Re: [jetty-users] Jetty ssl port not open for secure websockets

[Joakim Erdfelt <joakim@xxxxxxxxxxx>]

Stick with stackoverflow, its more durable and its results show up on google results in a much better position than the jetty-users mailing list.

Your question over there was answered btw.

--

Joakim Erdfelt <joakim@xxxxxxxxxxx>

webtide.com - intalio.com/jetty

Expert advice, services and support from from the Jetty & CometD experts

eclipse.org/jetty - cometd.org

On Thu, Apr 23, 2015 at 9:31 AM, Josh Davis <jdavis@xxxxxxxxxxxxxx> wrote:

I'm writing a server app that uses secure websockets using embedded Jetty 9.3.0.M2. When I run it without secure sockets, everything is copacetic, but when I enable the secure sockets, my clients get connection refused and nmap shows that the port is closed. There are no errors in the log on the server side.

I believe that my .jks, .crt, .pem, and .key files and my keystore password are all correct, because other apps on this same server are using the same ones and are working.

Here is the code that launches the Jetty server. Everything works when it uses the regular socket.

------------------------------------------------------------
if (keyStorePath != null) {
    // use secure sockets
    server = new Server();
    HttpConfiguration https = new HttpConfiguration();
    https.addCustomizer(new SecureRequestCustomizer());

    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setKeyStorePath(keyStorePath);
    sslContextFactory.setKeyStorePassword(keyStorePassword);
    sslContextFactory.setKeyManagerPassword(keyStorePassword);
    ServerConnector sslConnector = new ServerConnector(server,
            new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
            new HttpConnectionFactory(https));
    sslConnector.setHost(serverName);
    sslConnector.setPort(port);
    server.setConnectors(new Connector[] { sslConnector });
} else {
    // use regular sockets
    server = new Server(port);
}

server.setStopAtShutdown(true);
server.setDumpAfterStart(false);
server.setDumpBeforeStop(false);
ServletContextHandler servletContextHandler =
        new ServletContextHandler(ServletContextHandler.SESSIONS);
servletContextHandler.setContextPath(contextPath);
server.setHandler(servletContextHandler);
ServerContainer container =
        WebSocketServerContainerInitializer.configureContext(servletContextHandler);
container.addEndpoint(MyWebsocketEndpoint.class);
server.start();
logger.info("Started server: " + server);
if (server.getConnectors().length > 0) {
    logger.info("Connector = " + server.getConnectors()[0] +
            " isRunning=" + server.getConnectors()[0].isRunning());
}
------------------------------------------------------------
When keyStorePath is not null (meaning use secure sockets), the log looks like this:

------------------------------------------------------------
2015-04-23 16:07:37.634:INFO::main: Logging initialized @114ms
2015-04-23 16:07:37.863:INFO:oejs.Server:main: jetty-9.3.0.M2
2015-04-23 16:07:38.408:INFO:oejsh.ContextHandler:main: Started o.e.j.s.ServletContextHandler@3abd7ff4{/websockets,null,AVAILABLE}
2015-04-23 16:07:38.489:INFO:oejs.ServerConnector:main: Started ServerConnector@2e4996ea{SSL,[ssl, http/1.1]}{my.server.com:8085}
2015-04-23 16:07:38.490:INFO:oejs.Server:main: Started @973ms
Apr 23, 2015 4:07:38 PM com.crowdoptic.conference.jetty.JettyWebSocketServer start
INFO: Started server: org.eclipse.jetty.server.Server@7205c140
Apr 23, 2015 4:07:38 PM com.crowdoptic.conference.jetty.JettyWebSocketServer start
INFO: Connector = ServerConnector@2e4996ea{SSL,[ssl, http/1.1]}{my.server.com:8085} isRunning=true
------------------------------------------------------------
nmap on port 8085 shows

------------------------------------------------------------
PORT     STATE  SERVICE
8085/tcp closed unknown
------------------------------------------------------------
The error in my _javascript_ console is "Error in connection establishment: net::ERR_CONNECTION_REFUSED"

When keyStorePath is null (meaning use sockets), the log looks like this:

------------------------------------------------------------
2015-04-23 16:15:19.624:INFO::main: Logging initialized @115ms
2015-04-23 16:15:19.847:INFO:oejs.Server:main: jetty-9.3.0.M2
2015-04-23 16:15:20.431:INFO:oejsh.ContextHandler:main: Started o.e.j.s.ServletContextHandler@403108f6{/websockets,null,AVAILABLE}
2015-04-23 16:15:20.446:INFO:oejs.ServerConnector:main: Started ServerConnector@4efce9a2{HTTP/1.1,[http/1.1]}{0.0.0.0:8085}
2015-04-23 16:15:20.450:INFO:oejs.Server:main: Started @941ms
Apr 23, 2015 4:15:20 PM com.crowdoptic.conference.jetty.JettyWebSocketServer start
INFO: Started server: org.eclipse.jetty.server.Server@57a20888
Apr 23, 2015 4:15:20 PM com.crowdoptic.conference.jetty.JettyWebSocketServer start
INFO: Connector = ServerConnector@4efce9a2{HTTP/1.1,[http/1.1]}{0.0.0.0:8085} isRunning=true
------------------------------------------------------------
nmap on port 8085 shows

PORT     STATE  SERVICE
8085/tcp open   unknown
------------------------------------------------------------
And the app works great from the browser. I'm stumped. I have tried many permutations of the code to set up the SSL, but to no avail. Thank you for looking at this.

--
Josh Davis
Senior Software Engineer
919-271-9384
CrowdOptic

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users