[jetty-dev] setting up multiple SSL listeners

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[jetty-dev] setting up multiple SSL listeners

Brian Reichert
I'm using jetty-distribution-9.3.21.v20170918, and want to stand
up two SSL listeners.

My first shot at this failed, and I wanted to understand if there
was an approved way of doing this.

My naive experiments:

- Create a local copy of "etc/jetty-ssl.xml", and within it, create
  a duplicate  <Call  name="addConnector"> block, changing only the
  port number from 8443 to 443.

- Create a copy of the stock jetty-ssl.xml into etc/new-jetty-ssl.xml,
  and alter the port, and name of property to 'jetty.ssl.port.second'.

In both cases, I got this error thrown upon startup, but I'm uncertain
how to move on from here.

I'd appreciate any feedback..

2017-10-05 21:48:23.096:INFO:oejs.AbstractConnector:main: Started
ServerConnector@1e5034eb{SSL,[ssl, http/1.1]}{0.0.0.0:443}
java.lang.reflect.InvocationTargetException
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.eclipse.jetty.start.Main.invokeMain(Main.java:215)
        at org.eclipse.jetty.start.Main.start(Main.java:458)
        at org.eclipse.jetty.start.Main.main(Main.java:76)
Caused by: java.lang.IllegalStateException: No protocol factory for default
protocol: null
        at
org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:258)
        at
org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81)
        at
org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:235)
        at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
        at org.eclipse.jetty.server.Server.doStart(Server.java:401)
        at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
        at
org.eclipse.jetty.xml.XmlConfiguration$1.run(XmlConfiguration.java:1540)
        at java.security.AccessController.doPrivileged(Native Method)
        at
org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration.java:1462)
        ... 7 more



--
Brian Reichert <[hidden email]>
BSD admin/developer at large
_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-dev
Reply | Threaded
Open this post in threaded view
|

Re: [jetty-dev] setting up multiple SSL listeners

Greg Wilkins
Brian,

looking at the xml can be a little confusing as it is set up in a way to facilitate composition of multiple xmls (eg https, http2 alpn all added to the same ssl connector).


then modify that code to add two ssl connectors, then translate back to xml

cheers



On 6 October 2017 at 08:59, Brian Reichert <[hidden email]> wrote:
I'm using jetty-distribution-9.3.21.v20170918, and want to stand
up two SSL listeners.

My first shot at this failed, and I wanted to understand if there
was an approved way of doing this.

My naive experiments:

- Create a local copy of "etc/jetty-ssl.xml", and within it, create
  a duplicate  <Call  name="addConnector"> block, changing only the
  port number from 8443 to 443.

- Create a copy of the stock jetty-ssl.xml into etc/new-jetty-ssl.xml,
  and alter the port, and name of property to 'jetty.ssl.port.second'.

In both cases, I got this error thrown upon startup, but I'm uncertain
how to move on from here.

I'd appreciate any feedback..

2017-10-05 21:48:23.096:INFO:oejs.AbstractConnector:main: Started
ServerConnector@1e5034eb{SSL,[ssl, http/1.1]}{0.0.0.0:443}
java.lang.reflect.InvocationTargetException
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.eclipse.jetty.start.Main.invokeMain(Main.java:215)
        at org.eclipse.jetty.start.Main.start(Main.java:458)
        at org.eclipse.jetty.start.Main.main(Main.java:76)
Caused by: java.lang.IllegalStateException: No protocol factory for default
protocol: null
        at
org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:258)
        at
org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81)
        at
org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:235)
        at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
        at org.eclipse.jetty.server.Server.doStart(Server.java:401)
        at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
        at
org.eclipse.jetty.xml.XmlConfiguration$1.run(XmlConfiguration.java:1540)
        at java.security.AccessController.doPrivileged(Native Method)
        at
org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration.java:1462)
        ... 7 more



--
Brian Reichert                          <[hidden email]>
BSD admin/developer at large
_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-dev



--

_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-dev
Reply | Threaded
Open this post in threaded view
|

Re: [jetty-dev] setting up multiple SSL listeners

Brian Reichert
On Fri, Oct 06, 2017 at 09:34:56AM +1100, Greg Wilkins wrote:

> Brian,
>
> looking at the xml can be a little confusing as it is set up in a way to
> facilitate composition of multiple xmls (eg https, http2 alpn all added to
> the same ssl connector).
>
> Have a look instead at
> https://github.com/eclipse/jetty.project/blob/jetty-9.4.x/examples/embedded/src/main/java/org/eclipse/jetty/embedded/ManyConnectors.java
>
> then modify that code to add two ssl connectors, then translate back to xml

I'll review that; thanks.

Why this topic came up for me: we did manage to put together a blob
of XML that stands up two listeners.  But, we found some oddities
WRT passing jetty properties along.

