You are not logged in. Click here to log in.

Codebeamer Application Lifecycle Management (ALM)
Log in
 Projects
 Wiki
Last ModifiedRecently Visited Items
Search In Project
Search inClear
anonymous
[WIKIPAGE-18076086] How to set up SSL for codebeamer
Tags:  docker SSL

How to create keystore for Tomcat

Please note that you need to replace the path and the key names (values between '<...>' characters), and you might have less or more certificates

  1. openssl pkcs12 -export -in sslcert/star.codebeamer.com/STAR_codebeamer_com.crt -inkey sslcert/star.codebeamer.com/codebeamer.com.key -out cb.pem -name codebeamer
  2. keytool -importkeystore -deststorepass <password> -destkeypass -destkeystore keystore.p12 -srckeystore cb.pem -srcstoretype PKCS12 -srcstorepass -alias codebeamer -noprompt
  3. keytool -importkeystore -srckeystore keystore.p12 -destkeystore keystore.p12 -deststoretype pkcs12
  4. keytool -import -trustcacerts -alias AddTrustExternalCARoot -file sslcert/star.codebeamer.com/AddTrustExternalCARoot.crt -keystore keystore.p12
  5. keytool -import -trustcacerts -alias USERTrustRSAAddTrustCA -file sslcert/star.codebeamer.com/USERTrustRSAAddTrustCA.crt -keystore keystore.p12
  6. keytool -import -trustcacerts -alias SectigoRSADomainValidationSecureServerCA -file sslcert/star.codebeamer.com/SectigoRSADomainValidationSecureServerCA.crt -keystore keystore.p12

How to setup SSL with docker

Environment variables

TOMCAT_CONNECTOR_KEYSTORE_FILE

Absolute path of the keystore file, e.g. /home/appuser/ssl/keystore.p12. The keystore file stores the server's private key and self-signed certificate, which is needed to establish SSL protocols. For more information about Tomcat's SSL protocols, see: Apache Tomcat - Introduction to SSL.

TOMCAT_CONNECTOR_KEYSTORE_PASS

Password of the keystore file. The keystore.p12 file is password protected, in case it needs to be edited this variable stores the password required to open the file.

TOMCAT_CONNECTOR_USE_SERVER_CIPHER_SUITES_ORDER

Set to true to enforce the server's cipher order (from the ciphers setting) instead of allowing the client to choose the cipher. The default is true. Use of this feature requires Java 8 or later.

TOMCAT_CONNECTOR_CIPHERS

Comma separated list of Ciphers.


Default value is: 

TLS_AES_256_GCM_SHA384,
TLS_CHACHA20_POLY1305_SHA256,
TLS_AES_128_GCM_SHA256,
TLS_AES_128_CCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_DHE_RSA_WITH_AES_256_CCM_8,
TLS_DHE_RSA_WITH_AES_256_CCM,
TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_128_CCM_8,
TLS_DHE_RSA_WITH_AES_128_CCM,
TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256

Docker compose

# Copyright by Intland Software, https://www.intland.com
#
# All rights reserved.
#
# Please note that if you change this docker file, we do not take any responsibility and we are not liable for
# any damage caused through use of this image, be it indirect, special, incidental
# or consequential damages (including but not limited to damages for loss of business, loss of profits, interruption or the like).

version: '2.1'

services:
  codebeamer-db:
    image: intland/mysql:debian-8.0.23-utf8mb4
    environment:
      - MYSQL_USER=user
      - MYSQL_PASSWORD=pass
      - MYSQL_DATABASE=codebeamer
      - MYSQL_ROOT_PASSWORD=password
      - MYSQL_MAX_ALLOWED_PACKET=1024M
      - MYSQL_INNODB_BUFFER_POOL_SIZE=1G
      - MYSQL_INNODB_LOG_FILE_SIZE=256M
      - MYSQL_INNODB_LOG_BUFFER_SIZE=256M
    volumes:
      - codebeamer-db-data:/var/lib/mysql


  codebeamer-app:
    image: intland/codebeamer:21.09-lts
    ports:
      - 9000:8090
    environment:
      - WAIT_HOSTS=container-mysql:3306
      - WAIT_HOSTS_TIMEOUT=120
      - CB_database_JDBC_Username=user
      - CB_database_JDBC_Password=pass
      - CB_database_JDBC_Driver=com.mysql.jdbc.Driver
      - CB_database_JDBC_ConnectionURL=jdbc:mysql://container-mysql:3306/codebeamer?autoReconnect=true&zeroDateTimeBehavior=convertToNull&emulateLocators=true&characterEncoding=UTF-8&useSSL=false
      - CB_database_JDBC_Timeout=120
      - TOMCAT_CONNECTOR_KEYSTORE_FILE=/home/appuser/ssl/keystore.p12
      - TOMCAT_CONNECTOR_KEYSTORE_PASS=<keystore password>
      - JVM_OPTIONS= -Djdk.tls.ephemeralDHKeySize=2048
    volumes:
      - ./ssl/keystore.p12:/home/appuser/ssl/keystore.p12
      - codebeamer-app-logo:/home/appuser/codebeamer/tomcat/webapps/ROOT/config/logo
      - codebeamer-app-repository-docs:/home/appuser/codebeamer/repository/docs
      - codebeamer-app-repository-search:/home/appuser/codebeamer/repository/search
      - codebeamer-app-logs:/home/appuser/codebeamer/logs
      - codebeamer-app-tmp:/home/appuser/codebeamer/tomcat/tmp
    links:
      - codebeamer-db:container-mysql


volumes:
  codebeamer-db-data:
  codebeamer-app-logo:
  codebeamer-app-repository-docs:
  codebeamer-app-repository-search:
  codebeamer-app-logs:
  codebeamer-app-tmp:

Server.xml for HTTPS

Editing the server.xml file is only relevant, when running a non-dockerized codebeamer instance. In case of using Docker Compose, the server.xml file is automatically generated upon running the docker compose command. Users do not need to modify the file.
Fast Links

codebeamer Overview
What is new?
How-to videos

codebeamer Knowledge Base
User's Guide (user manual)
Administrator's Guide
Installation Guide
Developer's Guide
Localization Guide

Services by Intland Software
Product Support
Consulting
Training

Integrations