From d1324635e6b5b9f7b6728f6577eac7756a69fd4b Mon Sep 17 00:00:00 2001 From: Georgios Andrianakis Date: Fri, 21 Jun 2024 11:05:29 +0300 Subject: [PATCH] Document TLS configuration for WebSockets Next Closes: #41279 --- .../asciidoc/websockets-next-reference.adoc | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/docs/src/main/asciidoc/websockets-next-reference.adoc b/docs/src/main/asciidoc/websockets-next-reference.adoc index dd66cb45d4987..99b9e1ccacfb6 100644 --- a/docs/src/main/asciidoc/websockets-next-reference.adoc +++ b/docs/src/main/asciidoc/websockets-next-reference.adoc @@ -783,6 +783,10 @@ public class ExampleHttpUpgradeCheck implements HttpUpgradeCheck { TIP: You can choose WebSocket endpoints to which the `HttpUpgradeCheck` is applied with the `HttpUpgradeCheck#appliesTo` method. +=== TLS + +As a direct consequence of the fact this extension reuses the _main_ HTTP server, all the relevant server configurations apply. See Refer to the xref:http-reference.adoc#ssl[HTTP guide] for more details. + == Client API [[client-connectors]] @@ -934,6 +938,23 @@ class MyBean { There are also other convenient methods. For example, `OpenClientConnections#findByClientId(String)` makes it easy to find connections for a specific endpoint. +=== Configuring SSL/TLS + +To establish a TLS connection, you need to configure a _named_ configuration using the xref:./tls-registry-reference.adoc[TLS registry]: + +[source, properties] +---- +quarkus.tls.my-ws-client.trust-store.p12.path=server-truststore.p12 +quarkus.tls.my-ws-client.trust-store.p12.password=secret + +quarkus.websockets-next.client.tls-configuration-name=my-ws-client # Reference the named configuration +---- + +WARNING: When using the WebSocket client, using a _named_ configuration is required to avoid conflicts with other TLS configurations. +The client will not use the default TLS configuration. + +When you configure a _named_ TLS configuration, TLS is enabled by default. + [[traffic-logging]] == Traffic logging