jettygeoserver

Geoserver and moving to HTTPS


I've installed a Platform Indepednant Binary version Geoserver (http://geoserver.org/release/2.16.2/) successfully. It's been a while using it an no real problems. I now want to use this version of Geoserver for an OpenLayers website (that uses GeoLocation) but that requires all the component parts that use HTTP to use HTTPS...Geoserver is the last server I have that needs to be migrated.

I've looked online and there seems to be a lot of info on moving Geoserver to HTTPS but it doesn't all tie up with my installation. Some examples talk about server.xml files (which my installation doesn't have) and updating an apache conf file (/etc/apache2/sites-avaiable/smallmelo-le-ssl.conf) which I don't have either so I'm struggling to get instructions on my particular version of Geoserver. The docs state that it's running on a Jetty servlet. Does anyone have any documentation or links on how to configure https?

Progress!! So my installation is using Jetty. I've setup the keystore correctly with a valid certificate. I've updated the start.ini file to reflect the location of the keystore and password but...when I try to run geoserver I get:

ERROR : No module found to provide ssl for https{enabled}

I do not have an SSL.MOD module in the modules folder of my jetty installation. I did dig out a module (ssl) from https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/9.2.13.v20150730/ but I now get:

java.lang.IllegalStateException: No constructor class org.eclipse.jetty.server.ServerConnector([],{}) in file:/C:/Program%20Files/Geoserver/geoserver-2.16.2/etc/jetty-https.xml

I've struggled to find out how to update this file and add what is needed. Problem is I'm not a java expert so I don't want to just randomly copy someone elses config settings.


Solution

  • This is a simple case of finding a Jetty tutorial and following it, GeoServer doesn't care about https.

    However, I should warn you that the reason you can't find much help in the GeoServer documentation is because you shouldn't run the platform independent binary in a production environment. This is the reason that the documentation expects a server.xml (part of Tomcat) and assumes that you are behind an Apache2 or Nginx web server that is designed to handle SSL.