      - MYSQL_USER=user
      - MYSQL_PASSWORD=pass
      - MYSQL_DATABASE=codebeamer
      - MYSQL_ROOT_PASSWORD=password
      - MYSQL_MAX_ALLOWED_PACKET=1024M
      - MYSQL_INNODB_BUFFER_POOL_SIZE=1G
      - MYSQL_INNODB_LOG_FILE_SIZE=256M
      - MYSQL_INNODB_LOG_BUFFER_SIZE=256M
    volumes:
      - codebeamer-db-data:/var/lib/mysql


  codebeamer-app:
    image: intland/codebeamer:21.09-lts
    ports:
      - 9000:8090
    environment:
      - WAIT_HOSTS=container-mysql:3306
      - WAIT_HOSTS_TIMEOUT=120
      - CB_database_JDBC_Username=user
      - CB_database_JDBC_Password=pass
      - CB_database_JDBC_Driver=com.mysql.jdbc.Driver
      - CB_database_JDBC_ConnectionURL=jdbc:mysql://container-mysql:3306/codebeamer?autoReconnect=true&zeroDateTimeBehavior=convertToNull&emulateLocators=true&characterEncoding=UTF-8&useSSL=false
      - CB_database_JDBC_Timeout=120
      - TOMCAT_CONNECTOR_KEYSTORE_FILE=/home/appuser/ssl/keystore.p12
      - TOMCAT_CONNECTOR_KEYSTORE_PASS=<keystore password>
      - JVM_OPTIONS= -Djdk.tls.ephemeralDHKeySize=2048
    volumes:
      - ./ssl/keystore.p12:/home/appuser/ssl/keystore.p12
      - codebeamer-app-logo:/home/appuser/codebeamer/repository/config/logo
      - codebeamer-app-repository-docs:/home/appuser/codebeamer/repository/docs
      - codebeamer-app-repository-search:/home/appuser/codebeamer/repository/search
      - codebeamer-app-logs:/home/appuser/codebeamer/logs
      - codebeamer-app-tmp:/home/appuser/codebeamer/tomcat/tmp
    links:
      - codebeamer-db:container-mysql


volumes:
  codebeamer-db-data:
  codebeamer-app-logo:
  codebeamer-app-repository-docs:
  codebeamer-app-repository-search:
  codebeamer-app-logs:
  codebeamer-app-tmp:

Server.xml for HTTPS

Editing the server.xml file is only relevant when running a non-dockerized codebeamer instance. In case of using Docker Compose, the server.xml file is automatically generated upon running the docker compose command, and no modification is required from the user.