To be more specific:

The stock 'ssl' module, and related XML, honors this sort of construct,
abbreviated here:

  etc/jetty-ssl.xml:
 
    [xml]
    etc/jetty-ssl.xml
    etc/jetty-ssl-context.xml
 
    [ini-template]
    jetty.sslContext.wantClientAuth=true
 
  etc/jetty-ssl-context.xml:

    <Configure id="sslContextFactory"
    class="org.eclipse.jetty.util.ssl.SslContextFactory">
      <Set name="WantClientAuth"><Property
      name="jetty.sslContext.wantClientAuth"
      deprecated="jetty.ssl.wantClientAuth" default="false"/></Set>
    </Configure>

In our XML, we conjoined the set of connectors, with infix
SslContextFactory elements, as opposed to side-by-side as the stock
module has them.  Abbreviated:

  <Call  name="addConnector">
    <Arg>
      <New id="sslConnector" class="org.eclipse.jetty.server.ServerConnector">
        <Arg name="sslContextFactory">
          <Set name="WantClientAuth"><Property
          name="jetty.sslContext.wantClientAuth"
          deprecated="jetty.ssl.wantClientAuth" default="true"/></Set>
         </Arg>
      </New>
    </Arg>
  </Call>


What we found was, this would not honor the
'jetty.sslContext.wantClientAuth' property in the module file, but
would from the start.ini file.

That makes no sense to me.  I went back to the drawing board, in
case our composition of our XML was suspect, and hoped there was a
blessed recipe from the Jetty project on this topic.

I could provide that XML file, if you think that would help.

>
> cheers
>
>
>
> On 6 October 2017 at 08:59, Brian Reichert <[hidden email]> wrote:
>
> > I'm using jetty-distribution-9.3.21.v20170918, and want to stand
> > up two SSL listeners.
> >
> > My first shot at this failed, and I wanted to understand if there
> > was an approved way of doing this.
> >
> > My naive experiments:
> >
> > - Create a local copy of "etc/jetty-ssl.xml", and within it, create
> >   a duplicate  <Call  name="addConnector"> block, changing only the
> >   port number from 8443 to 443.
> >
> > - Create a copy of the stock jetty-ssl.xml into etc/new-jetty-ssl.xml,
> >   and alter the port, and name of property to 'jetty.ssl.port.second'.
> >
> > In both cases, I got this error thrown upon startup, but I'm uncertain
> > how to move on from here.
> >
> > I'd appreciate any feedback..
> >
> > 2017-10-05 21:48:23.096:INFO:oejs.AbstractConnector:main: Started
> > ServerConnector@1e5034eb{SSL,[ssl, http/1.1]}{0.0.0.0:443}
> > java.lang.reflect.InvocationTargetException
> >         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >         at
> > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
> > 62)
> >         at
> > sun.reflect.DelegatingMethodAccessorImpl.invoke(
> > DelegatingMethodAccessorImpl.java:43)
> >         at java.lang.reflect.Method.invoke(Method.java:498)
> >         at org.eclipse.jetty.start.Main.invokeMain(Main.java:215)
> >         at org.eclipse.jetty.start.Main.start(Main.java:458)
> >         at org.eclipse.jetty.start.Main.main(Main.java:76)
> > Caused by: java.lang.IllegalStateException: No protocol factory for
> > default
> > protocol: null
> >         at
> > org.eclipse.jetty.server.AbstractConnector.doStart(
> > AbstractConnector.java:258)
> >         at
> > org.eclipse.jetty.server.AbstractNetworkConnector.doStart(
> > AbstractNetworkConnector.java:81)
> >         at
> > org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:235)
> >         at
> > org.eclipse.jetty.util.component.AbstractLifeCycle.
> > start(AbstractLifeCycle.java:68)
> >         at org.eclipse.jetty.server.Server.doStart(Server.java:401)
> >         at
> > org.eclipse.jetty.util.component.AbstractLifeCycle.
> > start(AbstractLifeCycle.java:68)
> >         at
> > org.eclipse.jetty.xml.XmlConfiguration$1.run(XmlConfiguration.java:1540)
> >         at java.security.AccessController.doPrivileged(Native Method)
> >         at
> > org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration.java:1462)
> >         ... 7 more
> >
> >
> >
> > --
> > Brian Reichert                          <[hidden email]>
> > BSD admin/developer at large
> > _______________________________________________
> > jetty-dev mailing list
> > [hidden email]
> > To change your delivery options, retrieve your password, or unsubscribe
> > from this list, visit
> > https://dev.eclipse.org/mailman/listinfo/jetty-dev
> >
>
>
>
> --
> Greg Wilkins <[hidden email]> CTO http://webtide.com

> _______________________________________________
> jetty-dev mailing list
> [hidden email]
> To change your delivery options, retrieve your password, or unsubscribe from this list, visit
> https://dev.eclipse.org/mailman/listinfo/jetty-dev


--
Brian Reichert <[hidden email]>
BSD admin/developer at large
_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-dev