Thank you MightyByte, that did the trick. In order to avoid questions like
this in the future, you may want to update the instructions at:
http://snapframework.com/faq#how-do-i-enable-ssl
to be:
./app --ssl-port=443 --ssl-cert=cert.pem --ssl-key=key.pem --ssl-address=0.0.0.0 --ssl-chain-cert=False
Best wishes,
Henry Laxen
>>>>> "MightyByte" == MightyByte <
might...@gmail.com> writes:
MightyByte> You need to also do setSSLChainCert as well. See
MightyByte>
https://github.com/snapframework/snap-server/issues/92
Henry> On Sun, Nov 27, 2016 at 1:22 PM, Henry Laxen <
nadine.a...@gmail.com> wrote:
Henry> I must be doing something dumb, but I just don't see it. I'm trying
Henry> to run snap-server with ssl enabled. I've created a self-signed certificate
Henry> following the instructions at:
Henry>
Henry>
https://wiki.archlinux.org/index.php/OpenSSL#Signing_certificates
Henry>
Henry> ls -ahl private
Henry> total 20K
Henry> drwx------ 2 henry henry 4.0K Nov 27 11:11 .
Henry> drwxr-xr-x 16 henry henry 4.0K Nov 27 11:40 ..
Henry> -rw-r--r-- 1 henry henry 1.9K Nov 27 11:11 cacert.pem
Henry> -rw------- 1 henry henry 3.2K Nov 27 11:10 key.pem
Henry> -rw-r--r-- 1 henry henry 1.7K Nov 27 11:10 req.csr
Henry>
Henry> I build snap with stack, using the stack.yaml file as follows:
Henry>
Henry> flags:
Henry> snap:
Henry> hint: true
Henry> development: true
Henry> snap-server:
Henry> openssl: true
Henry> extra-package-dbs: []
Henry> packages:
Henry> - '.'
Henry> extra-deps:
Henry> - heist-1.0.0.0
Henry> - map-syntax-0.2.0.1
Henry> - snap-1.0.0.1
Henry> - websockets-snap-0.10.0.0
Henry> - snap-loader-static-1.0.0.0
Henry> - daemons-0.2.1
Henry> - enumerator-0.4.20
Henry> - fay-ref-0.1.0.0
Henry> - logging-3.0.4
Henry> - snap-loader-dynamic-1.0.0.0
Henry> - urlencoded-0.4.1
Henry> - value-supply-0.6
Henry> - alex-3.2.1
Henry> - happy-1.19.5
Henry> - snap-server-1.0.1.1
Henry> resolver: lts-7.8
Henry>
Henry> It seems to build okay and I wind up with an executable at:
Henry> .stack-work/dist/x86_64-linux/Cabal-1.24.0.0/build/trivia/trivia
Henry> as I expect.
Henry>
Henry> My Main.hs program has:
Henry>
Henry> getConf :: IO (Config Snap ())
Henry> getConf = do
Henry> c1 <- commandLineConfig defaultConfig
Henry> let c2 = setAccessLog (ConfigFileLog (logRoot </> "access.log")) c1
Henry> c3 = setErrorLog (ConfigFileLog (logRoot </> "error.log")) c2
Henry> c4 = setSSLPort 443 c3
Henry> c5 = setSSLBind "0.0.0.0" c4
Henry> c6 = setSSLCert (certRoot </> "cacert.pem") c5
Henry> c7 = setSSLKey (certRoot </> "key.pem") c6
Henry> return c7
Henry>
Henry> I print out config just before calling httpServe and get:
Henry>
Henry> Config:
Henry> hostname: Just "localhost"
Henry> accessLog: Just log to file "/home/henry/nadineloveshenry/log/access.log"
Henry> errorLog: Just log to file "/home/henry/nadineloveshenry/log/error.log"
Henry> locale: Just "en_US"
Henry> port: Just 80
Henry> bind: Just "0.0.0.0"
Henry> sslport: Just 443
Henry> sslbind: Just "0.0.0.0"
Henry> sslcert: Just "/home/henry/nadineloveshenry/private/cacert.pem"
Henry> sslchaincert: Nothing
Henry> sslkey: Just "/home/henry/nadineloveshenry/private/key.pem"
Henry> unixsocket: Nothing
Henry> unixaccessmode: Nothing
Henry> compression: Just True
Henry> verbose: Just True
Henry> defaultTimeout: Just 60
Henry> proxyType: Nothing
Henry>
Henry> but when I do a netstat -nltp no one is listening to port 443, and of
Henry> course I cannot connect via https.
Henry>
Henry> What am I missing? Thanks in advance.
Henry>