I was able to configure this setup in this way (no deep testing, but
seems to work fine, still almost no time ;).
I used the primer to create a CometD 2 application.
Then I added this servlet to web.xml:
<servlet>
<servlet-name>proxy</servlet-name>
<servlet-class>org.eclipse.jetty.servlets.ProxyServlet$Transparent</servlet-class>
<init-param>
<param-name>ProxyTo</param-name>
<param-value>http://localhost:80</param-value>
</init-param>
<init-param>
<param-name>Prefix</param-name>
<param-value>/</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>proxy</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
That's it.
The whole webapp is deployed to context path /.
Given the rules for mapping requests to servlets, any request to
/cometd/* will be mapped to the CometD servlet (because its mapping -
/cometd/* - is more specific than the other mapping - /*), and any
other request will be mapped to the proxy servlet, which redirects to
whatever is listening on port 80.
Let us know if it works for you.
Simon
--
http://bordet.blogspot.com
---
Finally, no matter how good the architecture and design are,
to deliver bug-free software with optimal performance and reliability,
the implementation technique must be flawless. Victoria Livschitz
On Wed, Aug 11, 2010 at 22:04, BlastChat <blas...@gmail.com> wrote:
> First of all thank you for getting back to me, I was afraid you forgot
> my issue. I was expecting it would work something like that, but let
> me ask few specifics:
>
> 1. I am using cometd 1.0.0, jetty 6.1.22, will the code look the same
> for that version?
I used CometD 2 and Jetty 7, but should be the same for CometD 1 and
Jetty 6, modulo some package renaming (which you got right in a later
email, "org.mortbay.proxy.AsyncProxyServlet$Transparent").
> 2. into which web.xml do I place this code? into my chat servlet
> web.xml?
Yes.
> 3. my webapp directory is more or less empty (I mean I do not have my
> php files there), only cometd.war is there, is that alright, or what
> does it exactly mean that "whole webapp is deployed to context path /"
It means that the web application is deployed to the root context (or,
equivalently that the contextPath is the emtpy string). You have
deployed your webapp under context path "/cometd", and the servlet
path is again "/cometd" (so your CometD servlet responds to
http://mysite/cometd/cometd). You need to change the deployment of
that webapp to have context path "" and servlet path "/cometd" (so
your CometD servlet responds to http://mysite/cometd).
Show me how you deployed your war, and I'll tell you how to do it.
In this way a request to http://mysite.com/index.php ends up to Jetty,
which figures out this request is for the web application deployed on
the root context; then Jetty figures out this request is for the proxy
servlet (because it does not match "/cometd/*"), the proxy servlet
calls Apache, and returns the response to the client.
Regarding https, there is no need for you to forward https requests to
Apache. Let Jetty handle both http and https, and have the
communication between Jetty and Apache in plain http.
So you configure 2 connectors in Jetty (http and https) and one in
Apache (http).
The proxy servlet does not support forwarding https traffic.
Regarding the slow start time, you can take a thread dump by hitting
ctrl + \ in the console (Unix/Linux); it is probably due to the fact
that the SSL machinery needs a secure random seed, and this is
generated by listening to hardware events until a sufficient amount of
random noise is gathered. If this is the case, there is not much we
can do about, but please confirm it.
Simon
--
On Thu, Aug 12, 2010 at 20:25, BlastChat <blas...@gmail.com> wrote:
> So, I am assuming that changing
> <Set name="contextPath">/cometd</Set>
> to
> <Set name="contextPath">/</Set>
> will take care of /cometd/cometd change to /cometd calls.
Correct.
> 2. about ssl
> When Jetty is started with ports 8080 and 8443 all works fine:
>
> 2010-08-11 22:50:35.242:INFO::Started
> SelectChann...@0.0.0.0:8080
> 2010-08-11 22:50:35.607:INFO::Started
> SslSelectCha...@0.0.0.0:8443
>
> But when I changed it to 80 and 443 I got those cipher suites problem:
>
> 010-08-11 22:41:12.126:INFO::Started
> SelectChannelConnec...@0.0.0.0:80
> 2010-08-11 22:41:12.763:INFO::Started
> SslSelectChannelConnec...@0.0.0.0:443
> 2010-08-11 22:41:13.046:WARN::javax.net.ssl.SSLHandshakeException: no
> cipher suites in common
>
> I am not quite sure why would this come up just because 8443 was
> changed to 443, any idea?
Nope, very strange.
Are you starting Jetty with root privileges ? And you don't have file
permission problems reading the keystore files ?
I think it's the "password", which is the keystore password.
However, I would not use a specific alias (you used "jetty" above),
just use the default. I would like to avoid that the server looks for
the cert on the default alias when you've put it somewhere else, and
for this reason you get the error.
On Sat, Aug 14, 2010 at 10:16, BlastChat <blas...@gmail.com> wrote:
> so I made another attempt to "switch". this time it went a little bit
> further:
>
> 1. I moved context from /cometd to / with a success
> 2. Started jetty on 80 and 443 (443 has still
> ":javax.net.ssl.SSLHandshakeException: no cipher suites in common"
> warning, which is not showing up when 8443 port is used, I could go
> around by redirect 443 to 8443 at iptables level)
> 3. direct request to http://www.myweb.com loading php page, page loads
> but looks like no images are loaded, no .css probably not even .js
> files are being delivered back to browser (client). This is a major
> showstopper.
