HTTP server properties#
HTTP server properties allow you to configure the HTTP server of Trino that handles Security including Secure internal communication, and serves the Web UI and the client API.
General#
http-server.process-forwarded
#
Type: boolean
Default value:
false
Enable treating forwarded HTTPS requests over HTTP as secure. Requires the
X-Forwarded
headers
to be set to HTTPS
on forwarded requests. This is commonly performed by a load
balancer that terminates HTTPS to HTTP. Set to true
when using such a load
balancer in front of Trino or Trino
Gateway. Find more details in
Use a load balancer to terminate TLS/HTTPS.
HTTP and HTTPS#
http-server.http.port
#
Type: integer
Default value:
8080
Specify the HTTP port for the HTTP server.
http-server.https.enabled
#
Type: boolean
Default value:
false
Enable TLS and HTTPS.
http-server.https.port
#
Type: integer
Default value:
8443
Specify the HTTPS port for the HTTP server.
http-server.https.included-cipher
and http-server.https.excluded-cipher
#
Optional configuration for ciphers to use TLS, find details in Supported standards.
http-server.https.keystore.path
#
Type: string
The location of the PEM or Java keystore file used to enable TLS and HTTPS.
http-server.https.keystore.key
#
Type: string
The password for the PEM or Java keystore.
http-server.https.truststore.path
#
Type: boolean
Default value:
false
The location of the optional PEM or Java truststore file for additional certificate authorities. Find details in TLS and HTTPS.
http-server.https.truststore.key
#
Type: boolean
Default value:
false
The password for the optional PEM or Java truststore.
http-server.https.keymanager.password
#
Type: string
Password for a key within a keystore, when a different password is configured for the specific key. Find details in TLS and HTTPS.
http-server.https.secure-random-algorithm
#
Type: string
Optional name of the algorithm to generate secure random values for internal communication.
http-server.https.ssl-session-timeout
#
Type: duration
Default value:
4h
Time duration for a valid TLS client session.
http-server.https.ssl-session-cache-size
#
Type: integer
Default value:
10000
Maximum number of SSL session cache entries.
http-server.https.ssl-context.refresh-time
#
Type: duration
Default value:
1m
Time between reloading default certificates.
Authentication#
http-server.authentication.type
#
Type: string
Configures the ordered list of enabled authentication types.
All authentication requires secure connections using TLS and HTTPS or process forwarding enabled, and a configured shared secret.
http-server.authentication.allow-insecure-over-http
#
Type: boolean
Enable HTTP when any authentication is active. Defaults to true
, but is
automatically set to false
with active authentication. Overriding the value to
true
can be useful for testing, but is not secure. More details in
TLS and HTTPS.
http-server.authentication.certificate.*
#
Configuration properties for Certificate authentication.
http-server.authentication.jwt.*
#
Configuration properties for JWT authentication.
http-server.authentication.krb5.*
#
Configuration properties for Kerberos authentication.
http-server.authentication.oauth2.*
#
Configuration properties for OAuth 2.0 authentication.
http-server.authentication.password.*
#
Configuration properties for the PASSWORD
authentication types
LDAP authentication, Password file authentication, and Salesforce authentication.
Logging#
http-server.log.*
#
Configuration properties for Logging properties.