Конфигурация HTTP-сервера#
Примечание
Ниже приведена оригинальная документация Trino. Скоро мы ее переведем на русский язык и дополним полезными примерами.
HTTP server properties allow you to configure the HTTP server of Trino that handles Безопасность including Безопасность коммуникации в кластере, and serves the Web UI and the client API.
General#
http-server.process-forwarded#
Type: boolean
Default value:
false
Enable treating forwarded HTTPS requests over HTTP as secure. Requires the
X-Forwarded headers
to be set to HTTPS on forwarded requests. This is commonly performed by a load
balancer that terminates HTTPS to HTTP. Set to true when using such a load
balancer in front of Trino or Trino
Gateway. Find more details in
Использование TLS termination proxy.
HTTP and HTTPS#
http-server.http.port#
Type: integer
Default value:
8080
Specify the HTTP port for the HTTP server.
http-server.https.enabled#
Type: boolean
Default value:
false
http-server.https.port#
Type: integer
Default value:
8443
Specify the HTTPS port for the HTTP server.
http-server.https.included-cipher and http-server.https.excluded-cipher#
Optional configuration for ciphers to use TLS, find details in Поддерживаемые стандарты.
http-server.https.keystore.path#
Type: string
The location of the PEM or Java keystore file used to enable Шифрование клиентского трафика с помощью TLS.
http-server.https.keystore.key#
Type: string
The password for the PEM or Java keystore.
http-server.https.truststore.path#
Type: boolean
Default value:
false
The location of the optional PEM or Java truststore file for additional certificate authorities. Find details in Шифрование клиентского трафика с помощью TLS.
http-server.https.truststore.key#
Type: boolean
Default value:
false
The password for the optional PEM or Java truststore.
http-server.https.keymanager.password#
Type: string
Password for a key within a keystore, when a different password is configured for the specific key. Find details in Шифрование клиентского трафика с помощью TLS.
http-server.https.secure-random-algorithm#
Type: string
Optional name of the algorithm to generate secure random values for internal communication.
http-server.https.ssl-session-timeout#
Type: duration
Default value:
4h
Time duration for a valid TLS client session.
http-server.https.ssl-session-cache-size#
Type: integer
Default value:
10000
Maximum number of SSL session cache entries.
http-server.https.ssl-context.refresh-time#
Type: duration
Default value:
1m
Time between reloading default certificates.
Authentication#
http-server.authentication.type#
Type: string
Configures the ordered list of enabled authentication types.
All authentication requires secure connections using Шифрование клиентского трафика с помощью TLS or process forwarding enabled, and a configured shared secret.
http-server.authentication.allow-insecure-over-http#
Type: boolean
Enable HTTP when any authentication is active. Defaults to true, but is
automatically set to false with active authentication. Overriding the value to
true can be useful for testing, but is not secure. More details in
Шифрование клиентского трафика с помощью TLS.
http-server.authentication.certificate.*#
Configuration properties for Аутентификация с помощью сертификата.
http-server.authentication.jwt.*#
Configuration properties for JWT аутентификация.
http-server.authentication.krb5.*#
Configuration properties for Kerberos аутентификация.
http-server.authentication.oauth2.*#
Configuration properties for OAuth 2.0 аутентификация.
http-server.authentication.password.*#
Configuration properties for the PASSWORD authentication types
LDAP аутентификация, Аутентификация с помощью файла, and Salesforce аутентификация.
Logging#
http-server.log.*#
Configuration properties for Logging properties.