docs/src/main/sphinx/admin/properties-http-server.md
HTTP server properties allow you to configure the HTTP server of Trino that handles including , and serves the and the client API.
(http-server-process-forwarded)=
http-server.process-forwardedEnable treating forwarded HTTPS requests over HTTP as secure. Requires the
X-Forwarded headers
to be set to HTTPS on forwarded requests. This is commonly performed by a load
balancer that terminates HTTPS to HTTP. Set to true when using such a load
balancer in front of Trino or Trino
Gateway. Find more details in
.
http-server.http.portSpecify the HTTP port for the HTTP server.
http-server.https.enabledhttp-server.https.portSpecify the HTTPS port for the HTTP server.
http-server.https.included-cipher and http-server.https.excluded-cipherOptional configuration for ciphers to use TLS, find details in .
http-server.https.keystore.pathThe location of the PEM or Java keystore file used to enable .
http-server.https.keystore.keyThe password for the PEM or Java keystore.
http-server.https.truststore.pathThe location of the optional PEM or Java truststore file for additional certificate authorities. Find details in .
http-server.https.truststore.keyThe password for the optional PEM or Java truststore.
http-server.https.keymanager.passwordPassword for a key within a keystore, when a different password is configured for the specific key. Find details in .
http-server.https.secure-random-algorithmOptional name of the algorithm to generate secure random values for internal communication.
http-server.https.ssl-session-timeoutTime duration for a valid TLS client session.
http-server.https.ssl-session-cache-sizeMaximum number of SSL session cache entries.
http-server.https.ssl-context.refresh-timeTime between reloading default certificates.
http-server.authentication.typeConfigures the ordered list of enabled authentication types.
All authentication requires secure connections using or process forwarding enabled, and a configured shared secret.
http-server.authentication.allow-insecure-over-httpEnable HTTP when any authentication is active. Defaults to true, but is
automatically set to false with active authentication. Overriding the value to
true can be useful for testing, but is not secure. More details in
.
http-server.authentication.certificate.*Configuration properties for .
http-server.authentication.jwt.*Configuration properties for .
http-server.authentication.krb5.*Configuration properties for .
http-server.authentication.oauth2.*Configuration properties for .
http-server.authentication.password.*Configuration properties for the PASSWORD authentication types
, , and .
http-server.log.*Configuration properties for .
(props-internal-communication)
The following properties are used for configuring the internal communication between all nodes of a Trino cluster.
internal-communication.shared-secretThe string to use as secret that only the coordinators and workers in a specific cluster share and use to authenticate within the cluster. See for details.
internal-communication.http2.enabledEnable use of the HTTP/2 protocol for internal communication for enhanced scalability compared to HTTP/1.1. Only turn this feature off if you encounter issues with HTTP/2 usage within the cluster in your deployment.
internal-communication.https.requiredEnable the use of SSL/TLS for all internal communication.