HTTP server properties#

HTTP server properties allow you to configure the HTTP server of Trino that handles Security including Secure internal communication, and serves the Trino web UI and the client API.

All properties described in this page are defined as follows, depending on the deployment type:

  • Kubernetes: In the properties.config.properties section of the the top-level coordinator node in the values.yaml file.

  • Starburst Admin: In the files/coordinator/config.properties.j2 and files/worker/config.properties.j2 files.

General#

http-server.process-forwarded#

  • Type: boolean

  • Default value: false

Enable treating forwarded HTTPS requests over HTTP as secure. Requires the X-Forwarded headers to be set to HTTPS on forwarded requests. This is commonly performed by a load balancer that terminates HTTPS to HTTP. Set to true when using such a load balancer in front of Trino or Trino Gateway. Find more details in Use a load balancer to terminate TLS/HTTPS.

HTTP and HTTPS#

http-server.http.port#

  • Type: integer

  • Default value: 8080

Specify the HTTP port for the HTTP server.

http-server.https.enabled#

  • Type: boolean

  • Default value: false

Enable TLS and HTTPS.

http-server.https.port#

  • Type: integer

  • Default value: 8443

Specify the HTTPS port for the HTTP server.

http-server.https.included-cipher and http-server.https.excluded-cipher#

Optional configuration for ciphers to use TLS, find details in Supported standards.

http-server.https.keystore.path#

The location of the PEM or Java keystore file used to enable TLS and HTTPS.

http-server.https.keystore.key#

The password for the PEM or Java keystore.

http-server.https.truststore.path#

  • Type: boolean

  • Default value: false

The location of the optional PEM or Java truststore file for additional certificate authorities. Find details in TLS and HTTPS.

http-server.https.truststore.key#

  • Type: boolean

  • Default value: false

The password for the optional PEM or Java truststore.

http-server.https.keymanager.password#

Password for a key within a keystore, when a different password is configured for the specific key. Find details in TLS and HTTPS.

http-server.https.secure-random-algorithm#

Optional name of the algorithm to generate secure random values for internal communication.

http-server.https.ssl-session-timeout#

Time duration for a valid TLS client session.

http-server.https.ssl-session-cache-size#

  • Type: integer

  • Default value: 10000

Maximum number of SSL session cache entries.

http-server.https.ssl-context.refresh-time#

Time between reloading default certificates.

Authentication#

http-server.authentication.type#

Configures the ordered list of enabled authentication types.

All authentication requires secure connections using TLS and HTTPS or process forwarding enabled, and a configured shared secret.

http-server.authentication.allow-insecure-over-http#

Enable HTTP when any authentication is active. Defaults to true, but is automatically set to false with active authentication. Overriding the value to true can be useful for testing, but is not secure. More details in TLS and HTTPS.

http-server.authentication.certificate.*#

Configuration properties for Certificate authentication.

http-server.authentication.jwt.*#

Configuration properties for JWT authentication.

http-server.authentication.krb5.*#

Configuration properties for Kerberos authentication.

http-server.authentication.oauth2.*#

Configuration properties for OAuth 2.0 authentication.

http-server.authentication.password.*#

Configuration properties for the PASSWORD authentication types LDAP authentication, Password file authentication, and Salesforce authentication.

Logging#

http-server.log.*#

Configuration properties for Logging properties.