Protect QuickBuild using SSL

Added by Robin Shen, last edited by Robin Shen on Jan 28, 2010
QuickBuild2 Documentation

Enable https access to server

QuickBuild server by default runs on top of http protocol. Https can be enabled to encrypt passwords and data send to the server. Please follow below procedure to enable https access to QuickBuild server:

  1. Run keytool command to generate a keystore. Assume Sun JDK is installed at /path/to/jdk and you want to generate keystore to /path/to/keystore. The command will be: 
    /path/to/jdk/bin/keytool -keystore /path/to/keystore -alias QuickBuild -genkey -keyalg RSA

    You will be prompted for some settings including the keystore password and private key password.

  2. Change to directory <QuickBuild server install dir>/bin and run command config.(bat|sh). In the displayed config window, enable https access, specify https port, and specify keytool path and passwords provided in step 1.

Once https is enabled, you may access QuickBuild web interface and RESTful API through https protocol. And QuickBuild agents can be configured to connect to QuickBuild server through https protocol by editing the file <agent install dir>/conf/node.properties and changing the serverUrl accordingly.

We suggest to enable http and https access to QuickBuild server at the same time. While browser and RESTful API access are forced to go through https protocol with proper firewall settings, all agents can still talk to server via http protocol, which will perform bettern than https protocol considering the short and frequent interactions between agents and server.

If connections between server and certain agents go through insecure networks, you will need to configure those agents to connect to server via https protocol, and further, you may configure those agents to run themselves on https protocol to protect incoming connections from server and other agents, as introduced in next section.

Enable https access to agents

Agent can be configured to run on top of https port so that other nodes in the grid are forced to connect to it securely. To do this:

  1. Run keytool command to generate a keystore. Assume Sun JDK is installed at /path/to/jdk and you want to generate keystore to /path/to/keystore. The command will be: 
    /path/to/jdk/bin/keytool -keystore /path/to/keystore -alias QuickBuild -genkey -keyalg RSA

    You will be prompted for some settings including the keystore password and private key password.

  2. Change to directory <QuickBuild agent install dir>/bin and run command config.(bat|sh). In the displayed config window, enable https access, and specify keytool path and passwords provided in step 1.

Labels:

Enter labels to add to this page:
Wait Image 
Looking for a label? Just start typing.