Enable HTTPS for OpenWayback Tomcat

HTTPS protects replay traffic from passive observers.

Generate keystore

keytool -genkeypair -alias wayback   -keyalg RSA -keysize 4096   -keystore /opt/tomcat/conf/wayback.jks

server.xml connector

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
           maxThreads="150" SSLEnabled="true">
  <SSLHostConfig>
    <Certificate certificateKeystoreFile="conf/wayback.jks"
                 certificateKeystorePassword="changeit"
                 type="RSA" />
  </SSLHostConfig>
</Connector>

Update `wayback.xml`

wayback.url.scheme=https
wayback.url.port=443

Diagram

  flowchart LR
    A[Client] -->|TLS| B[Tomcat 8443]
    B --> C[OpenWayback]

Reload Tomcat and check https://host:8443/wayback/ before exposing through a proxy or load balancer.