You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@karaf.apache.org by Gerald Kallas <ca...@mailbox.org> on 2020/08/14 17:20:19 UTC
Bind services to HTTPS port with undertow
Dear all,
I did setup a vanilla Karaf 4.3.0RC1 and executed the following commands
feature:install pax-http-undertow
feature:install webconsole
How can I bind the webconsole (and later camel servlets) to the HTTPS port?
Many thanks in advance.
My undertow.xml looks like
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<undertow xmlns="urn:org.ops4j.pax.web:undertow:1.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:w="urn:jboss:domain:5.0"
xmlns:io="urn:jboss:domain:io:3.0"
xsi:schemaLocation="
urn:jboss:domain:io:3.0 http://www.jboss.org/schema/jbossas/wildfly-io_3_0.xsd
urn:jboss:domain:undertow:4.0 http://www.jboss.org/schema/jbossas/wildfly-undertow_4_0.xsd
urn:jboss:domain:5.0 http://www.jboss.org/schema/jbossas/wildfly-config_5_0.xsd">
<!--
Only "default" worker and buffer-pool are supported and can be used to override the default values
used by all listeners
buffer-pool:
- buffer-size defaults to:
- when < 64MB of Xmx: 512
- when < 128MB of Xmx: 1024
- when >= 128MB of Xmx: 16K - 20
- direct-buffers defaults to:
- when < 64MB of Xmx: false
- when >= 64MB of Xmx: true
worker:
- io-threads defaults to Math.max(Runtime.getRuntime().availableProcessors(), 2);
- task-core-threads and task-max-threads default to io-threads * 8
-->
<!--
<subsystem xmlns="urn:jboss:domain:io:3.0">
<buffer-pool name="default" buffer-size="16364" direct-buffers="true" />
<worker name="default" io-threads="8" task-core-threads="64" task-max-threads="64" />
</subsystem>
-->
<!-- https://docs.jboss.org/author/display/WFLY/Undertow+subsystem+configuration -->
<subsystem xmlns="urn:jboss:domain:undertow:4.0">
<!-- org.wildfly.extension.undertow.BufferCacheDefinition -->
<buffer-cache name="default" buffer-size="1024" buffers-per-region="1024" max-regions="10" />
<server name="default-server">
<!-- HTTP(S) Listener references Socket Binding (and indirectly - Interfaces) -->
<http-listener name="http" socket-binding="http" />
<!-- verify-client: org.xnio.SslClientAuthMode.NOT_REQUESTED, org.xnio.SslClientAuthMode.REQUESTED, org.xnio.SslClientAuthMode.REQUIRED -->
<https-listener name="https" socket-binding="https"
security-realm="default" verify-client="NOT_REQUESTED" />
<host name="default-host" alias="localhost">
<!--<location name="/" handler="welcome-content" />-->
<!--<location name="/docs" handler="docs-content" />-->
<access-log directory="${karaf.data}/log" pattern="common" prefix="access_log." suffix="log" rotate="true" />
<filter-ref name="server-header" />
<filter-ref name="x-powered-by-header" />
</host>
</server>
<servlet-container name="default">
<jsp-config />
<websockets />
<welcome-files>
<welcome-file name="index.html" />
<welcome-file name="index.txt" />
</welcome-files>
</servlet-container>
<handlers>
<file name="welcome-content" path="${karaf.home}/welcome" />
<!--<file name="docs-content" path="${karaf.home}/docs" />-->
</handlers>
<filters>
<!-- filters for reference from /host/filter-ref and /host/location/filter-ref -->
<response-header name="server-header" header-name="Server" header-value="Pax-HTTP-Undertow" />
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Pax-HTTP-Undertow/7.2.16" />
</filters>
</subsystem>
<!-- https://docs.jboss.org/author/display/WFLY/Security+Realms -->
<!--
we'll use "default" security realm by default to configure jaas/properties authentication
(io.undertow.security.idm.IdentityManager):
- w:jaas - org.ops4j.pax.web.service.undertow.internal.security.JaasIdentityManager
- w:properties - org.ops4j.pax.web.service.undertow.internal.security.PropertiesIdentityManager
-->
<security-realm name="default">
<w:server-identities>
<w:ssl>
<!-- sun.security.ssl.ProtocolVersion -->
<!-- sun.security.ssl.CipherSuite -->
<!-- openssl ciphers 'ALL:eNULL' | sed -e 's/:/\n/g' | sort -->
<w:engine
enabled-cipher-suites="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
enabled-protocols="TLSv1 TLSv1.1 TLSv1.2" />
<w:keystore path="${karaf.etc}/keystore.p12" provider="PKCS12" alias="server"
keystore-password="password" key-password="password"
generate-self-signed-certificate-host="localhost" />
</w:ssl>
</w:server-identities>
<w:authentication>
<!-- JaasIdentityManager for given realm -->
<w:jaas name="karaf" />
<!-- OR PropertiesIdentityManager (mutually exclusive with <w:jaas>) -->
<!--<w:properties path="users.properties" />-->
<w:truststore path="${karaf.etc}/truststore.jks" provider="JKS" keystore-password="password" />
</w:authentication>
<user-principal-class-name>org.apache.karaf.jaas.boot.principal.UserPrincipal</user-principal-class-name>
<role-principal-class-name>org.apache.karaf.jaas.boot.principal.RolePrincipal</role-principal-class-name>
<!--<role-principal-class-name>...</role-principal-class-name>-->
</security-realm>
<!-- Interface lists IP addresses to bind to -->
<interface name="default">
<w:inet-address value="0.0.0.0" />
<!--<w:inet-address value="127.0.0.1" />-->
</interface>
<!-- Socket Binding adds port for each IP from referenced Interface -->
<socket-binding name="http" interface="default" port="${org.osgi.service.http.port}" />
<socket-binding name="https" interface="default" port="${org.osgi.service.http.port.secure}" />
</undertow>
The log shows
2020-08-14T19:12:59,801 | INFO | paxweb-config-1-thread-1 | ServerControllerImpl | 64 - org.ops4j.pax.web.pax-web-undertow - 7.2.14 | Using "file:/E:/apache-karaf/apache-karaf-4.3.0.RC1/etc/undertow.xml" to configure Undertow
2020-08-14T19:13:00,018 | INFO | activator-1-thread-2 | BouncyCastleSecurityProviderRegistrar | 39 - org.apache.sshd.core - 1.7.0 | getOrCreateProvider(BC) created instance of org.bouncycastle.jce.provider.BouncyCastleProvider
