enable hostname / domain name on Akka Http for SSL
97 views
Skip to first unread message
abd...@wealthtech.in
Apr 17, 2017, 7:48:23 AM4/17/17
to Akka User List
Hi,
I have configured my AKKA Code to import and use SSL in its HTTP via SSLContext ....The SSL I have used is purchased from GeoTrust (Third Party) and SSL certificate is configured to serve for specific hostname / domain name like "tech.com" - How do I configure Akka to listen for this hostname and not for the IP Address directly - So that the SSL works as needed.
problem faced: if I send a request using postman on http protocol it works well but https requests fails - as I havent dont any hostname configuration in Akka.
I am getting some clue on http://doc.akka.io/docs/akka-http/current/java/http/configuration.html but I am confused how do I use this configuration file in my code and following configuration on the above link makes me confuse
# The proxy configurations to be used for requests with the specified
# scheme.
proxy {
# Proxy settings for unencrypted HTTP requests
# Set to 'none' to always connect directly, 'default' to use the system
# settings as described in http://docs.oracle.com/javase/6/docs/technotes/guides/net/proxies.html
# or specify the proxy host, port and non proxy hosts as demonstrated
# in the following example:
# http {
# host = myproxy.com
# port = 8080
# non-proxy-hosts = ["*.direct-access.net"]
# }
http = default
# Proxy settings for HTTPS requests (currently unsupported)
https = default
}
# If this setting is empty the server only accepts requests that carry a
# non-empty `Host` header. Otherwise it responds with `400 Bad Request`.
# Set to a non-empty value to be used in lieu of a missing or empty `Host`
# header to make the server accept such requests.
# Note that the server will never accept HTTP/1.1 request without a `Host`
# header, i.e. this setting only affects HTTP/1.1 requests with an empty
# `Host` header as well as HTTP/1.0 requests.
# Examples: `www.spray.io` or `example.com:8080`
default-host-header = ""
which configuration shall I change and how do I overwrite this configuration on my akka code ?? or what I am suppose to do to send http request to akka via hostname and not just by its IP Address
abd...@wealthtech.in
Apr 18, 2017, 1:39:31 AM4/18/17
to Akka User List
Well I am able to deploy the code to the Server and domain name is pointing correctly to akka Http - so http://DomainName.COM is working fine now ... but same isnt working with https URL i.e https://DomainName.COM ..
I am unable to figure out what am I missing as I have no error reported in my logs.
Arnout Engelen
Apr 18, 2017, 7:32:55 AM4/18/17
to akka...@googlegroups.com
Hello,
What error do you get when trying to access the https URL? Perhaps verbose 'curl' logging might be helpful?
Kind regards,
Arnout
--
>>>>>>>>>> Read the docs: http://akka.io/docs/
>>>>>>>>>> Check the FAQ: http://doc.akka.io/docs/akka/current/additional/faq.html
>>>>>>>>>> Search the archives: https://groups.google.com/group/akka-user
---
You received this message because you are subscribed to the Google Groups "Akka User List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to akka-user+unsubscribe@googlegroups.com.
To post to this group, send email to akka...@googlegroups.com.
Visit this group at https://groups.google.com/group/akka-user.
For more options, visit https://groups.google.com/d/optout.
Arnout Engelen
Abdeali Chandanwala
Apr 18, 2017, 8:40:08 AM4/18/17
to akka...@googlegroups.com
Hi Arnout,
I am not getting error in my logs nor when I do a postmen/chrome request except this:
This site can’t be reached
dev.domainname.in refused to connect.
This site can’t be reached
dev.domainname.in refused to connect.
where-else http protocol works fine with the same deployment
--Arnout Engelen
--
>>>>>>>>>> Read the docs: http://akka.io/docs/
>>>>>>>>>> Check the FAQ: http://doc.akka.io/docs/akka/current/additional/faq.html
>>>>>>>>>> Search the archives: https://groups.google.com/group/akka-user
---
You received this message because you are subscribed to a topic in the Google Groups "Akka User List" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/akka-user/yPfP7c6Zloo/unsubscribe.
To unsubscribe from this group and all its topics, send an email to akka-user+unsubscribe@googlegroups.com.
To post to this group, send email to akka...@googlegroups.com.
Visit this group at https://groups.google.com/group/akka-user.
For more options, visit https://groups.google.com/d/optout.
Johannes Rudolph
Apr 18, 2017, 9:02:41 AM4/18/17
to Akka User List
Hi,
that sounds as if you haven't configured Akka HTTP to open an HTTPS server. It's hard to say though, as you didn't post any code ;) What code did you use to configure Akka HTTP to use HTTPS?
