[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [jetty-dev] setting up multiple SSL listeners
|
On Fri, Oct 06, 2017 at 09:34:56AM +1100, Greg Wilkins wrote:
> Brian,
>
> looking at the xml can be a little confusing as it is set up in a way to
> facilitate composition of multiple xmls (eg https, http2 alpn all added to
> the same ssl connector).
>
> Have a look instead at
> https://github.com/eclipse/jetty.project/blob/jetty-9.4.x/examples/embedded/src/main/java/org/eclipse/jetty/embedded/ManyConnectors.java
>
> then modify that code to add two ssl connectors, then translate back to xml
I'll review that; thanks.
Why this topic came up for me: we did manage to put together a blob
of XML that stands up two listeners. But, we found some oddities
WRT passing jetty properties along.
To be more specific:
The stock 'ssl' module, and related XML, honors this sort of construct,
abbreviated here:
etc/jetty-ssl.xml:
[xml]
etc/jetty-ssl.xml
etc/jetty-ssl-context.xml
[ini-template]
jetty.sslContext.wantClientAuth=true
etc/jetty-ssl-context.xml:
<Configure id="sslContextFactory"
class="org.eclipse.jetty.util.ssl.SslContextFactory">
<Set name="WantClientAuth"><Property
name="jetty.sslContext.wantClientAuth"
deprecated="jetty.ssl.wantClientAuth" default="false"/></Set>
</Configure>
In our XML, we conjoined the set of connectors, with infix
SslContextFactory elements, as opposed to side-by-side as the stock
module has them. Abbreviated:
<Call name="addConnector">
<Arg>
<New id="sslConnector" class="org.eclipse.jetty.server.ServerConnector">
<Arg name="sslContextFactory">
<Set name="WantClientAuth"><Property
name="jetty.sslContext.wantClientAuth"
deprecated="jetty.ssl.wantClientAuth" default="true"/></Set>
</Arg>
</New>
</Arg>
</Call>
What we found was, this would not honor the
'jetty.sslContext.wantClientAuth' property in the module file, but
would from the start.ini file.
That makes no sense to me. I went back to the drawing board, in
case our composition of our XML was suspect, and hoped there was a
blessed recipe from the Jetty project on this topic.
I could provide that XML file, if you think that would help.
>
> cheers
>
>
>
> On 6 October 2017 at 08:59, Brian Reichert <reichert@xxxxxxxxxxx> wrote:
>
> > I'm using jetty-distribution-9.3.21.v20170918, and want to stand
> > up two SSL listeners.
> >
> > My first shot at this failed, and I wanted to understand if there
> > was an approved way of doing this.
> >
> > My naive experiments:
> >
> > - Create a local copy of "etc/jetty-ssl.xml", and within it, create
> > a duplicate <Call name="addConnector"> block, changing only the
> > port number from 8443 to 443.
> >
> > - Create a copy of the stock jetty-ssl.xml into etc/new-jetty-ssl.xml,
> > and alter the port, and name of property to 'jetty.ssl.port.second'.
> >
> > In both cases, I got this error thrown upon startup, but I'm uncertain
> > how to move on from here.
> >
> > I'd appreciate any feedback..
> >
> > 2017-10-05 21:48:23.096:INFO:oejs.AbstractConnector:main: Started
> > ServerConnector@1e5034eb{SSL,[ssl, http/1.1]}{0.0.0.0:443}
> > java.lang.reflect.InvocationTargetException
> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > at
> > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
> > 62)
> > at
> > sun.reflect.DelegatingMethodAccessorImpl.invoke(
> > DelegatingMethodAccessorImpl.java:43)
> > at java.lang.reflect.Method.invoke(Method.java:498)
> > at org.eclipse.jetty.start.Main.invokeMain(Main.java:215)
> > at org.eclipse.jetty.start.Main.start(Main.java:458)
> > at org.eclipse.jetty.start.Main.main(Main.java:76)
> > Caused by: java.lang.IllegalStateException: No protocol factory for
> > default
> > protocol: null
> > at
> > org.eclipse.jetty.server.AbstractConnector.doStart(
> > AbstractConnector.java:258)
> > at
> > org.eclipse.jetty.server.AbstractNetworkConnector.doStart(
> > AbstractNetworkConnector.java:81)
> > at
> > org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:235)
> > at
> > org.eclipse.jetty.util.component.AbstractLifeCycle.
> > start(AbstractLifeCycle.java:68)
> > at org.eclipse.jetty.server.Server.doStart(Server.java:401)
> > at
> > org.eclipse.jetty.util.component.AbstractLifeCycle.
> > start(AbstractLifeCycle.java:68)
> > at
> > org.eclipse.jetty.xml.XmlConfiguration$1.run(XmlConfiguration.java:1540)
> > at java.security.AccessController.doPrivileged(Native Method)
> > at
> > org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration.java:1462)
> > ... 7 more
> >
> >
> >
> > --
> > Brian Reichert <reichert@xxxxxxxxxxx>
> > BSD admin/developer at large
> > _______________________________________________
> > jetty-dev mailing list
> > jetty-dev@xxxxxxxxxxx
> > To change your delivery options, retrieve your password, or unsubscribe
> > from this list, visit
> > https://dev.eclipse.org/mailman/listinfo/jetty-dev
> >
>
>
>
> --
> Greg Wilkins <gregw@xxxxxxxxxxx> CTO http://webtide.com
> _______________________________________________
> jetty-dev mailing list
> jetty-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from this list, visit
> https://dev.eclipse.org/mailman/listinfo/jetty-dev
--
Brian Reichert <reichert@xxxxxxxxxxx>
BSD admin/developer at large