2020-08-14T19:13:00,050 | INFO | paxweb-config-1-thread-1 | ServerControllerImpl | 64 - org.ops4j.pax.web.pax-web-undertow - 7.2.14 | Starting undertow http listener on 0.0.0.0:8181
2020-08-14T19:13:00,052 | INFO | paxweb-config-1-thread-1 | ServerControllerImpl | 64 - org.ops4j.pax.web.pax-web-undertow - 7.2.14 | Starting undertow https listener on 0.0.0.0:8443
2020-08-14T19:13:00,093 | INFO | activator-1-thread-2 | CommandExtension | 36 - org.apache.karaf.shell.core - 4.3.0.RC1 | Registering commands for bundle org.apache.karaf.features.command/4.3.0.RC1
2020-08-14T19:13:00,244 | INFO | activator-1-thread-2 | Activator | 20 - org.apache.karaf.deployer.features - 4.3.0.RC1 | Deployment finished. Registering FeatureDeploymentListener
2020-08-14T19:13:00,310 | INFO | activator-1-thread-3 | CommandExtension | 36 - org.apache.karaf.shell.core - 4.3.0.RC1 | Registering commands for bundle org.apache.karaf.kar.core/4.3.0.RC1
2020-08-14T19:13:00,320 | INFO | activator-1-thread-2 | FeaturesPlugin | 73 - org.apache.karaf.webconsole.features - 4.3.0.RC1 | Features plugin deactivated
2020-08-14T19:13:00,333 | INFO | activator-1-thread-2 | FeaturesPlugin | 73 - org.apache.karaf.webconsole.features - 4.3.0.RC1 | Features plugin activated
2020-08-14T19:13:00,813 | INFO | activator-1-thread-2 | CommandExtension | 36 - org.apache.karaf.shell.core - 4.3.0.RC1 | Registering commands for bundle org.apache.karaf.shell.ssh/4.3.0.RC1
2020-08-14T19:13:01,295 | INFO | paxweb-config-1-thread-1 | ServerControllerImpl | 64 - org.ops4j.pax.web.pax-web-undertow - 7.2.14 | Using in-memory session persistence
2020-08-14T19:13:01,344 | INFO | paxweb-config-1-thread-1 | HttpServiceFactoryImpl | 62 - org.ops4j.pax.web.pax-web-runtime - 7.2.14 | Binding bundle: [org.apache.karaf.webconsole.console [72]] to http service
Re: Bind services to HTTPS port with undertow
Posted by "Gerald Kallas - mailbox.org" <ca...@mailbox.org>.
Yes, that’s right
Sent by my mobile device
- Gerald Kallas
> Am 15.08.2020 um 11:58 schrieb Jean-Baptiste Onofre <jb...@nanthrax.net>:
>
> Hi Gerald,
>
> AFAIR we have a Jira about HTTP authorization issue, right ?
>
> Regards
> JB
>
>> Le 15 août 2020 à 10:55, Gerald Kallas - mailbox.org <ca...@mailbox.org> a écrit :
>>
>> I‘d go with jetty as well but the HTTP authorization problem with Karaf >= 4.2.9 isn’t solved yet.
>>
>> Sent by my mobile device
>> - Gerald Kallas
>>
>>>> Am 15.08.2020 um 10:03 schrieb Jean-Baptiste Onofre <jb...@nanthrax.net>:
>>>
>>> Hi,
>>>
>>> Webconsole should bind to https by default (at least, it’s what happen with Jetty).
>>>
>>> Even if I’m not a big undertow fan, let me try to reproduce and fix ;)
>>>
>>> Regards
>>> JB
>>>
>>>> Le 14 août 2020 à 19:20, Gerald Kallas <ca...@mailbox.org> a écrit :
>>>>
>>>> Dear all,
>>>>
>>>> I did setup a vanilla Karaf 4.3.0RC1 and executed the following commands
>>>>
>>>> feature:install pax-http-undertow
>>>> feature:install webconsole
>>>>
>>>> How can I bind the webconsole (and later camel servlets) to the HTTPS port?
>>>>
>>>> Many thanks in advance.
>>>>
>>>> My undertow.xml looks like
>>>>
>>>> <?xml version="1.0" encoding="UTF-8"?>
>>>> <!--
>>>> Licensed under the Apache License, Version 2.0 (the "License");
>>>> you may not use this file except in compliance with the License.
>>>> You may obtain a copy of the License at
>>>>
>>>> http://www.apache.org/licenses/LICENSE-2.0
>>>>
>>>> Unless required by applicable law or agreed to in writing, software
>>>> distributed under the License is distributed on an "AS IS" BASIS,
>>>> WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>>>> implied.
>>>>
>>>> See the License for the specific language governing permissions and
>>>> limitations under the License.
>>>> -->
>>>> <undertow xmlns="urn:org.ops4j.pax.web:undertow:1.0"
>>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>>> xmlns:w="urn:jboss:domain:5.0"
>>>> xmlns:io="urn:jboss:domain:io:3.0"
>>>> xsi:schemaLocation="
>>>> urn:jboss:domain:io:3.0 http://www.jboss.org/schema/jbossas/wildfly-io_3_0.xsd
>>>> urn:jboss:domain:undertow:4.0 http://www.jboss.org/schema/jbossas/wildfly-undertow_4_0.xsd
>>>> urn:jboss:domain:5.0 http://www.jboss.org/schema/jbossas/wildfly-config_5_0.xsd">
>>>>
>>>> <!--
>>>> Only "default" worker and buffer-pool are supported and can be used to override the default values
>>>> used by all listeners
>>>>
>>>> buffer-pool:
>>>> - buffer-size defaults to:
>>>> - when < 64MB of Xmx: 512
>>>> - when < 128MB of Xmx: 1024
>>>> - when >= 128MB of Xmx: 16K - 20
>>>> - direct-buffers defaults to:
>>>> - when < 64MB of Xmx: false
>>>> - when >= 64MB of Xmx: true
>>>>
>>>> worker:
>>>> - io-threads defaults to Math.max(Runtime.getRuntime().availableProcessors(), 2);
>>>> - task-core-threads and task-max-threads default to io-threads * 8
>>>> -->
>>>> <!--
>>>> <subsystem xmlns="urn:jboss:domain:io:3.0">
>>>> <buffer-pool name="default" buffer-size="16364" direct-buffers="true" />
>>>> <worker name="default" io-threads="8" task-core-threads="64" task-max-threads="64" />
>>>> </subsystem>
>>>> -->
>>>>
>>>> <!-- https://docs.jboss.org/author/display/WFLY/Undertow+subsystem+configuration -->
>>>> <subsystem xmlns="urn:jboss:domain:undertow:4.0">
>>>> <!-- org.wildfly.extension.undertow.BufferCacheDefinition -->
>>>> <buffer-cache name="default" buffer-size="1024" buffers-per-region="1024" max-regions="10" />
>>>> <server name="default-server">
>>>> <!-- HTTP(S) Listener references Socket Binding (and indirectly - Interfaces) -->
>>>> <http-listener name="http" socket-binding="http" />
>>>> <!-- verify-client: org.xnio.SslClientAuthMode.NOT_REQUESTED, org.xnio.SslClientAuthMode.REQUESTED, org.xnio.SslClientAuthMode.REQUIRED -->
>>>> <https-listener name="https" socket-binding="https"
>>>> security-realm="default" verify-client="NOT_REQUESTED" />
