YouTrack Standalone 2018.1 Help

Configure SSL Connector for Embedded YouTrack Server

The most straightforward way to set up a secure connection for a YouTrack instance is to install an SSL-terminating reverse proxy server in front of YouTrack. Alternatively, you can enable SSL on the YouTrack's embedded Jetty server with a Jetty configuration file.

To make YouTrack use the external XML configuration, point to the Jetty configuration file in the command that you use to start the service. For example:

java -Xmx1g -Djava.awt.headless=true -jar youtrack.jar 8443 /home/user/.youtrack/jetty.xml

The following sample jetty.xml file shows how to reference a single SSL connector:

<?xml version="1.0"?> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" ""> <Configure id="Server" class="org.eclipse.jetty.server.Server"> <!--Feel free to add other connectors, if necessary--> <Call id="sslConnector" name="addConnector"> <Arg> <New class="org.eclipse.jetty.server.ServerConnector"> <Arg name="server"> <Ref refid="Server"/> </Arg> <Arg name="factories"> <Array type="org.eclipse.jetty.server.ConnectionFactory"> <Item> <New class="org.eclipse.jetty.server.SslConnectionFactory"> <Arg name="next">http/1.1</Arg> <Arg name="sslContextFactory"> <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory"> <Set name="KeyStorePath">/home/.youtrack/keystore</Set> <Set name="KeyStorePassword">password</Set> <Set name="KeyManagerPassword">password</Set> <Set name="TrustStorePath">/home/.youtrack/truststore</Set> <Set name="TrustStorePassword">trustPassword</Set> <Set name="NeedClientAuth">false</Set> <Set name="WantClientAuth">false</Set> </New> </Arg> </New> </Item> <Item> <New class="org.eclipse.jetty.server.HttpConnectionFactory"> <Arg name="config"> <New id="httpsConfig" class="org.eclipse.jetty.server.HttpConfiguration"> <Set name="secureScheme">https</Set> <Set name="securePort">8443</Set> <Set name="sendServerVersion">false</Set> <Call name="addCustomizer"> <Arg> <New class="org.eclipse.jetty.server.SecureRequestCustomizer"/></Arg> </Call> </New> </Arg> </New> </Item> </Array> </Arg> <Set name="port">8443</Set> <Set name="idleTimeout">30000</Set> </New> </Arg> </Call> </Configure>

Set the values for the following parameters to match your YouTrack installation:




The location of your Java keystore file (JKS) and server key. A key with the alias jetty is used by default. If you don't know where to get a Java keystore, take a look at the instructions for SSL and TLS configuration in the Jetty documentation.


The password of the Java keystore.


The location of a Java keystore file (JKS) with trusted CA roots.


The password for the trust store.

Last modified: 7 March 2019