CloudBeaver SSL certificate configuration

Table of contents

• Proxy and SSL configuration
  • Create self-signed certificate

Proxy and SSL configuration

The instance contains an Nginx proxy server, the configuration of which is located at path /etc/nginx/conf.d/cloudbeaver.conf

To set up a connection via HTTPS with domain:

• You need to create or buy a valid TLS certificate for your domain endpoint.
• After you get SSL certificate for your domain you must put it to /etc/nginx/ssl/fullchain.pem as certificate and /etc/nginx/ssl/privkey.pem as a private key.
• Change server_name _; in configuration /etc/nginx/conf.d/cloudbeaver.conf to server_name <your-domain>;
• Enter in terminal sudo systemctl reload nginx.service to reload Nginx proxy
• Now you can open your CloudBeaver Server from the browser using your domain address.

Tip: If you need to change Java security properties, for example, to enable TLS 1.0, see how to change Java security properties for details.

Create self-signed certificate

Self-signed certificates are considered insecure for the Internet. Firefox will treat the site as having an invalid certificate, while Chrome will act as if the connection was plain HTTP

You can create self-signed certificate for <your-domain> by running the following script in the terminal:

SECRET_CERT_CSR="/C=US/ST=NY/L=NYC/O=CloudBeaver /OU=IT Department/CN=<your-domain>"
cd /etc/nginx/
mkdir ssl
cd ssl
sudo openssl req -x509 -sha256 -nodes -days 36500 -subj "$SECRET_CERT_CSR" -newkey rsa:2048 -keyout privkey.pem -out fullchain.pem