>>>> <host name="default-host" alias="localhost">
>>>> <!--<location name="/" handler="welcome-content" />-->
>>>> <!--<location name="/docs" handler="docs-content" />-->
>>>> <access-log directory="${karaf.data}/log" pattern="common" prefix="access_log." suffix="log" rotate="true" />
>>>> <filter-ref name="server-header" />
>>>> <filter-ref name="x-powered-by-header" />
>>>> </host>
>>>> </server>
>>>> <servlet-container name="default">
>>>> <jsp-config />
>>>> <websockets />
>>>> <welcome-files>
>>>> <welcome-file name="index.html" />
>>>> <welcome-file name="index.txt" />
>>>> </welcome-files>
>>>> </servlet-container>
>>>> <handlers>
>>>> <file name="welcome-content" path="${karaf.home}/welcome" />
>>>> <!--<file name="docs-content" path="${karaf.home}/docs" />-->
>>>> </handlers>
>>>> <filters>
>>>> <!-- filters for reference from /host/filter-ref and /host/location/filter-ref -->
>>>> <response-header name="server-header" header-name="Server" header-value="Pax-HTTP-Undertow" />
>>>> <response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Pax-HTTP-Undertow/7.2.16" />
>>>> </filters>
>>>> </subsystem>
>>>>
>>>> <!-- https://docs.jboss.org/author/display/WFLY/Security+Realms -->
>>>> <!--
>>>> we'll use "default" security realm by default to configure jaas/properties authentication
>>>> (io.undertow.security.idm.IdentityManager):
>>>> - w:jaas - org.ops4j.pax.web.service.undertow.internal.security.JaasIdentityManager
>>>> - w:properties - org.ops4j.pax.web.service.undertow.internal.security.PropertiesIdentityManager
>>>> -->
>>>> <security-realm name="default">
>>>> <w:server-identities>
>>>> <w:ssl>
>>>> <!-- sun.security.ssl.ProtocolVersion -->
>>>> <!-- sun.security.ssl.CipherSuite -->
>>>> <!-- openssl ciphers 'ALL:eNULL' | sed -e 's/:/\n/g' | sort -->
>>>> <w:engine
>>>> enabled-cipher-suites="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
>>>> enabled-protocols="TLSv1 TLSv1.1 TLSv1.2" />
>>>> <w:keystore path="${karaf.etc}/keystore.p12" provider="PKCS12" alias="server"
>>>> keystore-password="password" key-password="password"
>>>> generate-self-signed-certificate-host="localhost" />
>>>> </w:ssl>
>>>> </w:server-identities>
>>>> <w:authentication>
>>>> <!-- JaasIdentityManager for given realm -->
>>>> <w:jaas name="karaf" />
>>>> <!-- OR PropertiesIdentityManager (mutually exclusive with <w:jaas>) -->
>>>> <!--<w:properties path="users.properties" />-->
>>>> <w:truststore path="${karaf.etc}/truststore.jks" provider="JKS" keystore-password="password" />
>>>> </w:authentication>
>>>> <user-principal-class-name>org.apache.karaf.jaas.boot.principal.UserPrincipal</user-principal-class-name>
>>>> <role-principal-class-name>org.apache.karaf.jaas.boot.principal.RolePrincipal</role-principal-class-name>
>>>> <!--<role-principal-class-name>...</role-principal-class-name>-->
>>>> </security-realm>
>>>>
>>>> <!-- Interface lists IP addresses to bind to -->
>>>> <interface name="default">
>>>> <w:inet-address value="0.0.0.0" />
>>>> <!--<w:inet-address value="127.0.0.1" />-->
>>>> </interface>
>>>>
>>>> <!-- Socket Binding adds port for each IP from referenced Interface -->
>>>> <socket-binding name="http" interface="default" port="${org.osgi.service.http.port}" />
>>>> <socket-binding name="https" interface="default" port="${org.osgi.service.http.port.secure}" />
>>>>
>>>> </undertow>
>>>>
>>>> The log shows
>>>>
>>>> 2020-08-14T19:12:59,801 | INFO | paxweb-config-1-thread-1 | ServerControllerImpl | 64 - org.ops4j.pax.web.pax-web-undertow - 7.2.14 | Using "file:/E:/apache-karaf/apache-karaf-4.3.0.RC1/etc/undertow.xml" to configure Undertow
>>>> 2020-08-14T19:13:00,018 | INFO | activator-1-thread-2 | BouncyCastleSecurityProviderRegistrar | 39 - org.apache.sshd.core - 1.7.0 | getOrCreateProvider(BC) created instance of org.bouncycastle.jce.provider.BouncyCastleProvider
>>>> 2020-08-14T19:13:00,050 | INFO | paxweb-config-1-thread-1 | ServerControllerImpl | 64 - org.ops4j.pax.web.pax-web-undertow - 7.2.14 | Starting undertow http listener on 0.0.0.0:8181
>>>> 2020-08-14T19:13:00,052 | INFO | paxweb-config-1-thread-1 | ServerControllerImpl | 64 - org.ops4j.pax.web.pax-web-undertow - 7.2.14 | Starting undertow https listener on 0.0.0.0:8443
>>>> 2020-08-14T19:13:00,093 | INFO | activator-1-thread-2 | CommandExtension | 36 - org.apache.karaf.shell.core - 4.3.0.RC1 | Registering commands for bundle org.apache.karaf.features.command/4.3.0.RC1
>>>> 2020-08-14T19:13:00,244 | INFO | activator-1-thread-2 | Activator | 20 - org.apache.karaf.deployer.features - 4.3.0.RC1 | Deployment finished. Registering FeatureDeploymentListener
>>>> 2020-08-14T19:13:00,310 | INFO | activator-1-thread-3 | CommandExtension | 36 - org.apache.karaf.shell.core - 4.3.0.RC1 | Registering commands for bundle org.apache.karaf.kar.core/4.3.0.RC1
>>>> 2020-08-14T19:13:00,320 | INFO | activator-1-thread-2 | FeaturesPlugin | 73 - org.apache.karaf.webconsole.features - 4.3.0.RC1 | Features plugin deactivated
>>>> 2020-08-14T19:13:00,333 | INFO | activator-1-thread-2 | FeaturesPlugin | 73 - org.apache.karaf.webconsole.features - 4.3.0.RC1 | Features plugin activated
>>>> 2020-08-14T19:13:00,813 | INFO | activator-1-thread-2 | CommandExtension | 36 - org.apache.karaf.shell.core - 4.3.0.RC1 | Registering commands for bundle org.apache.karaf.shell.ssh/4.3.0.RC1
>>>> 2020-08-14T19:13:01,295 | INFO | paxweb-config-1-thread-1 | ServerControllerImpl | 64 - org.ops4j.pax.web.pax-web-undertow - 7.2.14 | Using in-memory session persistence
>>>> 2020-08-14T19:13:01,344 | INFO | paxweb-config-1-thread-1 | HttpServiceFactoryImpl | 62 - org.ops4j.pax.web.pax-web-runtime - 7.2.14 | Binding bundle: [org.apache.karaf.webconsole.console [72]] to http service
>>>
>>
>
Re: Bind services to HTTPS port with undertow
Posted by Jean-Baptiste Onofre <jb...@nanthrax.net>.
