problem with SSL on snap-server
46 views
Skip to first unread message
Henry Laxen
Nov 27, 2016, 1:22:02 PM11/27/16
to Snap Framework
I must be doing something dumb, but I just don't see it. I'm trying
to run snap-server with ssl enabled. I've created a self-signed certificate
following the instructions at:
ls -ahl private
total 20K
drwx------ 2 henry henry 4.0K Nov 27 11:11 .
drwxr-xr-x 16 henry henry 4.0K Nov 27 11:40 ..
-rw-r--r-- 1 henry henry 1.9K Nov 27 11:11 cacert.pem
-rw------- 1 henry henry 3.2K Nov 27 11:10 key.pem
-rw-r--r-- 1 henry henry 1.7K Nov 27 11:10 req.csr
I build snap with stack, using the stack.yaml file as follows:
flags:
snap:
hint: true
development: true
snap-server:
openssl: true
extra-package-dbs: []
packages:
- '.'
extra-deps:
- heist-1.0.0.0
- map-syntax-0.2.0.1
- snap-1.0.0.1
- websockets-snap-0.10.0.0
- snap-loader-static-1.0.0.0
- daemons-0.2.1
- enumerator-0.4.20
- fay-ref-0.1.0.0
- logging-3.0.4
- snap-loader-dynamic-1.0.0.0
- urlencoded-0.4.1
- value-supply-0.6
- alex-3.2.1
- happy-1.19.5
- snap-server-1.0.1.1
resolver: lts-7.8
It seems to build okay and I wind up with an executable at:
.stack-work/dist/x86_64-linux/Cabal-1.24.0.0/build/trivia/trivia
as I expect.
My Main.hs program has:
getConf :: IO (Config Snap ())
getConf = do
c1 <- commandLineConfig defaultConfig
let c2 = setAccessLog (ConfigFileLog (logRoot </> "access.log")) c1
c3 = setErrorLog (ConfigFileLog (logRoot </> "error.log")) c2
c4 = setSSLPort 443 c3
c5 = setSSLBind "0.0.0.0" c4
c6 = setSSLCert (certRoot </> "cacert.pem") c5
c7 = setSSLKey (certRoot </> "key.pem") c6
return c7
I print out config just before calling httpServe and get:
Config:
hostname: Just "localhost"
accessLog: Just log to file "/home/henry/nadineloveshenry/log/access.log"
errorLog: Just log to file "/home/henry/nadineloveshenry/log/error.log"
locale: Just "en_US"
port: Just 80
bind: Just "0.0.0.0"
sslport: Just 443
sslbind: Just "0.0.0.0"
sslcert: Just "/home/henry/nadineloveshenry/private/cacert.pem"
sslchaincert: Nothing
sslkey: Just "/home/henry/nadineloveshenry/private/key.pem"
unixsocket: Nothing
unixaccessmode: Nothing
compression: Just True
verbose: Just True
defaultTimeout: Just 60
proxyType: Nothing
but when I do a netstat -nltp no one is listening to port 443, and of
course I cannot connect via https.
What am I missing? Thanks in advance.
MightyByte
Nov 27, 2016, 1:45:55 PM11/27/16
to snap_fr...@googlegroups.com
You need to also do setSSLChainCert as well. See
https://github.com/snapframework/snap-server/issues/92
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "Snap Framework" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to snap_framewor...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
https://github.com/snapframework/snap-server/issues/92
>
> ---
> You received this message because you are subscribed to the Google Groups
> "Snap Framework" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to snap_framewor...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Henry Laxen
Nov 27, 2016, 10:31:17 PM11/27/16
to snap_fr...@googlegroups.com
Thank you MightyByte, that did the trick. In order to avoid questions like
this in the future, you may want to update the instructions at:
http://snapframework.com/faq#how-do-i-enable-ssl
to be:
./app --ssl-port=443 --ssl-cert=cert.pem --ssl-key=key.pem --ssl-address=0.0.0.0 --ssl-chain-cert=False
Best wishes,
Henry Laxen
>>>>> "MightyByte" == MightyByte <might...@gmail.com> writes:
MightyByte> You need to also do setSSLChainCert as well. See
MightyByte> https://github.com/snapframework/snap-server/issues/92
Henry> On Sun, Nov 27, 2016 at 1:22 PM, Henry Laxen <nadine.a...@gmail.com> wrote:
Henry> I must be doing something dumb, but I just don't see it. I'm trying
Henry> to run snap-server with ssl enabled. I've created a self-signed certificate
Henry> following the instructions at:
Henry>
Henry> https://wiki.archlinux.org/index.php/OpenSSL#Signing_certificates
Henry>
Henry> ls -ahl private
Henry> total 20K
Henry> drwx------ 2 henry henry 4.0K Nov 27 11:11 .