Johannes
Abdeali Chandanwala
Apr 18, 2017, 10:41:04 AM4/18/17
to akka...@googlegroups.com
Hi Johannes,
I have given my code and asked for help on stackoverflow, please check the code you are asking for on this link:
--Arnout Engelen
Arnout Engelen
Apr 18, 2017, 11:12:09 AM4/18/17
to akka...@googlegroups.com
Hello,
If chrome is saying 'refused to connect', that is a TCP error. Can you check whether your JVM is actually listening on the port you're trying to reach (probably 443, check with 'netstat' for example)?
If it's listening, it might be a firewalling/routing issue?
Kind regards,
Arnout
--Arnout Engelen
You received this message because you are subscribed to a topic in the Google Groups "Akka User List" group.--
>>>>>>>>>> Read the docs: http://akka.io/docs/
>>>>>>>>>> Check the FAQ: http://doc.akka.io/docs/akka/current/additional/faq.html
>>>>>>>>>> Search the archives: https://groups.google.com/group/akka-user
---
To unsubscribe from this topic, visit https://groups.google.com/d/topic/akka-user/yPfP7c6Zloo/unsubscribe.
To unsubscribe from this group and all its topics, send an email to akka-user+unsubscribe@googlegroups.com.
To post to this group, send email to akka...@googlegroups.com.
Visit this group at https://groups.google.com/group/akka-user.
For more options, visit https://groups.google.com/d/optout.
--
--
>>>>>>>>>> Read the docs: http://akka.io/docs/
>>>>>>>>>> Check the FAQ: http://doc.akka.io/docs/akka/current/additional/faq.html
>>>>>>>>>> Search the archives: https://groups.google.com/group/akka-user
---
You received this message because you are subscribed to the Google Groups "Akka User List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to akka-user+unsubscribe@googlegroups.com.
To post to this group, send email to akka...@googlegroups.com.
Visit this group at https://groups.google.com/group/akka-user.
For more options, visit https://groups.google.com/d/optout.
Arnout Engelen
Senior Software Engineer
Abdeali Chandanwala
Apr 19, 2017, 4:26:12 AM4/19/17
to akka...@googlegroups.com
Hi
Arnout, Thanx for your point ...you are right and I have opened the HTTPS port 443 on AWS Security Group but I am Sorry to inform that its yet not working.
and for netstat - it has been showing "ESTABLISHED" status on 443 port - I dont know why LISTEN is not shown and is this status correct or no for my situation
Updated Code is:
if (properties.useSSL()) {
HttpsConnectionContext https = useHttps(system);
ConnectHttp connect = ConnectHttp.toHostHttps(properties.urlSSL(), properties.portSSL())
.withCustomHttpsContext(https);
Http.get(system).bindAndHandle(appRoute().flow(system, materializer), connect, materializer);
log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}
****** useHttps Function :
public HttpsConnectionContext useHttps(ActorSystem system) {
HttpsConnectionContext https = null;
try {
final char[] password = properties.keystorePassword().toCharArray();
final KeyStore keyStore = KeyStore.getInstance("PKCS12");
final InputStream keyStoreStream = WDService.class.getClassLoader()
.getResourceAsStream(properties.keystoreFileName());
if (keyStoreStream == null) {
throw new RuntimeException("Keystore required!");
}
keyStore.load(keyStoreStream, password);
final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
keyManagerFactory.init(keyStore, password);
final TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(keyStore);
final SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagerFactory.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());
https = ConnectionContext.https(sslContext);
} catch (NoSuchAlgorithmException | KeyManagementException e) {
log.debug(" while configuring HTTPS." + e.getCause(), e);
} catch (CertificateException | KeyStoreException | UnrecoverableKeyException | IOException e) {
log.debug(e.getCause() + " while ", e);
} catch (Exception e) {
log.debug(e.getCause() + " Exception", e);
}
return https;
}
on Debugging I get SSLConfig and Other few Variable are shown as None - except SSLContent - Is this Normal ?
Arnout Engelen
--
>>>>>>>>>> Read the docs: http://akka.io/docs/
>>>>>>>>>> Check the FAQ: http://doc.akka.io/docs/akka/current/additional/faq.html
>>>>>>>>>> Search the archives: https://groups.google.com/group/akka-user
---
You received this message because you are subscribed to a topic in the Google Groups "Akka User List" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/akka-user/yPfP7c6Zloo/unsubscribe.
To unsubscribe from this group and all its topics, send an email to akka-user+unsubscribe@googlegroups.com.
To post to this group, send email to akka...@googlegroups.com.
Visit this group at https://groups.google.com/group/akka-user.
For more options, visit https://groups.google.com/d/optout.
Abdeali Chandanwala
Apr 25, 2017, 8:46:50 AM4/25/17
to akka...@googlegroups.com
I am still not able to solve the SSL issue on my server - can anyone please guide
Regards
Reply all
Reply to author
Forward
0 new messages