Hi Gerald,
AFAIR we have a Jira about HTTP authorization issue, right ?
Regards
JB
> Le 15 août 2020 à 10:55, Gerald Kallas - mailbox.org <ca...@mailbox.org> a écrit :
>
> I‘d go with jetty as well but the HTTP authorization problem with Karaf >= 4.2.9 isn’t solved yet.
>
> Sent by my mobile device
> - Gerald Kallas
>
>> Am 15.08.2020 um 10:03 schrieb Jean-Baptiste Onofre <jb...@nanthrax.net>:
>>
>> Hi,
>>
>> Webconsole should bind to https by default (at least, it’s what happen with Jetty).
>>
>> Even if I’m not a big undertow fan, let me try to reproduce and fix ;)
>>
>> Regards
>> JB
>>
>>> Le 14 août 2020 à 19:20, Gerald Kallas <ca...@mailbox.org> a écrit :
>>>
>>> Dear all,
>>>
>>> I did setup a vanilla Karaf 4.3.0RC1 and executed the following commands
>>>
>>> feature:install pax-http-undertow
>>> feature:install webconsole
>>>
>>> How can I bind the webconsole (and later camel servlets) to the HTTPS port?
>>>
>>> Many thanks in advance.
>>>
>>> My undertow.xml looks like
>>>
>>> <?xml version="1.0" encoding="UTF-8"?>
>>> <!--
>>> Licensed under the Apache License, Version 2.0 (the "License");
>>> you may not use this file except in compliance with the License.
>>> You may obtain a copy of the License at
>>>
>>> http://www.apache.org/licenses/LICENSE-2.0
>>>
>>> Unless required by applicable law or agreed to in writing, software
>>> distributed under the License is distributed on an "AS IS" BASIS,
>>> WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>>> implied.
>>>
>>> See the License for the specific language governing permissions and
>>> limitations under the License.
>>> -->
>>> <undertow xmlns="urn:org.ops4j.pax.web:undertow:1.0"
>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>> xmlns:w="urn:jboss:domain:5.0"
>>> xmlns:io="urn:jboss:domain:io:3.0"
>>> xsi:schemaLocation="
>>> urn:jboss:domain:io:3.0 http://www.jboss.org/schema/jbossas/wildfly-io_3_0.xsd
>>> urn:jboss:domain:undertow:4.0 http://www.jboss.org/schema/jbossas/wildfly-undertow_4_0.xsd
>>> urn:jboss:domain:5.0 http://www.jboss.org/schema/jbossas/wildfly-config_5_0.xsd">
>>>
>>> <!--
>>> Only "default" worker and buffer-pool are supported and can be used to override the default values
>>> used by all listeners
>>>
>>> buffer-pool:
>>> - buffer-size defaults to:
>>> - when < 64MB of Xmx: 512
>>> - when < 128MB of Xmx: 1024
>>> - when >= 128MB of Xmx: 16K - 20
>>> - direct-buffers defaults to:
>>> - when < 64MB of Xmx: false
>>> - when >= 64MB of Xmx: true
>>>
>>> worker:
>>> - io-threads defaults to Math.max(Runtime.getRuntime().availableProcessors(), 2);
>>> - task-core-threads and task-max-threads default to io-threads * 8
>>> -->
>>> <!--
>>> <subsystem xmlns="urn:jboss:domain:io:3.0">
>>> <buffer-pool name="default" buffer-size="16364" direct-buffers="true" />
>>> <worker name="default" io-threads="8" task-core-threads="64" task-max-threads="64" />
>>> </subsystem>
>>> -->
>>>
>>> <!-- https://docs.jboss.org/author/display/WFLY/Undertow+subsystem+configuration -->
>>> <subsystem xmlns="urn:jboss:domain:undertow:4.0">
>>> <!-- org.wildfly.extension.undertow.BufferCacheDefinition -->
>>> <buffer-cache name="default" buffer-size="1024" buffers-per-region="1024" max-regions="10" />
>>> <server name="default-server">
>>> <!-- HTTP(S) Listener references Socket Binding (and indirectly - Interfaces) -->
>>> <http-listener name="http" socket-binding="http" />
>>> <!-- verify-client: org.xnio.SslClientAuthMode.NOT_REQUESTED, org.xnio.SslClientAuthMode.REQUESTED, org.xnio.SslClientAuthMode.REQUIRED -->
>>> <https-listener name="https" socket-binding="https"
>>> security-realm="default" verify-client="NOT_REQUESTED" />
>>> <host name="default-host" alias="localhost">
>>> <!--<location name="/" handler="welcome-content" />-->
>>> <!--<location name="/docs" handler="docs-content" />-->
>>> <access-log directory="${karaf.data}/log" pattern="common" prefix="access_log." suffix="log" rotate="true" />
>>> <filter-ref name="server-header" />
>>> <filter-ref name="x-powered-by-header" />
>>> </host>
>>> </server>
>>> <servlet-container name="default">
>>> <jsp-config />
>>> <websockets />
>>> <welcome-files>
>>> <welcome-file name="index.html" />
>>> <welcome-file name="index.txt" />
>>> </welcome-files>
>>> </servlet-container>
>>> <handlers>
>>> <file name="welcome-content" path="${karaf.home}/welcome" />
>>> <!--<file name="docs-content" path="${karaf.home}/docs" />-->
>>> </handlers>
>>> <filters>
>>> <!-- filters for reference from /host/filter-ref and /host/location/filter-ref -->
>>> <response-header name="server-header" header-name="Server" header-value="Pax-HTTP-Undertow" />
>>> <response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Pax-HTTP-Undertow/7.2.16" />
>>> </filters>
>>> </subsystem>
>>>
>>> <!-- https://docs.jboss.org/author/display/WFLY/Security+Realms -->
>>> <!--
>>> we'll use "default" security realm by default to configure jaas/properties authentication
>>> (io.undertow.security.idm.IdentityManager):
>>> - w:jaas - org.ops4j.pax.web.service.undertow.internal.security.JaasIdentityManager
>>> - w:properties - org.ops4j.pax.web.service.undertow.internal.security.PropertiesIdentityManager
>>> -->