Henry> drwxr-xr-x 16 henry henry 4.0K Nov 27 11:40 ..
Henry> -rw-r--r-- 1 henry henry 1.9K Nov 27 11:11 cacert.pem
Henry> -rw------- 1 henry henry 3.2K Nov 27 11:10 key.pem
Henry> -rw-r--r-- 1 henry henry 1.7K Nov 27 11:10 req.csr
Henry>
Henry> I build snap with stack, using the stack.yaml file as follows:
Henry>
Henry> flags:
Henry> snap:
Henry> hint: true
Henry> development: true
Henry> snap-server:
Henry> openssl: true
Henry> extra-package-dbs: []
Henry> packages:
Henry> - '.'
Henry> extra-deps:
Henry> - heist-1.0.0.0
Henry> - map-syntax-0.2.0.1
Henry> - snap-1.0.0.1
Henry> - websockets-snap-0.10.0.0
Henry> - snap-loader-static-1.0.0.0
Henry> - daemons-0.2.1
Henry> - enumerator-0.4.20
Henry> - fay-ref-0.1.0.0
Henry> - logging-3.0.4
Henry> - snap-loader-dynamic-1.0.0.0
Henry> - urlencoded-0.4.1
Henry> - value-supply-0.6
Henry> - alex-3.2.1
Henry> - happy-1.19.5
Henry> - snap-server-1.0.1.1
Henry> resolver: lts-7.8
Henry>
Henry> It seems to build okay and I wind up with an executable at:
Henry> .stack-work/dist/x86_64-linux/Cabal-1.24.0.0/build/trivia/trivia
Henry> as I expect.
Henry>
Henry> My Main.hs program has:
Henry>
Henry> getConf :: IO (Config Snap ())
Henry> getConf = do
Henry> c1 <- commandLineConfig defaultConfig
Henry> let c2 = setAccessLog (ConfigFileLog (logRoot </> "access.log")) c1
Henry> c3 = setErrorLog (ConfigFileLog (logRoot </> "error.log")) c2
Henry> c4 = setSSLPort 443 c3
Henry> c5 = setSSLBind "0.0.0.0" c4
Henry> c6 = setSSLCert (certRoot </> "cacert.pem") c5
Henry> c7 = setSSLKey (certRoot </> "key.pem") c6
Henry> return c7
Henry>
Henry> I print out config just before calling httpServe and get:
Henry>
Henry> Config:
Henry> hostname: Just "localhost"
Henry> accessLog: Just log to file "/home/henry/nadineloveshenry/log/access.log"
Henry> errorLog: Just log to file "/home/henry/nadineloveshenry/log/error.log"
Henry> locale: Just "en_US"
Henry> port: Just 80
Henry> bind: Just "0.0.0.0"
Henry> sslport: Just 443
Henry> sslbind: Just "0.0.0.0"
Henry> sslcert: Just "/home/henry/nadineloveshenry/private/cacert.pem"
Henry> sslchaincert: Nothing
Henry> sslkey: Just "/home/henry/nadineloveshenry/private/key.pem"
Henry> unixsocket: Nothing
Henry> unixaccessmode: Nothing
Henry> compression: Just True
Henry> verbose: Just True
Henry> defaultTimeout: Just 60
Henry> proxyType: Nothing
Henry>
Henry> but when I do a netstat -nltp no one is listening to port 443, and of
Henry> course I cannot connect via https.
Henry>
Henry> What am I missing? Thanks in advance.
