How to setup Apache Archiva to use HTTPS instead of HTTP

Question

In default configuration, Apache Archiva 2.2 uses HTTP, and official documentation tells nothing how to change it to HTTPS.

I think that this can be done by modifying conf/jetty.xml file, but when I try to do this, as described in Jetty documentation, it only gives me errors like:

java.lang.NoSuchMethodException: class org.eclipse.jetty.util.ssl.SslContextFactory.setTrustStorePath(class java.lang.String)

Is it possible to do this?

Answer 1

I used Apache as a HTTPS proxy, configuring new virtual host:

Listen 8081

<VirtualHost *:8081>
        ServerName archiva.example.com

        SSLEngine On
        SSLCertificateFile    /path/to/apache_certs/cert.pem
        SSLCertificateKeyFile /path/to/apache_certs/cert.key

        ProxyRequests     Off
        ProxyPass         /  http://localhost:8080/
        ProxyPassReverse  /  http://localhost:8080/
        <Proxy http://localhost:8080/*>
                Order allow,deny
                Allow from all
        </Proxy>
        ProxyPreserveHost on
</VirtualHost>

Answer 2

I added the following to jetty.xml and it worked:

<Call class="java.lang.System" name="setProperty"><Arg>jdk.tls.ephemeralDHKeySize</Arg><Arg>2048</Arg></Call>
<Call name="addConnector">
    <Arg>
        <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
            <Arg>
                <New class="org.eclipse.jetty.http.ssl.SslContextFactory">
                    <Set name="keyStore"><SystemProperty name="jetty.home" default="." />/conf/tomcat.keystore</Set>
                    <Set name="keyStorePassword">changeit</Set>
                    <Set name="ExcludeProtocols">
                        <Array type="java.lang.String">
                            <Item>SSLv3</Item>
                        </Array>
                    </Set>
                </New>
            </Arg>
            <Set name="port">8843</Set>
            <Set name="maxIdleTime">30000</Set>
            <Set name="Acceptors">2</Set>
            <Set name="statsOn">false</Set>
            <Set name="lowResourcesConnections">5000</Set>
            <Set name="lowResourcesMaxIdleTime">5000</Set>
            <Set name="IncludeCipherSuites">
                <Array type="java.lang.String">
                    <Item>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</Item>
                    <Item>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</Item>
                    <Item>TLS_DHE_RSA_WITH_AES_256_GCM_SHA384</Item>
                    <Item>TLS_DHE_RSA_WITH_AES_128_GCM_SHA256</Item>
                    <Item>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384</Item>
                    <Item>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256</Item>
                    <Item>TLS_DHE_RSA_WITH_AES_256_CBC_SHA256</Item>
                    <Item>TLS_DHE_RSA_WITH_AES_128_CBC_SHA256</Item>
                    <Item>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</Item>
                    <Item>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</Item>
                    <Item>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</Item>
                    <Item>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</Item>
                </Array>
            </Set>
        </New>
    </Arg>
</Call>