>>> <security-realm name="default">
>>> <w:server-identities>
>>> <w:ssl>
>>> <!-- sun.security.ssl.ProtocolVersion -->
>>> <!-- sun.security.ssl.CipherSuite -->
>>> <!-- openssl ciphers 'ALL:eNULL' | sed -e 's/:/\n/g' | sort -->
>>> <w:engine
>>> enabled-cipher-suites="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
>>> enabled-protocols="TLSv1 TLSv1.1 TLSv1.2" />
>>> <w:keystore path="${karaf.etc}/keystore.p12" provider="PKCS12" alias="server"
>>> keystore-password="password" key-password="password"
>>> generate-self-signed-certificate-host="localhost" />
>>> </w:ssl>
>>> </w:server-identities>
>>> <w:authentication>
>>> <!-- JaasIdentityManager for given realm -->
>>> <w:jaas name="karaf" />
>>> <!-- OR PropertiesIdentityManager (mutually exclusive with <w:jaas>) -->
>>> <!--<w:properties path="users.properties" />-->
>>> <w:truststore path="${karaf.etc}/truststore.jks" provider="JKS" keystore-password="password" />
>>> </w:authentication>
>>> <user-principal-class-name>org.apache.karaf.jaas.boot.principal.UserPrincipal</user-principal-class-name>
>>> <role-principal-class-name>org.apache.karaf.jaas.boot.principal.RolePrincipal</role-principal-class-name>
>>> <!--<role-principal-class-name>...</role-principal-class-name>-->
>>> </security-realm>
>>>
>>> <!-- Interface lists IP addresses to bind to -->
>>> <interface name="default">
>>> <w:inet-address value="0.0.0.0" />
>>> <!--<w:inet-address value="127.0.0.1" />-->
>>> </interface>
>>>
>>> <!-- Socket Binding adds port for each IP from referenced Interface -->
>>> <socket-binding name="http" interface="default" port="${org.osgi.service.http.port}" />
>>> <socket-binding name="https" interface="default" port="${org.osgi.service.http.port.secure}" />
>>>
>>> </undertow>
>>>
>>> The log shows
>>>
>>> 2020-08-14T19:12:59,801 | INFO | paxweb-config-1-thread-1 | ServerControllerImpl | 64 - org.ops4j.pax.web.pax-web-undertow - 7.2.14 | Using "file:/E:/apache-karaf/apache-karaf-4.3.0.RC1/etc/undertow.xml" to configure Undertow
>>> 2020-08-14T19:13:00,018 | INFO | activator-1-thread-2 | BouncyCastleSecurityProviderRegistrar | 39 - org.apache.sshd.core - 1.7.0 | getOrCreateProvider(BC) created instance of org.bouncycastle.jce.provider.BouncyCastleProvider
>>> 2020-08-14T19:13:00,050 | INFO | paxweb-config-1-thread-1 | ServerControllerImpl | 64 - org.ops4j.pax.web.pax-web-undertow - 7.2.14 | Starting undertow http listener on 0.0.0.0:8181
>>> 2020-08-14T19:13:00,052 | INFO | paxweb-config-1-thread-1 | ServerControllerImpl | 64 - org.ops4j.pax.web.pax-web-undertow - 7.2.14 | Starting undertow https listener on 0.0.0.0:8443
>>> 2020-08-14T19:13:00,093 | INFO | activator-1-thread-2 | CommandExtension | 36 - org.apache.karaf.shell.core - 4.3.0.RC1 | Registering commands for bundle org.apache.karaf.features.command/4.3.0.RC1
>>> 2020-08-14T19:13:00,244 | INFO | activator-1-thread-2 | Activator | 20 - org.apache.karaf.deployer.features - 4.3.0.RC1 | Deployment finished. Registering FeatureDeploymentListener
>>> 2020-08-14T19:13:00,310 | INFO | activator-1-thread-3 | CommandExtension | 36 - org.apache.karaf.shell.core - 4.3.0.RC1 | Registering commands for bundle org.apache.karaf.kar.core/4.3.0.RC1
>>> 2020-08-14T19:13:00,320 | INFO | activator-1-thread-2 | FeaturesPlugin | 73 - org.apache.karaf.webconsole.features - 4.3.0.RC1 | Features plugin deactivated
>>> 2020-08-14T19:13:00,333 | INFO | activator-1-thread-2 | FeaturesPlugin | 73 - org.apache.karaf.webconsole.features - 4.3.0.RC1 | Features plugin activated
>>> 2020-08-14T19:13:00,813 | INFO | activator-1-thread-2 | CommandExtension | 36 - org.apache.karaf.shell.core - 4.3.0.RC1 | Registering commands for bundle org.apache.karaf.shell.ssh/4.3.0.RC1
>>> 2020-08-14T19:13:01,295 | INFO | paxweb-config-1-thread-1 | ServerControllerImpl | 64 - org.ops4j.pax.web.pax-web-undertow - 7.2.14 | Using in-memory session persistence
>>> 2020-08-14T19:13:01,344 | INFO | paxweb-config-1-thread-1 | HttpServiceFactoryImpl | 62 - org.ops4j.pax.web.pax-web-runtime - 7.2.14 | Binding bundle: [org.apache.karaf.webconsole.console [72]] to http service
>>
>
Re: Bind services to HTTPS port with undertow
Posted by "Gerald Kallas - mailbox.org" <ca...@mailbox.org>.
I‘d go with jetty as well but the HTTP authorization problem with Karaf >= 4.2.9 isn’t solved yet.
Sent by my mobile device
- Gerald Kallas
> Am 15.08.2020 um 10:03 schrieb Jean-Baptiste Onofre <jb...@nanthrax.net>:
>
> Hi,
>
> Webconsole should bind to https by default (at least, it’s what happen with Jetty).
>
> Even if I’m not a big undertow fan, let me try to reproduce and fix ;)
>
> Regards
> JB
>
>> Le 14 août 2020 à 19:20, Gerald Kallas <ca...@mailbox.org> a écrit :
>>
>> Dear all,
>>
>> I did setup a vanilla Karaf 4.3.0RC1 and executed the following commands
>>
>> feature:install pax-http-undertow
>> feature:install webconsole
>>
>> How can I bind the webconsole (and later camel servlets) to the HTTPS port?
>>
>> Many thanks in advance.
>>
>> My undertow.xml looks like
>>
>> <?xml version="1.0" encoding="UTF-8"?>
>> <!--
>> Licensed under the Apache License, Version 2.0 (the "License");
>> you may not use this file except in compliance with the License.