Henry>
this in the future, you may want to update the instructions at:
http://snapframework.com/faq#how-do-i-enable-ssl
to be:
./app --ssl-port=443 --ssl-cert=cert.pem --ssl-key=key.pem --ssl-address=0.0.0.0 --ssl-chain-cert=False
Best wishes,
Henry Laxen
>>>>> "MightyByte" == MightyByte <might...@gmail.com> writes:
MightyByte> You need to also do setSSLChainCert as well. See
MightyByte> https://github.com/snapframework/snap-server/issues/92
Henry> On Sun, Nov 27, 2016 at 1:22 PM, Henry Laxen <nadine.a...@gmail.com> wrote:
Henry> I must be doing something dumb, but I just don't see it. I'm trying
Henry> to run snap-server with ssl enabled. I've created a self-signed certificate
Henry> following the instructions at:
Henry>
Henry> https://wiki.archlinux.org/index.php/OpenSSL#Signing_certificates
Henry>
Henry> ls -ahl private
Henry> total 20K
Henry> drwx------ 2 henry henry 4.0K Nov 27 11:11 .
Henry> drwxr-xr-x 16 henry henry 4.0K Nov 27 11:40 ..
Henry> -rw-r--r-- 1 henry henry 1.9K Nov 27 11:11 cacert.pem
Henry> -rw------- 1 henry henry 3.2K Nov 27 11:10 key.pem
Henry> -rw-r--r-- 1 henry henry 1.7K Nov 27 11:10 req.csr
Henry>
Henry> I build snap with stack, using the stack.yaml file as follows:
Henry>
Henry> flags:
Henry> snap:
Henry> hint: true
Henry> development: true
Henry> snap-server:
Henry> openssl: true
Henry> extra-package-dbs: []
Henry> packages:
Henry> - '.'
Henry> extra-deps:
Henry> - heist-1.0.0.0
Henry> - map-syntax-0.2.0.1
Henry> - snap-1.0.0.1
Henry> - websockets-snap-0.10.0.0
Henry> - snap-loader-static-1.0.0.0
Henry> - daemons-0.2.1
Henry> - enumerator-0.4.20
Henry> - fay-ref-0.1.0.0
Henry> - logging-3.0.4
Henry> - snap-loader-dynamic-1.0.0.0
Henry> - urlencoded-0.4.1
Henry> - value-supply-0.6
Henry> - alex-3.2.1
Henry> - happy-1.19.5
Henry> - snap-server-1.0.1.1
Henry> resolver: lts-7.8
Henry>
Henry> It seems to build okay and I wind up with an executable at:
Henry> .stack-work/dist/x86_64-linux/Cabal-1.24.0.0/build/trivia/trivia
Henry> as I expect.
Henry>
Henry> My Main.hs program has:
Henry>
Henry> getConf :: IO (Config Snap ())
Henry> getConf = do
Henry> c1 <- commandLineConfig defaultConfig
Henry> let c2 = setAccessLog (ConfigFileLog (logRoot </> "access.log")) c1
Henry> c3 = setErrorLog (ConfigFileLog (logRoot </> "error.log")) c2
Henry> c4 = setSSLPort 443 c3
Henry> c5 = setSSLBind "0.0.0.0" c4
Henry> c6 = setSSLCert (certRoot </> "cacert.pem") c5
Henry> c7 = setSSLKey (certRoot </> "key.pem") c6
Henry> return c7
Henry>
Henry> I print out config just before calling httpServe and get:
Henry>
Henry> Config:
Henry> hostname: Just "localhost"
Henry> accessLog: Just log to file "/home/henry/nadineloveshenry/log/access.log"
Henry> errorLog: Just log to file "/home/henry/nadineloveshenry/log/error.log"
Henry> locale: Just "en_US"
Henry> port: Just 80
Henry> bind: Just "0.0.0.0"
Henry> sslport: Just 443
Henry> sslbind: Just "0.0.0.0"
Henry> sslcert: Just "/home/henry/nadineloveshenry/private/cacert.pem"
Henry> sslchaincert: Nothing
Henry> sslkey: Just "/home/henry/nadineloveshenry/private/key.pem"
Henry> unixsocket: Nothing
Henry> unixaccessmode: Nothing
Henry> compression: Just True
Henry> verbose: Just True
Henry> defaultTimeout: Just 60
Henry> proxyType: Nothing
Henry>
Henry> but when I do a netstat -nltp no one is listening to port 443, and of
Henry> course I cannot connect via https.
Henry>
Henry> What am I missing? Thanks in advance.
Henry>
Decebal Popa
Dec 1, 2017, 8:52:46 PM12/1/17
to Snap Framework
Can you please tell me how do you handle the redirect from http to https? Thanks!
resolve: lts-7.8
Reply all
Reply to author
Forward
0 new messages