>
> Following error was not generated when http://www.myweb.com was used
> (so it is not related to no images, no css, only a wild guess), but
> URL called a different page
> 2010-08-14 00:54:54.629:WARN::/index2.php?option=...
> java.lang.NumberFormatException: 8080index2.php?option=...
"8080" is attached to the path "index2.php"
What have you specified as ProxyTo and Prefix ? You must be missing a slash.
On Sat, Aug 14, 2010 at 19:59, BlastChat <blas...@gmail.com> wrote:
> btw, I think 8443 and 443 makes no difference, difference is only that
> I never did hit 8443 in my original configuration, so I was not seeing
> this warning at all. There must be problem with something somewhere,
> not sure what
>
> WARN::javax.net.ssl.SSLHandshakeException: no cipher suites in common
I think you have a problem either with the certificate or with the way
it is imported to the keystore via the keytool command.
You should have generated a key pair (RSA or DSA ?), extracted the
certificate signing request, sent it to a root certificate authority,
got it signed and received it back.
What you get back from the root CA is what you should import.
If you did so, what does:
keytool -list -keystore keystore -v
prints ?
Are you sure that the root certificate authority you used is
recognized by the JDK ?
On Sat, Aug 14, 2010 at 22:11, BlastChat <blas...@gmail.com> wrote:
> Does that mean then that example at http://docs.codehaus.org/display/JETTY/Asynchronous+Proxy+Servlet
> is incorrect and / should be there too?
> <param-name>ProxyTo</param-name><param-value>http://www.google.com</
> param-value>
> should be
> <param-name>ProxyTo</param-name><param-value>http://www.google.com/</
> param-value>
Seems that the documentation is wrong, perhaps only in the case of the
root context.
I just tried with http://localhost:8080/ and works for me.
Simon
--
On Sun, Aug 15, 2010 at 07:30, BlastChat <blas...@gmail.com> wrote:
> 3. So it started up, and is actually working, but now I see following
> errors in jetty error log
>
> 2010-08-14 22:23:08.461:WARN::EXCEPTION on
> org.mortbay.proxy.AsyncProxyServlet$1@1454609693=GET//127.0.0.1:8080/
> components/com_bc/js/bc/dojo/dojo.js?v=200902112385#9
> org.mortbay.jetty.EofException
> at org.mortbay.jetty.HttpGenerator.flush(HttpGenerator.java:
> 787)
> at org.mortbay.jetty.AbstractGenerator
> $Output.blockForOutput(AbstractGenerator.java:550)
Jetty was trying to write more data to a slow connection, but the
client closed it.
Ignorable.
> 2010-08-14 22:24:59.264:WARN::javax.net.ssl.SSLException: Received
> fatal alert: unknown_ca
> 2010-08-14 22:25:41.290:WARN::javax.net.ssl.SSLException: Received
> fatal alert: unknown_ca
No idea, but seems a problem with the client's certificate chain...
Perhaps an attack ?
> java.lang.IllegalStateException: State==HEADER
> at org.mortbay.jetty.HttpGenerator.flush(HttpGenerator.java:
I think this was fixed. Remind me what version of Jetty are you using ?
Any reason for you to stay on Jetty 6 and not switch to Jetty 7 ?
> 2010-08-14 22:39:27.977:WARN::SSL renegotiate denied:
> java.nio.channels.SocketChannel[connected local=/webservip:443 remote=/
> clientip:3744]
SSL renegotiation are denied to prevent a security risk. This is a
known bug in the JDK.
Hope I'm not causing any confusion here but I had some problems with the
same Proxy a while ago and this is my experience.
> Does that mean then that example at http://docs.codehaus.org/display/JETTY/Asynchronous+Proxy+Servlet
> is incorrect and / should be there too?
The example is correct.
What I did struggle with was double // sent to the destination server
after the proxy servlet had done it's job. Note that there is no
trailing / at the ProxyTo and a prefix / at the Prefix. If you have a
trailing / at the ProxyTo also you will get a // which will make the
request against the destination server fail.
Kind regards
Trygve Lie
http://www.trygve-lie.com/
I ran into serious problem today with the proxy, it stopped to forward
requests completely till I restarted jetty.
I am attaching log file for you to examine and hopefully be able to
tell me something about it or even better to find a solution I do not
see attach option.
Most of those errors are always present, but this time they somehow
spun into a more serious situation.
thank you for any comments or recommendations.
P.
--
You received this message because you are subscribed to the Google Groups "cometd-users" group.
To post to this group, send email to cometd...@googlegroups.com
To unsubscribe from this group, send email to cometd-users...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/cometd-users
Visit the CometD website at http://www.cometd.org
On Tue, Oct 12, 2010 at 09:20, BlastChat <blas...@gmail.com> wrote:
> Greg,
>
> 1. can you please provide link where to submit bug?
https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Jetty
Simon
--