>> You may obtain a copy of the License at
>>
>> http://www.apache.org/licenses/LICENSE-2.0
>>
>> Unless required by applicable law or agreed to in writing, software
>> distributed under the License is distributed on an "AS IS" BASIS,
>> WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>> implied.
>>
>> See the License for the specific language governing permissions and
>> limitations under the License.
>> -->
>> <undertow xmlns="urn:org.ops4j.pax.web:undertow:1.0"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> xmlns:w="urn:jboss:domain:5.0"
>> xmlns:io="urn:jboss:domain:io:3.0"
>> xsi:schemaLocation="
>> urn:jboss:domain:io:3.0 http://www.jboss.org/schema/jbossas/wildfly-io_3_0.xsd
>> urn:jboss:domain:undertow:4.0 http://www.jboss.org/schema/jbossas/wildfly-undertow_4_0.xsd
>> urn:jboss:domain:5.0 http://www.jboss.org/schema/jbossas/wildfly-config_5_0.xsd">
>>
>> <!--
>> Only "default" worker and buffer-pool are supported and can be used to override the default values
>> used by all listeners
>>
>> buffer-pool:
>> - buffer-size defaults to:
>> - when < 64MB of Xmx: 512
>> - when < 128MB of Xmx: 1024
>> - when >= 128MB of Xmx: 16K - 20
>> - direct-buffers defaults to:
>> - when < 64MB of Xmx: false
>> - when >= 64MB of Xmx: true
>>
>> worker:
>> - io-threads defaults to Math.max(Runtime.getRuntime().availableProcessors(), 2);
>> - task-core-threads and task-max-threads default to io-threads * 8
>> -->
>> <!--
>> <subsystem xmlns="urn:jboss:domain:io:3.0">
>> <buffer-pool name="default" buffer-size="16364" direct-buffers="true" />
>> <worker name="default" io-threads="8" task-core-threads="64" task-max-threads="64" />
>> </subsystem>
>> -->
>>
>> <!-- https://docs.jboss.org/author/display/WFLY/Undertow+subsystem+configuration -->
>> <subsystem xmlns="urn:jboss:domain:undertow:4.0">
>> <!-- org.wildfly.extension.undertow.BufferCacheDefinition -->
>> <buffer-cache name="default" buffer-size="1024" buffers-per-region="1024" max-regions="10" />
>> <server name="default-server">
>> <!-- HTTP(S) Listener references Socket Binding (and indirectly - Interfaces) -->
>> <http-listener name="http" socket-binding="http" />
>> <!-- verify-client: org.xnio.SslClientAuthMode.NOT_REQUESTED, org.xnio.SslClientAuthMode.REQUESTED, org.xnio.SslClientAuthMode.REQUIRED -->
>> <https-listener name="https" socket-binding="https"
>> security-realm="default" verify-client="NOT_REQUESTED" />
>> <host name="default-host" alias="localhost">
>> <!--<location name="/" handler="welcome-content" />-->
>> <!--<location name="/docs" handler="docs-content" />-->
>> <access-log directory="${karaf.data}/log" pattern="common" prefix="access_log." suffix="log" rotate="true" />
>> <filter-ref name="server-header" />
>> <filter-ref name="x-powered-by-header" />
>> </host>
>> </server>
>> <servlet-container name="default">
>> <jsp-config />
>> <websockets />
>> <welcome-files>
>> <welcome-file name="index.html" />
>> <welcome-file name="index.txt" />
>> </welcome-files>
>> </servlet-container>
>> <handlers>
>> <file name="welcome-content" path="${karaf.home}/welcome" />
>> <!--<file name="docs-content" path="${karaf.home}/docs" />-->
>> </handlers>
>> <filters>
>> <!-- filters for reference from /host/filter-ref and /host/location/filter-ref -->
>> <response-header name="server-header" header-name="Server" header-value="Pax-HTTP-Undertow" />
>> <response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Pax-HTTP-Undertow/7.2.16" />
>> </filters>
>> </subsystem>
>>
>> <!-- https://docs.jboss.org/author/display/WFLY/Security+Realms -->
>> <!--
>> we'll use "default" security realm by default to configure jaas/properties authentication
>> (io.undertow.security.idm.IdentityManager):
>> - w:jaas - org.ops4j.pax.web.service.undertow.internal.security.JaasIdentityManager
>> - w:properties - org.ops4j.pax.web.service.undertow.internal.security.PropertiesIdentityManager
>> -->
>> <security-realm name="default">
>> <w:server-identities>
>> <w:ssl>
>> <!-- sun.security.ssl.ProtocolVersion -->
>> <!-- sun.security.ssl.CipherSuite -->
>> <!-- openssl ciphers 'ALL:eNULL' | sed -e 's/:/\n/g' | sort -->
>> <w:engine
>> enabled-cipher-suites="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
>> enabled-protocols="TLSv1 TLSv1.1 TLSv1.2" />
>> <w:keystore path="${karaf.etc}/keystore.p12" provider="PKCS12" alias="server"
>> keystore-password="password" key-password="password"
>> generate-self-signed-certificate-host="localhost" />
>> </w:ssl>
>> </w:server-identities>
>> <w:authentication>
>> <!-- JaasIdentityManager for given realm -->
>> <w:jaas name="karaf" />
>> <!-- OR PropertiesIdentityManager (mutually exclusive with <w:jaas>) -->
>> <!--<w:properties path="users.properties" />-->
>> <w:truststore path="${karaf.etc}/truststore.jks" provider="JKS" keystore-password="password" />
>> </w:authentication>
>> <user-principal-class-name>org.apache.karaf.jaas.boot.principal.UserPrincipal</user-principal-class-name>
>> <role-principal-class-name>org.apache.karaf.jaas.boot.principal.RolePrincipal</role-principal-class-name>
>> <!--<role-principal-class-name>...</role-principal-class-name>-->
>> </security-realm>
>>
>> <!-- Interface lists IP addresses to bind to -->
>> <interface name="default">
>> <w:inet-address value="0.0.0.0" />
>> <!--<w:inet-address value="127.0.0.1" />-->
>> </interface>
>>
>> <!-- Socket Binding adds port for each IP from referenced Interface -->
>> <socket-binding name="http" interface="default" port="${org.osgi.service.http.port}" />
>> <socket-binding name="https" interface="default" port="${org.osgi.service.http.port.secure}" />
>>
>> </undertow>
>>
>> The log shows
>>
