Thanks Rohit indeed. I'm not going to be able to try it out immediately, but I believe it should work fine for us as well.
Scott
From: kura-dev-bounces@xxxxxxxxxxx [kura-dev-bounces@xxxxxxxxxxx] on behalf of Woodard, David [david.woodard@xxxxxxxxxxxx]
Sent: Tuesday, November 08, 2016 1:41 PM
To: Kura Developers mailing list
Subject: Re: [kura-dev] Kura Admin UI with https?
Thanks Rohit! I have tried the below settings and it works for me.
Scott - Let us know if you have any further issues.
Thanks,
--Dave
|
This sender failed our fraud detection checks and may not be who they appear to be. Learn about spoofing |
Feedback |
Hi all,
I gave this a shot a few months back and got it work by adding a few parameters to /opt/eclipse/kura/kura/config.ini file.
Here’re the steps I followed:
1. Created
a self-signed certificate
keytool -genkey -alias localhost -keyalg RSA -keystore keystore.jks -keysize 2048
Existing
certificates can be importing using:
keytool -importcert -file certificate.cer -keystore keystore.jks -alias "Alias"
2. Add
these arguments to the config_debug.ini file:
org.eclipse.equinox.http.jetty.https.enabled=true
org.eclipse.equinox.http.jetty.http.enabled=false
org.eclipse.equinox.http.jetty.https.port=8443
org.eclipse.equinox.http.jetty.https.host=0.0.0.0
org.eclipse.equinox.http.jetty.ssl.keystore=keystore.jks
org.eclipse.equinox.http.jetty.ssl.password=<password>
These arguments can be added to the launch config in the emulator, the config.ini file on the device or the startup scripts in /opt/eclipse/kura/bin folder on the device.
There are other arguments for further configuration like protocol, algorithm, ClientAuth, etc. and ways to obfuscate passwords for more security.
3. Make
port accessible:
sudo iptables -I INPUT 1 -p tcp --dport 8443 -j ACCEPT
Hope this helps.
Regards,
Rohit Dubey
Software Engineer – Eurotech North
America
direct: +1 301.490.4007 x 193
email: rohit.dubey@xxxxxxxxxxxx
EUROTECH
Imagine. Build. Succeed.
USA – 10260 Old Columbia Road | Columbia Maryland 21046-2375 | Tel. +1 301.490.4007 | www.eurotech.com
Kura 2.1 will come with the same Jetty version. An upgrade to Jetty is planned for the Kura 2.2 release.
I think the quickest solution is to add a frontend like "nginx" before Kura to provide HTTPS support.
Cheers
Jens
Hi David, Jens and all,
I've tried adding system properties David points to in https://www.eclipse.org/forums/index.php/t/24782/ to
configure https, but it only seems to come up on 8080 (as specified by -Dorg.osgi.service.http.port=8080). I tried various combinations of the property values given below (8444 is intended rather than 8443), and the Kura emulator never seems to open the 8444
port for listening, rather it alway only opens 8080 no matter what combination of properties from below that I specify. Are there others that I'm possibly missing?
I looked for some jetty config file for jetty 8 (as per the link from David), but I couldn't find any such config files...at least for the emulator. I looked and could not find them in the distribution we are using either.
One thing to ask at this point: I assume that Kura 2.1 will be using Jetty 9, is that right? If so, do you think the use of jetty 9 will make the use of https for the Kura Admin UI easier to config?
Thanksinadvance,
Scott
-Dorg.eclipse.equinox.http.jetty.https.port=8444
-Dorg.eclipse.equinox.http.jetty.ssl.keystore=<keystore>
-Dorg.eclipse.equinox.http.jetty.ssl.password=<password>
-Dorg.eclipse.equinox.http.jetty.ssl.enabled=true
-Dorg.eclipse.equinox.http.jetty.ssl.keypassword=<password>
-Dorg.osgi.service.http.port.secure=8444
-Dorg.osgi.service.http.secure.enabled=true
-Djavax.net.ssl.keyStore=<keystore>
-Djavax.net.ssl.keyStorePassword=<password>
-Djavax.net.ssl.trustStore=<keystore>
-Djavax.net.ssl.trustStorePassword=<password>
It may be even simpler with Karaf [1]. ;-)
When looking into documentation please remember that focuses on Jetty 9.x where as Kura has 8.x.
Cheers
Jens
Hi Scott,
Kura uses Jetty to serve the admin UI, so instructions wouldn’t be specific to Kura. Here is an Eclipse question that gives pointers to what you need: https://www.eclipse.org/forums/index.php/t/24782/.
Let me know if this works for you, this could be a very useful contribution to the Kura project!
Hi Folks,
Are there instructions for configuring the Kura Admin UI to use https? Is it just a matter of configuring the Jetty HttpService impl, or is there more to it than that?
Scott
_______________________________________________
kura-dev mailing list
kura-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/kura-dev
--
Jens Reimann
Senior Software Engineer / EMEA ENG Middleware
Werner-von-Siemens-Ring 14
85630 Grasbrunn
Germany
phone: +49 89 2050 71286
_____________________________________________________________________________
Red Hat GmbH, www.de.redhat.com,
Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill
--
Jens Reimann
Senior Software Engineer / EMEA ENG Middleware
Werner-von-Siemens-Ring 14
85630 Grasbrunn
Germany
phone: +49 89 2050 71286
_____________________________________________________________________________
Red Hat GmbH, www.de.redhat.com,
Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill
_______________________________________________
kura-dev
mailing list
kura-dev@xxxxxxxxxxx
To
change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/kura-dev
|