HTTPS Server
3goats opened this issue · comments
Hi,
I tried to start Goliath in SSL mode using the following command:
ruby test.rb -ssl-key key.pem -ssl-cert cert.pem -sv
Which successfully starts the server as follows:-
[1864:INFO] 2012-06-30 17:03:08 :: Starting server on localhost:9000 in development mode. Watch out for stones.
However, the server is only working via its standard HTTP (non HTTPS) service.
Is there anything I'm missing here?
Also, how can I configure the server to run via SSL in the test.rb application instead of via the command line?
Regards,
Carl
You need to provide the certificates as well..
Do you mean the CA certificate as well? I'm currently providing the private key and the cert that's signed by the CA!
Works just fine here...
$> gem list goliath
*** LOCAL GEMS ***
goliath (1.0.0.beta.1)
goliath-contrib (1.0.0.beta1)
$> ruby examples/echo.rb -sv --ssl
curl -vv --insecure https://localhost:9000
* About to connect() to localhost port 9000 (#0)
* Trying ::1... Connection refused
* Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 9000 (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
*snip*
> GET / HTTP/1.1
> User-Agent: curl/7.21.4 (universal-apple-darwin11.0) libcurl/7.21.4 OpenSSL/0.9.8r zlib/1.2.5
> Host: localhost:9000
> Accept: */*
>
< HTTP/1.1 400 Bad Request
< Content-Type: application/json; charset=utf-8
< Vary: Accept
< X-PostRank: trace.start: 7.50, total: 7.5
< Content-Length: 35
< Server: Goliath
< Date: Thu, 05 Jul 2012 19:15:39 GMT
<
* Connection #0 to host localhost left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
{"error":"echo identifier missing"}
You are right it does work using MRI Ruby. Think the problem is with JRuby!
$ ruby --version
jruby 1.6.7 (ruby-1.8.7-p357) (2012-02-22 3e82bc8) (Java HotSpot(TM) 64-Bit Server VM 1.7.0_04) [darwin-x86_64-java]
$ ruby --1.9 examples/echo.rb -sv --ssl
[8644:INFO] 2012-07-09 10:38:00 :: Starting server on 0.0.0.0:9000 in development mode. Watch out for stones.
[8644:INFO] 2012-07-09 10:38:00 :: Loading Goliath::Plugin::Latency
[8644:INFO] 2012-07-09 10:38:01 :: LATENCY: 2.000093460083008 ms
[8644:INFO] 2012-07-09 10:38:02 :: LATENCY: 0.9999275207519531 ms
[8644:INFO] 2012-07-09 10:38:03 :: LATENCY: 2.000093460083008 ms
[8644:INFO] 2012-07-09 10:38:04 :: LATENCY: 0.9999275207519531 ms
[8644:INFO] 2012-07-09 10:38:05 :: LATENCY: 1.9998550415039062 ms
[8644:INFO] 2012-07-09 10:38:06 :: LATENCY: 0.9999275207519531 ms
[8644:INFO] 2012-07-09 10:38:07 :: LATENCY: 1.9998550415039062 ms
[8644:INFO] 2012-07-09 10:38:08 :: LATENCY: 2.000093460083008 ms
[8644:INFO] 2012-07-09 10:38:09 :: LATENCY: 0.9999275207519531 ms
ArgumentError: wrong number of arguments (4 for 2)
start_tls at /usr/local/rvm/gems/jruby-1.6.7/gems/eventmachine-1.0.0.rc.4-java/lib/em/connection.rb:415
start at /Users/CarlBourne/Documents/GitHub/goliath/lib/goliath/server.rb:88
call at org/jruby/RubyProc.java:258
event_callback at /usr/local/rvm/gems/jruby-1.6.7/gems/eventmachine-1.0.0.rc.4-java/lib/eventmachine.rb:1464
eventCallback at /usr/local/rvm/gems/jruby-1.6.7/gems/eventmachine-1.0.0.rc.4-java/lib/jeventmachine.rb:92
run_machine at /usr/local/rvm/gems/jruby-1.6.7/gems/eventmachine-1.0.0.rc.4-java/lib/jeventmachine.rb:111
run at /usr/local/rvm/gems/jruby-1.6.7/gems/eventmachine-1.0.0.rc.4-java/lib/eventmachine.rb:187
synchrony at /usr/local/rvm/gems/jruby-1.6.7/gems/em-synchrony-1.0.2/lib/em-synchrony.rb:28
start at /Users/CarlBourne/Documents/GitHub/goliath/lib/goliath/server.rb:73
run_server at /Users/CarlBourne/Documents/GitHub/goliath/lib/goliath/runner.rb:280
run at /Users/CarlBourne/Documents/GitHub/goliath/lib/goliath/runner.rb:214
run! at /Users/CarlBourne/Documents/GitHub/goliath/lib/goliath/application.rb:109
Goliath at /Users/CarlBourne/Documents/GitHub/goliath/lib/goliath/application.rb:127
$ curl -vv --insecure https://localhost:9000
* About to connect() to localhost port 9000 (#0)
* Trying ::1... connected
* Connected to localhost (::1) port 9000 (#0)
* SSLv3, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to localhost:9000
* Closing connection #0
curl: (35) Unknown SSL protocol error in connection to localhost:9000
unknown-68-a8-6d-55-f2-ce:~ CarlBourne$ curl -vv --insecure https://localhost:9000
* About to connect() to localhost port 9000 (#0)
* Trying ::1... connected
* Connected to localhost (::1) port 9000 (#0)
* SSLv3, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to localhost:9000
* Closing connection #0
curl: (35) Unknown SSL protocol error in connection to localhost:9000
unknown-68-a8-6d-55-f2-ce:~ CarlBourne$ curl -vv --insecure https://localhost:9000
* About to connect() to localhost port 9000 (#0)
* Trying ::1... connected
* Connected to localhost (::1) port 9000 (#0)
* SSLv3, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to localhost:9000
* Closing connection #0
curl: (35) Unknown SSL protocol error in connection to localhost:9000
Ah, interesting.. Indeed: eventmachine/eventmachine#34
- https://github.com/eventmachine/eventmachine/blob/master/java/src/com/rubyeventmachine/EmReactor.java#L513
- https://github.com/eventmachine/eventmachine/blob/master/lib/em/connection.rb#L415
Looks like the Java reactor needs some work...
Thanks Ilya,
One more question:
if I wanted to code the --ssl, --cert and --key path options into the application rather than specifying them on the command line, what's the best way to do this?
Also, is there example that shows how to start the Goliath server from within the application rather than from the command line.
I've been reading through the docs but it doesn't seem to be obvious how I should to do this.
Regards,
Carl
If you set :ssl_{key,cert,verify}
variables in your config, that should do the trick.
ex: https://github.com/postrank-labs/goliath/tree/master/examples/config