6 Replies Latest reply on Dec 8, 2015 11:22 AM by Urh Srečnik

    Wildfly Swarm HTTPS

    Urh Srečnik Newbie

      Hi.

       

      I'm trying to configure https on port 8443 in main() method of my swarm project. As far as I understand, I should configure Undertow fraction on container, most likely something like this:

       

      Container container = new Container();

      container.start();

      container.fraction(UndertowFraction.createDefaultFraction())

       

      except that I should provide my own UndertowFraction instance instead of default? Can you provide an example? Or maybe at least some higher-level overview of the API?

       

      I found some documentation here:

      https://wildfly-swarm.gitbooks.io/wildfly-swarm-users-guide/

       

      p.s. I understand that the project is still in alpha and that this question may be posted a bit too soon .

        • 1. Re: Wildfly Swarm HTTPS
          Tomaz Cerar Master

          You first need to add SecurtyRealm and then add https-listener that uses that security realm.

           

          it is pretty much the same as with standard wildfly, just instead of CLI api you use swarm's fluent api.

           

          see

          http://wildfly-swarm.github.io/wildfly-config-api/0.3.18-SNAPSHOT/apidocs/org/wildfly/swarm/config/management/SecurityRealm.html

          and

          Server (config-api 0.3.18-SNAPSHOT API)

           

          on top of my head something along the lines:

           

           

          ManagementFraction.createDefaultFraction()
            .securityRealm("SSLRealm", (realm) -> {
            realm.<add-all-cert-related-data>
            })

           

          and later on

           

          UndertowFraction.createDefaultFraction()
            .server("default-server", (server) -> {
            server.httpsListener(new HttpsListener("https")
             .securityRealm("SSLRealm")//must match the realm added above
             .socketBinding("https") //must match the socket binding you have for ssl.
          })



          • 2. Re: Wildfly Swarm HTTPS
            Urh Srečnik Newbie

            I wrote following code according to your guidelines:

            Container container = new Container();
            
            // keytool \
            // -genkeypair -alias serverkey -keyalg RSA -keysize 2048 -validity 365 \
            // -keystore keystore.jks -keypass mypassword -storepass mypassword \
            // -dname "CN=Server Administrator,O=My Organization,C=UA"
            
            // not using ManagementFraction.createDefaultFraction() because it would create a management service
            container.fraction(new ManagementFraction()
                .securityRealm("SSLRealm", (realm) ->        new SslServerIdentity<>()
                        .keystoreRelativeTo("/srv/workspace/jks/")
                        .keystorePath("keystore.jks")
                        .keystorePassword("mypassword")
                        .alias("serverkey")
                        .keyPassword("mypassword")
                ));
            
            // not using UndertowFraction.createDefaultFraction() because it would complain about duplicate "default-server"
            container.fraction(new UndertowFraction()
                .server(new Server("default-server")
                    .httpsListener(new HttpsListener("default")
                        .securityRealm("SSLRealm")
                        .socketBinding("https"))
                    .host(new Host("default-host")))
                .bufferCache(new BufferCache("default"))
                .servletContainer(new ServletContainer("default")
                    .websocketsSetting(new WebsocketsSetting())
                    .jspSetting(new JSPSetting()))
                .handlerConfiguration(new HandlerConfiguration()));
            
            container.start();
            

                Using this code Wildfly starts without any warnings, but throws NPE when request is made to 8443:

            2015-12-07 17:14:55,879 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-8) WFLYUT0006: Undertow HTTPS listener default listening on [0:0:0:0:0:0:0:0]:8443
            2015-12-07 17:14:55,978 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: WildFly Core 2.0.0.CR8 "Kenny" started in 1806ms - Started 79 of 91 services (21 services are lazy, passive or on-demand)
            2015-12-07 17:15:26,667 ERROR [org.xnio.listener] (default I/O-1) XNIO001007: A channel event listener threw an exception: java.lang.NullPointerException
                at io.undertow.protocols.ssl.UndertowAcceptingSslChannel.accept(UndertowAcceptingSslChannel.java:139)
                at io.undertow.protocols.ssl.UndertowAcceptingSslChannel.accept(UndertowAcceptingSslChannel.java:56)
                at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:289)
                at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:286)
                at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
                at org.xnio.ChannelListeners$DelegatingChannelListener.handleEvent(ChannelListeners.java:1092)
                at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
                at org.xnio.nio.NioTcpServerHandle.handleReady(NioTcpServerHandle.java:53)
                at org.xnio.nio.WorkerThread.run(WorkerThread.java:539)
            

            Did I misconfigure it?

            • 3. Re: Wildfly Swarm HTTPS
              Tomaz Cerar Master

              I would guess there is problem with your network configuration something in combination of ipv6 and host resolving.

               

              is it any better if you start swarm with -Djava.net.preferIPv4Stack=true system property (can be also added via configuration)

              so it wont be trying to bind to IPV6 address but rather use ipv4

               

              • 4. Re: Wildfly Swarm HTTPS
                Urh Srečnik Newbie

                It honours -Djava.net.preferIPv4Stack=true, but the same NPE still occurs when the request is made.

                 

                2015-12-08 15:57:09,971 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-5) WFLYUT0006: Undertow HTTPS listener default listening on 0.0.0.0:8443

                • 5. Re: Wildfly Swarm HTTPS
                  Tomaz Cerar Master

                  Well that looks strange, this is the line of code in question:

                   

                  SSLEngine engine = this.ssl.getSslContext().createSSLEngine(getHostNameNoResolve(peerAddress), peerAddress.getPort());

                   

                  so problem can either be problem with resolving peerAddres or failing to properly construct SSL context.

                  ssl context is constructed in security realm.

                   

                  I would look into certificate, maybe SSL with WildFly 8 and Undertow can help with that.

                  • 6. Re: Wildfly Swarm HTTPS
                    Urh Srečnik Newbie

                    Thanks, I managed to resolve this problem .. I misused ManagementFraction previously. Here's my working example (for future reference):

                     

                    container.fraction(new ManagementFraction()

                      .securityRealm(new SecurityRealm("SSLRealm")

                      .sslServerIdentity(new SslServerIdentity<>()

                      .keystorePath("/srv/workspace/jks/keystore2.jks")

                      .keystorePassword("secret")

                      .alias("serverkey")

                      .keyPassword("secret")

                      )

                      ));

                     

                    container.fraction(new UndertowFraction()

                      .server(new Server("default-server")

                      .httpsListener(new HttpsListener("default")

                      .securityRealm("SSLRealm")

                      .socketBinding("https"))

                      .host(new Host("default-host")))

                      .bufferCache(new BufferCache("default"))

                      .servletContainer(new ServletContainer("default")

                      .websocketsSetting(new WebsocketsSetting())

                      .jspSetting(new JSPSetting()))

                      .handlerConfiguration(new HandlerConfiguration()));