-
1. Re: Wildfly Swarm HTTPS
ctomc Dec 7, 2015 9:34 AM (in response to usrecnik)You first need to add SecurtyRealm and then add https-listener that uses that security realm.
it is pretty much the same as with standard wildfly, just instead of CLI api you use swarm's fluent api.
see
and
Server (config-api 0.3.18-SNAPSHOT API)
on top of my head something along the lines:
ManagementFraction.createDefaultFraction()
.securityRealm("SSLRealm", (realm) -> {
realm.<add-all-cert-related-data>
})and later on
UndertowFraction.createDefaultFraction()
.server("default-server", (server) -> {
server.httpsListener(new HttpsListener("https")
.securityRealm
("SSLRealm")//must match the realm added above
.socketBinding("https") //must match the socket binding you have for ssl.
}) -
2. Re: Wildfly Swarm HTTPS
usrecnik Dec 7, 2015 11:32 AM (in response to ctomc)I wrote following code according to your guidelines:
Container container = new Container(); // keytool \ // -genkeypair -alias serverkey -keyalg RSA -keysize 2048 -validity 365 \ // -keystore keystore.jks -keypass mypassword -storepass mypassword \ // -dname "CN=Server Administrator,O=My Organization,C=UA" // not using ManagementFraction.createDefaultFraction() because it would create a management service container.fraction(new ManagementFraction() .securityRealm("SSLRealm", (realm) -> new SslServerIdentity<>() .keystoreRelativeTo("/srv/workspace/jks/") .keystorePath("keystore.jks") .keystorePassword("mypassword") .alias("serverkey") .keyPassword("mypassword") )); // not using UndertowFraction.createDefaultFraction() because it would complain about duplicate "default-server" container.fraction(new UndertowFraction() .server(new Server("default-server") .httpsListener(new HttpsListener("default") .securityRealm("SSLRealm") .socketBinding("https")) .host(new Host("default-host"))) .bufferCache(new BufferCache("default")) .servletContainer(new ServletContainer("default") .websocketsSetting(new WebsocketsSetting()) .jspSetting(new JSPSetting())) .handlerConfiguration(new HandlerConfiguration())); container.start();
Using this code Wildfly starts without any warnings, but throws NPE when request is made to 8443:
2015-12-07 17:14:55,879 INFO [org.wildfly.extension.undertow] (MSC service thread 1-8) WFLYUT0006: Undertow HTTPS listener default listening on [0:0:0:0:0:0:0:0]:8443 2015-12-07 17:14:55,978 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: WildFly Core 2.0.0.CR8 "Kenny" started in 1806ms - Started 79 of 91 services (21 services are lazy, passive or on-demand) 2015-12-07 17:15:26,667 ERROR [org.xnio.listener] (default I/O-1) XNIO001007: A channel event listener threw an exception: java.lang.NullPointerException at io.undertow.protocols.ssl.UndertowAcceptingSslChannel.accept(UndertowAcceptingSslChannel.java:139) at io.undertow.protocols.ssl.UndertowAcceptingSslChannel.accept(UndertowAcceptingSslChannel.java:56) at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:289) at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:286) at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) at org.xnio.ChannelListeners$DelegatingChannelListener.handleEvent(ChannelListeners.java:1092) at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) at org.xnio.nio.NioTcpServerHandle.handleReady(NioTcpServerHandle.java:53) at org.xnio.nio.WorkerThread.run(WorkerThread.java:539)
Did I misconfigure it?
-
3. Re: Wildfly Swarm HTTPS
ctomc Dec 8, 2015 9:15 AM (in response to usrecnik)I would guess there is problem with your network configuration something in combination of ipv6 and host resolving.
is it any better if you start swarm with -Djava.net.preferIPv4Stack=true system property (can be also added via configuration)
so it wont be trying to bind to IPV6 address but rather use ipv4
-
4. Re: Wildfly Swarm HTTPS
usrecnik Dec 8, 2015 10:02 AM (in response to usrecnik)It honours -Djava.net.preferIPv4Stack=true, but the same NPE still occurs when the request is made.
2015-12-08 15:57:09,971 INFO [org.wildfly.extension.undertow] (MSC service thread 1-5) WFLYUT0006: Undertow HTTPS listener default listening on 0.0.0.0:8443
-
5. Re: Wildfly Swarm HTTPS
ctomc Dec 8, 2015 10:53 AM (in response to usrecnik)Well that looks strange, this is the line of code in question:
SSLEngine engine = this.ssl.getSslContext().createSSLEngine(getHostNameNoResolve(peerAddress), peerAddress.getPort());
so problem can either be problem with resolving peerAddres or failing to properly construct SSL context.
ssl context is constructed in security realm.
I would look into certificate, maybe SSL with WildFly 8 and Undertow can help with that.
-
6. Re: Wildfly Swarm HTTPS
usrecnik Dec 8, 2015 11:22 AM (in response to usrecnik)Thanks, I managed to resolve this problem .. I misused ManagementFraction previously. Here's my working example (for future reference):
container.fraction(new ManagementFraction()
.securityRealm(new SecurityRealm("SSLRealm")
.sslServerIdentity(new SslServerIdentity<>()
.keystorePath("/srv/workspace/jks/keystore2.jks")
.keystorePassword("secret")
.alias("serverkey")
.keyPassword("secret")
)
));
container.fraction(new UndertowFraction()
.server(new Server("default-server")
.httpsListener(new HttpsListener("default")
.securityRealm("SSLRealm")
.socketBinding("https"))
.host(new Host("default-host")))
.bufferCache(new BufferCache("default"))
.servletContainer(new ServletContainer("default")
.websocketsSetting(new WebsocketsSetting())
.jspSetting(new JSPSetting()))
.handlerConfiguration(new HandlerConfiguration()));