...
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"listen": [
{
"address": "0.0.0.0",
"scheme": "http",
"port": 8000,
"useproxyprotocol": true
},
{
"address": "0.0.0.0",
"scheme": "ajp",
"port": 8001
},
{
"scheme": "https",
"address": "0.0.0.0",
"port": 8443,
"sslcontext": {
"ssl.provider": "SunJSSE",
"ssl.protocol": "TLS",
"wantclientauth": true,
"needclientauth": false,
"allowrenegotiate": false,
"excludeprotocols": "SSL,SSLv2,SSLv2Hello,SSLv3",
"includeprotocols": "TLSv1.2,TLSv1.1",
"excludeciphersuites": ".*NULL.*,.*RC4.*,.*MD5.*,.*DSS.*",
"includeciphersuites": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_,SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA",
"keystore.type": "JKS",
"keystore.provider": "SUN",
"keystore.file": "${portalprotect.home}/dispatcher/portalprotect.key",
"keystore.password": "changeit",
"useciphersuites.order": true,
"truststore.type": "PKCS12",
"truststore.provider": "BC",
"truststore.file": "${portalprotect.home}/config/x509/issuer/certissuer.pfx",
"truststore.password": "password",
}
}
]
}
|
...
Once created, each listener has these properties which you can edit - note that the SSL options are only used if the protocol is set to https.
Listener settings
...
Default: none
JSON key is port
Support Proxy Protocol
Check to enable support for the HA Proxy protocol - use this to allow a proxy in front of Ceptor to forward IP address and TCP port information using this protocol instead of in HTTP headers.
See http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
Default: false
JSON key is: useproxyprotocol
SSL settings for https protocol
...