HTTP server properties#
HTTP server properties allow you to configure the HTTP server of Trino that handles Security including Secure internal communication, and serves the Trino web UI and the client API.
All properties described in this page are defined as follows, depending on the deployment type:
Kubernetes: In the
properties.config.properties
section of the the top-levelcoordinator
node in thevalues.yaml
file.Starburst Admin: In the
files/coordinator/config.properties.j2
andfiles/worker/config.properties.j2
files.
General#
http-server.process-forwarded
#
Type: boolean
Default value:
false
Enable treating forwarded HTTPS requests over HTTP as secure. Requires the
X-Forwarded
headers
to be set to HTTPS
on forwarded requests. This is commonly performed by a load
balancer that terminates HTTPS to HTTP. Set to true
when using such a load
balancer in front of Trino or Trino
Gateway. Find more details in
Use a load balancer to terminate TLS/HTTPS.
HTTP and HTTPS#
http-server.http.port
#
Type: integer
Default value:
8080
Specify the HTTP port for the HTTP server.
http-server.https.enabled
#
Type: boolean
Default value:
false
Enable TLS and HTTPS.
http-server.https.port
#
Type: integer
Default value:
8443
Specify the HTTPS port for the HTTP server.
http-server.https.included-cipher
and http-server.https.excluded-cipher
#
Optional configuration for ciphers to use TLS, find details in Supported standards.
http-server.https.keystore.path
#
Type: string
The location of the PEM or Java keystore file used to enable TLS and HTTPS.
http-server.https.keystore.key
#
Type: string
The password for the PEM or Java keystore.
http-server.https.truststore.path
#
Type: boolean
Default value:
false
The location of the optional PEM or Java truststore file for additional certificate authorities. Find details in TLS and HTTPS.
http-server.https.truststore.key
#
Type: boolean
Default value:
false
The password for the optional PEM or Java truststore.
http-server.https.keymanager.password
#
Type: string
Password for a key within a keystore, when a different password is configured for the specific key. Find details in TLS and HTTPS.
http-server.https.secure-random-algorithm
#
Type: string
Optional name of the algorithm to generate secure random values for internal communication.
http-server.https.ssl-session-timeout
#
Type: duration
Default value:
4h
Time duration for a valid TLS client session.
http-server.https.ssl-session-cache-size
#
Type: integer
Default value:
10000
Maximum number of SSL session cache entries.
http-server.https.ssl-context.refresh-time
#
Type: duration
Default value:
1m
Time between reloading default certificates.
Authentication#
http-server.authentication.type
#
Type: string
Configures the ordered list of enabled authentication types.
All authentication requires secure connections using TLS and HTTPS or process forwarding enabled, and a configured shared secret.
http-server.authentication.allow-insecure-over-http
#
Type: boolean
Enable HTTP when any authentication is active. Defaults to true
, but is
automatically set to false
with active authentication. Overriding the value to
true
can be useful for testing, but is not secure. More details in
TLS and HTTPS.
http-server.authentication.certificate.*
#
Configuration properties for Certificate authentication.
http-server.authentication.jwt.*
#
Configuration properties for JWT authentication.
http-server.authentication.krb5.*
#
Configuration properties for Kerberos authentication.
http-server.authentication.oauth2.*
#
Configuration properties for OAuth 2.0 authentication.
http-server.authentication.password.*
#
Configuration properties for the PASSWORD
authentication types
LDAP authentication, Password file authentication, and Salesforce authentication.
Logging#
http-server.log.*
#
Configuration properties for Logging properties.
(props-internal-communication)
Internal communication#
The following properties are used for configuring the internal communication between all nodes of a Trino cluster.
internal-communication.http2.enabled
#
Type: boolean
Default value:
true
Enable use of the HTTP/2 protocol for internal communication for enhanced scalability compared to HTTP/1.1. Only turn this feature off if you encounter issues with HTTP/2 usage within the cluster in your deployment.
internal-communication.https.required
#
Type: boolean
Default value:
false
Enable the use of SSL/TLS for all internal communication.