...
Watchtower configuration
Properties
Property name | Description | Default |
emmett.service.ssl | True if TLS is enabled | false |
emmett.service.certfile | Path of the certificate to use | "" |
emmett.service.keyfile | Path of the key to use in PKCS8 syntax | "" |
emmett.service.keypassword | Passphrase that encrypts the key | "" |
Key format
The key should be stored in PKCS8 syntax. You can use the openssl
command to convert the key:
...
The properties below only apply if the value of the system property abiquo.rabbitmq.tls
is true
.
Property name | Description | Default |
abiquo.watchtower.tls | True if TLS is enabled. | False |
abiquo.watchtower.tls.trustallcertificates | If true, abiquo will not enforce any server certificate authentication. | False |
Possible configurations
Plain TCP
This is the default configuration with no TLS enabled. The default values match this configuration but you should check that the value of abiquo.watchtower.tls
is false
.
Property name | Value |
abiquo.watchtower.tls | false |
Trust all certificates
In this configuration, Abiquo will connect without validating the server certificate and without presenting any client certificates.
Property name | Value |
abiquo.watchtower.tls | true |
abiquo.watchtower.tls.trustallcertificates | true |
Use trust manager to validate server certificates
In this configuration, Abiquo will connect and validate the server certificate without presenting any client certificates.
Property name | Value |
abiquo.watchtower.tls | true |
abiquo.watchtower.tls.trustallcertificates | false |
Apache Tomcat boot classpath configuration for Abiquo <= 6.2
Abiquo watchtower-emmett is a Netty HTTP2 service, so Tomcat should be run with an APLN agent to negotiate the TLS connection.
Read more about it in https://www.eclipse.org/jetty/documentation/jetty-9/index.html#alpn-chapter
The APLN agent should be installed on the API and RS appliances.
And you should modify the Tomcat boot parameters accordingly:
...