How to configure ssl for local jetty
455 views
Skip to first unread message
Ajnadkar Kshitij
Mar 14, 2017, 3:57:42 PM3/14/17
to Lift
Hello,
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<Arg>
<New class="org.eclipse.jetty.http.ssl.SslContextFactory">
<Set name="keyStore">localhost.jks</Set>
<Set name="keyStorePassword">password</Set>
<Set name="keyManagerPassword">password</Set>
<Set name="trustStore">localhost.jks</Set>
<Set name="trustStorePassword">password</Set>
</New>
</Arg>
<Set name="port">8443</Set>
<Set name="maxIdleTime">30000</Set>
</New>
</Arg>
I need to implement local ssl for my project so that an OAuth redirect (which only redirects to https) can accepted. I am using xsbt-web-plugin.
My sbt config looks like this
customConfiguration in container.Configuration := true
ssl in container.Configuration := Some("127.0.0.1", 8443, "localhost.jks", "password", "password")
configurationFiles in container.Configuration := Seq(file("path\\to\\jetty.xml"))
I created a jetty xml as advised here.
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<Arg>
<New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<Arg>
<New class="org.eclipse.jetty.http.ssl.SslContextFactory">
<Set name="keyStore">localhost.jks</Set>
<Set name="keyStorePassword">password</Set>
<Set name="keyManagerPassword">password</Set>
<Set name="trustStore">localhost.jks</Set>
<Set name="trustStorePassword">password</Set>
</New>
</Arg>
<Set name="port">8443</Set>
<Set name="maxIdleTime">30000</Set>
</New>
</Arg>
</Call>
</Configure>
This is a little odd though; because this way I am configuring ssl in my sbt file and also jetty.xml which seems redundant.
Anyway, when I do a container:start, it starts the server but always returns a 404 for every request.
If I comment out the three lines in the sbt file, the app seems to work fine.
I saw these two posts regarding configuring ssl locally, but they did not help with this problem.
Any help is highly appreciated. Thanks.
Diego Medina
Mar 15, 2017, 12:36:27 AM3/15/17
to Lift
are there any errors on the sbt console when you run container:start and/or when you get a 404 ?
the wiki wasn't loading at first but now that I see it, that page is about jetty 7, you most likely have a much recent jetty, which has diff class names /xml attributees
see
if all fails:
I would also force errors to make sure the correct jetty.xml file is being read, ike, specify an invalid path to sbt, then use a diff port in the xml, use wrong passwords (one at the time) and see if you get any errors reported on the terminal as you restart your app.
Thanks
Diego
--
--
Lift, the simply functional web framework: http://liftweb.net
Code: http://github.com/lift
Discussion: http://groups.google.com/group/liftweb
Stuck? Help us help you: https://www.assembla.com/wiki/show/liftweb/Posting_example_code
---
You received this message because you are subscribed to the Google Groups "Lift" group.
To unsubscribe from this group and stop receiving emails from it, send an email to liftweb+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Ajnadkar Kshitij
Mar 15, 2017, 12:44:17 PM3/15/17
to Lift
I do apologize. I forgot to post the console error. This shows up on console when I try to load the page that shows the 404:
2017-03-15 10:50:32.462:WARN:oeji.nio:javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
I also found out that line ssl in container.Configuration := Some("127.0.0.1", 8443, "localasfdsahost.jks", "afasfd", "asfdsaf") is not used. I can have any random thing in the fields and nothing changes. So I commented it and even then nothing changed. If I comment out the jetty.xml line, then the server starts but it give me a ERR_CONNECTION_REFUSED for both ports 8080 and 8443. If I give a wrong path for jetty.xml, it does throw a java.io.FileNotFoundException.
Based on that I think for my setup the line ssl in container.Configuration := Some("127.0.0.1", 8443, "localasfdsahost.jks", "afasfd", "asfdsaf") is completely ignored.
We are using jetty 8.1.7 which I read yesterday is EOL. My jetty.xml is just as suggested here for which I think is good for 8.1.
Thanks.
To unsubscribe from this group and stop receiving emails from it, send an email to liftweb+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Diego Medina
Mar 15, 2017, 12:50:35 PM3/15/17
to Lift
as jetty changes lots of config settings from version to version, I would recommend:
1. use the latest xsbt-web-plugin
2. use latest jetty 9.x
4. Now, the link to the jetty project is dead on step 3, so use this
Hope that helps.
To unsubscribe from this group and stop receiving emails from it, send an email to liftweb+unsubscribe@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages