arrow-rightgithublinkedinscroll-to-topzig-zag

Configure HTTPS for TeamCity on Ubuntu Server

Published on

Configure HTTPS for TeamCity might be a non-trivial task as it requires specific Java-related configuration. However, this issue is solvable and I would use a self-generated certificate for that.

Unlike regular certificate generation process, where we use openssl utility, Java has its own generation tool called keytool. With a help of keytool we would generate file called *.jks. It’s Java Keystore File. In this example, I will name the file as teamcity.jks and put it into /etc/ssl/ folder. You’re free to choose any folder and file name you like.

To generate *.jks file run the following command in a terminal:

keytool -genkey -alias teamcity -keyalg RSA -keystore /etc/ssl/teamcity.jks

You’ll be prompted to create a new password (remember it!) for keystore and enter some information about your website:

Enter keystore password:
Re-enter new password:
What is your first and last name?
  [Unknown]: Sergey Kryvets
What is the name of your organizational unit?
  [Unknown]: System
What is the name of your organization?
  [Unknown]: Company, Inc.
What is the name of your City or Locality?
  [Unknown]: Dallas
What is the name of your State or Province?
  [Unknown]: TX
What is the two-letter country code for this unit?
  [Unknown]: US
Is CN=Sergey Kryvets, OU=System, O="Company, Inc.", L=Dallas, ST=TX, C=US correct?
  yes
Enter key password for <teamcity>
  (RETURN if same as keystore password): 

The last part is we need to point TeamCity to the newly generated keystore file. This can be done in server.xml.

vim teamcitypath/conf/server.xml

If you installed TeamCity in the same way I did in this article, then you can edit server.xml using the following command:

vim /opt/jetbrains/TeamCity/conf/server.xml

Find the following part of configuration:

<Connector port="8543" protocol="org.apache.coyote.http11.Http11NioProtocol"
connectionTimeout="60000"
useBodyEncodingForURI="true"
socket.txBufSize="64000"
socket.rxBufSize="64000"
SSLEnabled="true"
scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"/>

and modify it by adding path and password for teamcity.jks:

<Connector port="8543" protocol="org.apache.coyote.http11.Http11NioProtocol"
connectionTimeout="60000"
useBodyEncodingForURI="true"
socket.txBufSize="64000"
socket.rxBufSize="64000"
SSLEnabled="true"
scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/etc/ssl/teamcity.jks" keystorePass="whatever" />

Save changes, and restart TeamCity.

You should be able to access it via https using port 8543.