Help running VocBench and SemanticTurkey on https
107 views
Skip to first unread message
Bruno Almeida
May 3, 2023, 4:49:45 AM5/3/23
to vocbench-user
Dear VocBench Users,
This is more of a problem with running the SemanticTurkey Karaf container on https, but I'm hoping someone can help me figure out why it isn't working. I'll start by acknowledging that I do not have a computer science background...
Following the documentation, I've unpacked the VocBench application and have it running on an Apache server here, in which I installed a certificate through certbot. We have Semantic Turkey running in a Docker container in the same machine, on port 1979. It works fine on http, but VocBench is not able to connect to Semantic Turkey through https (even after editing the required file in Semantic Turkey's etc/ dir).
I tried removing the Docker container and running Semantic Turkey directly on the server, as it is easier to edit the files. I followed these instructions, in the Karaf docs, generating a self-signed certificate and adding the required lines to {semanticturkey dir}/etc/org.ops4j.pax.web.cfg within the Docker container:
org.osgi.service.http.port= # Here I also tried commenting out the line and removing it. Made no difference.
javax.servlet.context.tempdir=${karaf.data}/pax-web-jsp
org.ops4j.pax.web.config.file=${karaf.etc}/jetty.xml
org.apache.karaf.features.configKey = org.ops4j.pax.web
javax.servlet.context.tempdir=${karaf.data}/pax-web-jsp
org.ops4j.pax.web.config.file=${karaf.etc}/jetty.xml
org.apache.karaf.features.configKey = org.ops4j.pax.web
org.osgi.service.http.port.secure=1979 # also tied running it on port 8443. Made no difference.
org.osgi.service.http.secure.enabled=true
org.ops4j.pax.web.ssl.keystore=${karaf.etc}/keystore # I've placed the keystore in the karaf etc/ dir
org.ops4j.pax.web.ssl.password=<super secret password>
org.ops4j.pax.web.ssl.keypassword=<super secret password>
org.osgi.service.http.enabled=false
org.osgi.service.https.enabled=true
org.osgi.service.http.secure.enabled=true
org.ops4j.pax.web.ssl.keystore=${karaf.etc}/keystore # I've placed the keystore in the karaf etc/ dir
org.ops4j.pax.web.ssl.password=<super secret password>
org.ops4j.pax.web.ssl.keypassword=<super secret password>
org.osgi.service.http.enabled=false
org.osgi.service.https.enabled=true
On the VocBench side, I added the Semantic Turkey port on vbconfig.js (var st_port = "1979";). I also tried specifying https as the protocol, but it didn't work. When I try connecting to https://vocbench.rossio.fcsh.unl.pt I always get the error:
Connection with ST server (https://vocbench.rossio.fcsh.unl.pt:1979) has failed; please check your internet connection.
Tiziano Lorenzetti
May 11, 2023, 6:44:27 AM5/11/23
to Bruno Almeida, vocbench-user
Dear Bruno,
Now, since I was using a self-signed/untrusted certificate, I had to do an additional step which should not be needed in you case if your certificate is valid.
sorry for the late reply. Anyway, I did a quick test and I was able to run SemanticTurkey on HTTPS with the following procedure.
- Just for this test I've generated a self-signed certificate using keytool and I've placed it at ..\semanticturkey-11.4\etc\keystore\keystore.jks
- I
've edited etc/org.ops4j.pax.web.cfg with the addition of the following lines
org.osgi.service.http.port.secure=8443
org.osgi.service.http.secure.enabled=true
org.ops4j.pax.web.ssl.keystore=${karaf.etc}/keystore/keystore.jks
org.ops4j.pax.web.ssl.password=<PWD_HERE>
org.ops4j.pax.web.ssl.keypassword=<PWD_HERE>
org.osgi.service.http.enabled=false
and I've also commented #org.osgi.service.http.port=1979 - I've deployed VocBench war on Tomcat webapps/ dir and, once Tomcat unpacked the war, I've edited vbconfig.js as follow:
var st_port = "8443";
var st_protocol = "https";
Please, notice that, unlike your configuration, org.ops4j.pax.web.ssl.keystore points to the keystore.jks file instead of the folder. In fact, by setting ${karaf.etc}/keystore as value, SemanticTurkey failed to start properly and printed the following error on the console
ERROR [paxweb-config-2-thread-1] Could not start the servlet context for context path []
java.nio.file.AccessDeniedException: C:\....\semanticturkey-11.4\etc\keystore
at sun.nio.fs.WindowsException.translateToIOException(WindowsException.java:83)
at [...]
ERROR [paxweb-config-2-thread-1] Could not start the servlet context for context path []
java.nio.file.AccessDeniedException: C:\....\semanticturkey-11.4\etc\keystore
at sun.nio.fs.WindowsException.translateToIOException(WindowsException.java:83)
at [...]
At the first access to VB, it gave me the connection error as well, but only because the browser blocked the requests to ST.
I had to manually perform the following request with the browser (it's the first request that VB usually sends to ST when you access it)
and I had to "accept" to continue to the requested URL. In this way the browser didn't block the requests to ST anymore.
Hope it helps.
Best regards,
Tiziano
--
You received this message because you are subscribed to the Google Groups "vocbench-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vocbench-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vocbench-user/ea34528a-5f05-43fc-8aa4-2bd441bdcc0an%40googlegroups.com.
Bruno Almeida
May 12, 2023, 11:33:49 AM5/12/23
to Tiziano Lorenzetti, vocbench-user
Dear Tiziano,
Thank you very much for the reply! The problem was indeed with the certificate I was using, which was self-signed.
I got a certificate through Let’s Encrypt and followed these instructions for converting the PEM files to JKS: https://keychest.net/stories/lets-encrypt-certificate-into-java-jks
Everything seems to be working now.
Best regards,
Bruno Almeida
Núcleo de Desenvolvimento Digital da Investigação
Faculdade de Ciências Sociais e Humanas – NOVA FCSH
Colégio Almada Negreiros - Campus de Campolide da NOVA
1099-085 Lisboa | Portugal
E-mail: brunoa...@fcsh.unl.pt
Web: www.fcsh.unl.pt
Reply all
Reply to author
Forward
0 new messages