TLS#
Enable HTTPS on the coordinator using a self-signed certificate.
Usage#
Provision the module:
minitrino provision -m tls
Connect to the coordinator container’s Trino CLI:
minitrino exec -i 'trino-cli'
Connect to the coordinator over HTTPS:
trino-cli --server https://minitrino:8443 \
--truststore-path /etc/"${CLUSTER_DIST}"/tls/truststore.jks \
--truststore-password changeit \
--user bob --password
Confirm the TLS handshake succeeded by running a query:
SHOW SCHEMAS FROM tpch;
Client Keystore and Truststore#
The Java keystore and truststore required for clients and drivers are available
on the host machine at ~/.minitrino/tls/${CLUSTER_NAME}/.
The truststore is also available in the container at
/etc/${CLUSTER_DIST}/tls/truststore.jks.
minitrino exec -i 'ls -l /etc/${CLUSTER_DIST}/tls/'
-rw-rw-r-- 1 trino root 3454 Jun 19 22:02 keystore.jks
-rw-rw-r-- 1 trino root 1460 Jun 19 22:02 minitrino_cert.cer
-rw-rw-r-- 1 trino root 1414 Jun 19 22:02 truststore.jks
Accessing the Coordinator Over HTTPS#
Using Docker#
minitrino exec -i 'trino-cli \
--server https://minitrino:8443 \
--truststore-path /etc/${CLUSTER_DIST}/tls/truststore.jks \
--truststore-password changeit'
Certificate trust can be bypassed by using the --insecure flag:
minitrino exec -i 'trino-cli \
--server https://minitrino:8443 \
--insecure'
Using Host Machine#
trino-cli-executable.jar \
--server https://localhost:8443 \
--truststore-path ~/.minitrino/${CLUSTER_NAME}/tls/truststore.jks \
--truststore-password changeit
Using the Web UI#
Open a browser and navigate to https://localhost:8443.
Browser |
How to Accept Self-Signed Certificate |
|---|---|
Chrome |
Click anywhere and type |
Firefox |
Click Advanced → Accept the Risk and Continue |
Safari |
Click Show Details → visit this website |