HTTPS connections


Kpow supports SSL termination at the instance without a reverse proxy.

Once configured all content is served via HTTPS, meaning you must update any configured integrations including Prometheus scrapers, SSO providers (e.g. AUTH_LANDING_URI and callback-urls within the provider) as https://.


Kpow is powered by Jetty which uses Java KeyStores (JKS) to manage certificates.

Refer to the Jetty documentation for instructions on using the JDK keytool or OpenSSL to create and import certificates (e.g. a .pem file) into a KeyStore.

Set the following environment variable and start Kpow with SSL connections.

  • ENABLE_HTTPS=true Once set Kpow will serve HTTPS traffic on the configured UI PORT
  • HTTPS_KEYSTORE_LOCATION= The location of your KeyStore, e.g.
  • HTTPS_KEYSTORE_TYPE= The type of KeyStore (eg, PKCS12).
  • HTTPS_KEYSTORE_PASSWORD= The password of the KeyStore.
  • HTTPS_TRUSTSTORE_LOCATION= - (optional) The location of your Truststore e.g.
  • HTTPS_TRUSTSTORE_TYPE= (optional) The type of TrustStore.
  • HTTPS_TRUSTSTORE_PASSWORD= (optional) The password of the TrustStore.