>> 2020-08-14T19:12:59,801 | INFO | paxweb-config-1-thread-1 | ServerControllerImpl | 64 - org.ops4j.pax.web.pax-web-undertow - 7.2.14 | Using "file:/E:/apache-karaf/apache-karaf-4.3.0.RC1/etc/undertow.xml" to configure Undertow
>> 2020-08-14T19:13:00,018 | INFO | activator-1-thread-2 | BouncyCastleSecurityProviderRegistrar | 39 - org.apache.sshd.core - 1.7.0 | getOrCreateProvider(BC) created instance of org.bouncycastle.jce.provider.BouncyCastleProvider
>> 2020-08-14T19:13:00,050 | INFO | paxweb-config-1-thread-1 | ServerControllerImpl | 64 - org.ops4j.pax.web.pax-web-undertow - 7.2.14 | Starting undertow http listener on 0.0.0.0:8181
>> 2020-08-14T19:13:00,052 | INFO | paxweb-config-1-thread-1 | ServerControllerImpl | 64 - org.ops4j.pax.web.pax-web-undertow - 7.2.14 | Starting undertow https listener on 0.0.0.0:8443
>> 2020-08-14T19:13:00,093 | INFO | activator-1-thread-2 | CommandExtension | 36 - org.apache.karaf.shell.core - 4.3.0.RC1 | Registering commands for bundle org.apache.karaf.features.command/4.3.0.RC1
>> 2020-08-14T19:13:00,244 | INFO | activator-1-thread-2 | Activator | 20 - org.apache.karaf.deployer.features - 4.3.0.RC1 | Deployment finished. Registering FeatureDeploymentListener
>> 2020-08-14T19:13:00,310 | INFO | activator-1-thread-3 | CommandExtension | 36 - org.apache.karaf.shell.core - 4.3.0.RC1 | Registering commands for bundle org.apache.karaf.kar.core/4.3.0.RC1
>> 2020-08-14T19:13:00,320 | INFO | activator-1-thread-2 | FeaturesPlugin | 73 - org.apache.karaf.webconsole.features - 4.3.0.RC1 | Features plugin deactivated
>> 2020-08-14T19:13:00,333 | INFO | activator-1-thread-2 | FeaturesPlugin | 73 - org.apache.karaf.webconsole.features - 4.3.0.RC1 | Features plugin activated
>> 2020-08-14T19:13:00,813 | INFO | activator-1-thread-2 | CommandExtension | 36 - org.apache.karaf.shell.core - 4.3.0.RC1 | Registering commands for bundle org.apache.karaf.shell.ssh/4.3.0.RC1
>> 2020-08-14T19:13:01,295 | INFO | paxweb-config-1-thread-1 | ServerControllerImpl | 64 - org.ops4j.pax.web.pax-web-undertow - 7.2.14 | Using in-memory session persistence
>> 2020-08-14T19:13:01,344 | INFO | paxweb-config-1-thread-1 | HttpServiceFactoryImpl | 62 - org.ops4j.pax.web.pax-web-runtime - 7.2.14 | Binding bundle: [org.apache.karaf.webconsole.console [72]] to http service
>
Re: Bind services to HTTPS port with undertow
Posted by Jean-Baptiste Onofre <jb...@nanthrax.net>.
Hi,
Webconsole should bind to https by default (at least, it’s what happen with Jetty).
Even if I’m not a big undertow fan, let me try to reproduce and fix ;)
Regards
JB
> Le 14 août 2020 à 19:20, Gerald Kallas <ca...@mailbox.org> a écrit :
>
> Dear all,
>
> I did setup a vanilla Karaf 4.3.0RC1 and executed the following commands
>
> feature:install pax-http-undertow
> feature:install webconsole
>
> How can I bind the webconsole (and later camel servlets) to the HTTPS port?
>
> Many thanks in advance.
>
> My undertow.xml looks like
>
> <?xml version="1.0" encoding="UTF-8"?>
> <!--
> Licensed under the Apache License, Version 2.0 (the "License");
> you may not use this file except in compliance with the License.
> You may obtain a copy of the License at
>
> http://www.apache.org/licenses/LICENSE-2.0
>
> Unless required by applicable law or agreed to in writing, software
> distributed under the License is distributed on an "AS IS" BASIS,
> WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
> implied.
>
> See the License for the specific language governing permissions and
> limitations under the License.
> -->
> <undertow xmlns="urn:org.ops4j.pax.web:undertow:1.0"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:w="urn:jboss:domain:5.0"
> xmlns:io="urn:jboss:domain:io:3.0"
> xsi:schemaLocation="
> urn:jboss:domain:io:3.0 http://www.jboss.org/schema/jbossas/wildfly-io_3_0.xsd
> urn:jboss:domain:undertow:4.0 http://www.jboss.org/schema/jbossas/wildfly-undertow_4_0.xsd
> urn:jboss:domain:5.0 http://www.jboss.org/schema/jbossas/wildfly-config_5_0.xsd">
>
> <!--
> Only "default" worker and buffer-pool are supported and can be used to override the default values
> used by all listeners
>
> buffer-pool:
> - buffer-size defaults to:
> - when < 64MB of Xmx: 512
> - when < 128MB of Xmx: 1024
> - when >= 128MB of Xmx: 16K - 20
> - direct-buffers defaults to:
> - when < 64MB of Xmx: false
> - when >= 64MB of Xmx: true
>
> worker:
> - io-threads defaults to Math.max(Runtime.getRuntime().availableProcessors(), 2);
> - task-core-threads and task-max-threads default to io-threads * 8
> -->
> <!--
> <subsystem xmlns="urn:jboss:domain:io:3.0">
> <buffer-pool name="default" buffer-size="16364" direct-buffers="true" />
> <worker name="default" io-threads="8" task-core-threads="64" task-max-threads="64" />
> </subsystem>
> -->
>
> <!-- https://docs.jboss.org/author/display/WFLY/Undertow+subsystem+configuration -->
> <subsystem xmlns="urn:jboss:domain:undertow:4.0">
> <!-- org.wildfly.extension.undertow.BufferCacheDefinition -->
> <buffer-cache name="default" buffer-size="1024" buffers-per-region="1024" max-regions="10" />
> <server name="default-server">
> <!-- HTTP(S) Listener references Socket Binding (and indirectly - Interfaces) -->
> <http-listener name="http" socket-binding="http" />
> <!-- verify-client: org.xnio.SslClientAuthMode.NOT_REQUESTED, org.xnio.SslClientAuthMode.REQUESTED, org.xnio.SslClientAuthMode.REQUIRED -->
> <https-listener name="https" socket-binding="https"
> security-realm="default" verify-client="NOT_REQUESTED" />
> <host name="default-host" alias="localhost">
> <!--<location name="/" handler="welcome-content" />-->
> <!--<location name="/docs" handler="docs-content" />-->
> <access-log directory="${karaf.data}/log" pattern="common" prefix="access_log." suffix="log" rotate="true" />
> <filter-ref name="server-header" />
> <filter-ref name="x-powered-by-header" />
