HTTPS Server

Question

HTTPS Server

3goats opened this issue 12 years ago · comments

Carl Bourne commented 12 years ago

Hi,

I tried to start Goliath in SSL mode using the following command:

ruby test.rb -ssl-key key.pem -ssl-cert cert.pem -sv

Which successfully starts the server as follows:-

[1864:INFO] 2012-06-30 17:03:08 :: Starting server on localhost:9000 in development mode. Watch out for stones.

However, the server is only working via its standard HTTP (non HTTPS) service.

Is there anything I'm missing here?

Also, how can I configure the server to run via SSL in the test.rb application instead of via the command line?

Regards,

Carl

Ilya Grigorik · Answer 1 · Thu Jul 05 2012 02:54:37 GMT+0800 (China Standard Time)

You need to provide the certificates as well..

Carl Bourne · Answer 2 · Thu Jul 05 2012 07:16:25 GMT+0800 (China Standard Time)

Do you mean the CA certificate as well? I'm currently providing the private key and the cert that's signed by the CA!

Ilya Grigorik · Answer 3 · Fri Jul 06 2012 03:17:21 GMT+0800 (China Standard Time)

Works just fine here...

$> gem list goliath

*** LOCAL GEMS ***

goliath (1.0.0.beta.1)
goliath-contrib (1.0.0.beta1)

$> ruby examples/echo.rb -sv --ssl

curl -vv --insecure https://localhost:9000
* About to connect() to localhost port 9000 (#0)
*   Trying ::1... Connection refused
*   Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 9000 (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA

*snip*

> GET / HTTP/1.1
> User-Agent: curl/7.21.4 (universal-apple-darwin11.0) libcurl/7.21.4 OpenSSL/0.9.8r zlib/1.2.5
> Host: localhost:9000
> Accept: */*
> 
< HTTP/1.1 400 Bad Request
< Content-Type: application/json; charset=utf-8
< Vary: Accept
< X-PostRank: trace.start: 7.50, total: 7.5
< Content-Length: 35
< Server: Goliath
< Date: Thu, 05 Jul 2012 19:15:39 GMT
< 
* Connection #0 to host localhost left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
{"error":"echo identifier missing"}

Carl Bourne · Answer 4 · Mon Jul 09 2012 17:30:01 GMT+0800 (China Standard Time)

You are right it does work using MRI Ruby. Think the problem is with JRuby!

$ ruby --version
jruby 1.6.7 (ruby-1.8.7-p357) (2012-02-22 3e82bc8) (Java HotSpot(TM) 64-Bit Server VM 1.7.0_04) [darwin-x86_64-java]

$ ruby --1.9 examples/echo.rb -sv --ssl
[8644:INFO] 2012-07-09 10:38:00 :: Starting server on 0.0.0.0:9000 in development mode. Watch out for stones.
[8644:INFO] 2012-07-09 10:38:00 :: Loading Goliath::Plugin::Latency
[8644:INFO] 2012-07-09 10:38:01 :: LATENCY: 2.000093460083008 ms
[8644:INFO] 2012-07-09 10:38:02 :: LATENCY: 0.9999275207519531 ms
[8644:INFO] 2012-07-09 10:38:03 :: LATENCY: 2.000093460083008 ms
[8644:INFO] 2012-07-09 10:38:04 :: LATENCY: 0.9999275207519531 ms
[8644:INFO] 2012-07-09 10:38:05 :: LATENCY: 1.9998550415039062 ms
[8644:INFO] 2012-07-09 10:38:06 :: LATENCY: 0.9999275207519531 ms
[8644:INFO] 2012-07-09 10:38:07 :: LATENCY: 1.9998550415039062 ms
[8644:INFO] 2012-07-09 10:38:08 :: LATENCY: 2.000093460083008 ms
[8644:INFO] 2012-07-09 10:38:09 :: LATENCY: 0.9999275207519531 ms
ArgumentError: wrong number of arguments (4 for 2)
       start_tls at /usr/local/rvm/gems/jruby-1.6.7/gems/eventmachine-1.0.0.rc.4-java/lib/em/connection.rb:415
           start at /Users/CarlBourne/Documents/GitHub/goliath/lib/goliath/server.rb:88
            call at org/jruby/RubyProc.java:258
  event_callback at /usr/local/rvm/gems/jruby-1.6.7/gems/eventmachine-1.0.0.rc.4-java/lib/eventmachine.rb:1464
   eventCallback at /usr/local/rvm/gems/jruby-1.6.7/gems/eventmachine-1.0.0.rc.4-java/lib/jeventmachine.rb:92
     run_machine at /usr/local/rvm/gems/jruby-1.6.7/gems/eventmachine-1.0.0.rc.4-java/lib/jeventmachine.rb:111
             run at /usr/local/rvm/gems/jruby-1.6.7/gems/eventmachine-1.0.0.rc.4-java/lib/eventmachine.rb:187
       synchrony at /usr/local/rvm/gems/jruby-1.6.7/gems/em-synchrony-1.0.2/lib/em-synchrony.rb:28
           start at /Users/CarlBourne/Documents/GitHub/goliath/lib/goliath/server.rb:73
      run_server at /Users/CarlBourne/Documents/GitHub/goliath/lib/goliath/runner.rb:280
             run at /Users/CarlBourne/Documents/GitHub/goliath/lib/goliath/runner.rb:214
            run! at /Users/CarlBourne/Documents/GitHub/goliath/lib/goliath/application.rb:109
         Goliath at /Users/CarlBourne/Documents/GitHub/goliath/lib/goliath/application.rb:127

$ curl -vv --insecure https://localhost:9000
* About to connect() to localhost port 9000 (#0)
*   Trying ::1... connected
* Connected to localhost (::1) port 9000 (#0)
* SSLv3, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to localhost:9000 
* Closing connection #0
curl: (35) Unknown SSL protocol error in connection to localhost:9000 
unknown-68-a8-6d-55-f2-ce:~ CarlBourne$ curl -vv --insecure https://localhost:9000
* About to connect() to localhost port 9000 (#0)
*   Trying ::1... connected
* Connected to localhost (::1) port 9000 (#0)
* SSLv3, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to localhost:9000 
* Closing connection #0
curl: (35) Unknown SSL protocol error in connection to localhost:9000 
unknown-68-a8-6d-55-f2-ce:~ CarlBourne$ curl -vv --insecure https://localhost:9000
* About to connect() to localhost port 9000 (#0)
*   Trying ::1... connected
* Connected to localhost (::1) port 9000 (#0)
* SSLv3, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to localhost:9000 
* Closing connection #0
curl: (35) Unknown SSL protocol error in connection to localhost:9000

Ilya Grigorik · Answer 5 · Tue Jul 10 2012 00:26:17 GMT+0800 (China Standard Time)

Ah, interesting.. Indeed: eventmachine/eventmachine#34

Looks like the Java reactor needs some work...

Carl Bourne · Answer 6 · Tue Jul 10 2012 01:14:11 GMT+0800 (China Standard Time)

Thanks Ilya,

One more question:

if I wanted to code the --ssl, --cert and --key path options into the application rather than specifying them on the command line, what's the best way to do this?

Also, is there example that shows how to start the Goliath server from within the application rather than from the command line.

I've been reading through the docs but it doesn't seem to be obvious how I should to do this.

Regards,

Carl

Ilya Grigorik · Answer 7 · Tue Jul 10 2012 03:06:28 GMT+0800 (China Standard Time)

If you set :ssl_{key,cert,verify} variables in your config, that should do the trick.

ex: https://github.com/postrank-labs/goliath/tree/master/examples/config