> </host>
> </server>
> <servlet-container name="default">
> <jsp-config />
> <websockets />
> <welcome-files>
> <welcome-file name="index.html" />
> <welcome-file name="index.txt" />
> </welcome-files>
> </servlet-container>
> <handlers>
> <file name="welcome-content" path="${karaf.home}/welcome" />
> <!--<file name="docs-content" path="${karaf.home}/docs" />-->
> </handlers>
> <filters>
> <!-- filters for reference from /host/filter-ref and /host/location/filter-ref -->
> <response-header name="server-header" header-name="Server" header-value="Pax-HTTP-Undertow" />
> <response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Pax-HTTP-Undertow/7.2.16" />
> </filters>
> </subsystem>
>
> <!-- https://docs.jboss.org/author/display/WFLY/Security+Realms -->
> <!--
> we'll use "default" security realm by default to configure jaas/properties authentication
> (io.undertow.security.idm.IdentityManager):
> - w:jaas - org.ops4j.pax.web.service.undertow.internal.security.JaasIdentityManager
> - w:properties - org.ops4j.pax.web.service.undertow.internal.security.PropertiesIdentityManager
> -->
> <security-realm name="default">
> <w:server-identities>
> <w:ssl>
> <!-- sun.security.ssl.ProtocolVersion -->
> <!-- sun.security.ssl.CipherSuite -->
> <!-- openssl ciphers 'ALL:eNULL' | sed -e 's/:/\n/g' | sort -->
> <w:engine
> enabled-cipher-suites="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
> enabled-protocols="TLSv1 TLSv1.1 TLSv1.2" />
> <w:keystore path="${karaf.etc}/keystore.p12" provider="PKCS12" alias="server"
> keystore-password="password" key-password="password"
> generate-self-signed-certificate-host="localhost" />
> </w:ssl>
> </w:server-identities>
> <w:authentication>
> <!-- JaasIdentityManager for given realm -->
> <w:jaas name="karaf" />
> <!-- OR PropertiesIdentityManager (mutually exclusive with <w:jaas>) -->
> <!--<w:properties path="users.properties" />-->
> <w:truststore path="${karaf.etc}/truststore.jks" provider="JKS" keystore-password="password" />
> </w:authentication>
> <user-principal-class-name>org.apache.karaf.jaas.boot.principal.UserPrincipal</user-principal-class-name>
> <role-principal-class-name>org.apache.karaf.jaas.boot.principal.RolePrincipal</role-principal-class-name>
> <!--<role-principal-class-name>...</role-principal-class-name>-->
> </security-realm>
>
> <!-- Interface lists IP addresses to bind to -->
> <interface name="default">
> <w:inet-address value="0.0.0.0" />
> <!--<w:inet-address value="127.0.0.1" />-->
> </interface>
>
> <!-- Socket Binding adds port for each IP from referenced Interface -->
> <socket-binding name="http" interface="default" port="${org.osgi.service.http.port}" />
> <socket-binding name="https" interface="default" port="${org.osgi.service.http.port.secure}" />
>
> </undertow>
>
> The log shows
>
> 2020-08-14T19:12:59,801 | INFO | paxweb-config-1-thread-1 | ServerControllerImpl | 64 - org.ops4j.pax.web.pax-web-undertow - 7.2.14 | Using "file:/E:/apache-karaf/apache-karaf-4.3.0.RC1/etc/undertow.xml" to configure Undertow
> 2020-08-14T19:13:00,018 | INFO | activator-1-thread-2 | BouncyCastleSecurityProviderRegistrar | 39 - org.apache.sshd.core - 1.7.0 | getOrCreateProvider(BC) created instance of org.bouncycastle.jce.provider.BouncyCastleProvider
> 2020-08-14T19:13:00,050 | INFO | paxweb-config-1-thread-1 | ServerControllerImpl | 64 - org.ops4j.pax.web.pax-web-undertow - 7.2.14 | Starting undertow http listener on 0.0.0.0:8181
> 2020-08-14T19:13:00,052 | INFO | paxweb-config-1-thread-1 | ServerControllerImpl | 64 - org.ops4j.pax.web.pax-web-undertow - 7.2.14 | Starting undertow https listener on 0.0.0.0:8443
> 2020-08-14T19:13:00,093 | INFO | activator-1-thread-2 | CommandExtension | 36 - org.apache.karaf.shell.core - 4.3.0.RC1 | Registering commands for bundle org.apache.karaf.features.command/4.3.0.RC1
> 2020-08-14T19:13:00,244 | INFO | activator-1-thread-2 | Activator | 20 - org.apache.karaf.deployer.features - 4.3.0.RC1 | Deployment finished. Registering FeatureDeploymentListener
> 2020-08-14T19:13:00,310 | INFO | activator-1-thread-3 | CommandExtension | 36 - org.apache.karaf.shell.core - 4.3.0.RC1 | Registering commands for bundle org.apache.karaf.kar.core/4.3.0.RC1
> 2020-08-14T19:13:00,320 | INFO | activator-1-thread-2 | FeaturesPlugin | 73 - org.apache.karaf.webconsole.features - 4.3.0.RC1 | Features plugin deactivated
> 2020-08-14T19:13:00,333 | INFO | activator-1-thread-2 | FeaturesPlugin | 73 - org.apache.karaf.webconsole.features - 4.3.0.RC1 | Features plugin activated
> 2020-08-14T19:13:00,813 | INFO | activator-1-thread-2 | CommandExtension | 36 - org.apache.karaf.shell.core - 4.3.0.RC1 | Registering commands for bundle org.apache.karaf.shell.ssh/4.3.0.RC1
> 2020-08-14T19:13:01,295 | INFO | paxweb-config-1-thread-1 | ServerControllerImpl | 64 - org.ops4j.pax.web.pax-web-undertow - 7.2.14 | Using in-memory session persistence
> 2020-08-14T19:13:01,344 | INFO | paxweb-config-1-thread-1 | HttpServiceFactoryImpl | 62 - org.ops4j.pax.web.pax-web-runtime - 7.2.14 | Binding bundle: [org.apache.karaf.webconsole.console [72]] to http service
Re: Bind services to HTTPS port with undertow
Posted by Jean-Baptiste Onofre <jb...@nanthrax.net>.
Yeah, it seems the default configuration just use "old" ciphering and should be updated.
I guess we can override the default overtow.xml in Pax Web.
Regards
JB
> Le 15 août 2020 à 08:35, Gerald Kallas <ca...@mailbox.org> a écrit :
>
> I found a solution. I replaced the engine tag
>
> <w:engine enabled-cipher-suites="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
> enabled-protocols="TLSv1 TLSv1.1 TLSv1.2" />
>
> with
>
> <w:engine
> enabled-cipher-suites="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"
> enabled-protocols="TLSv1 TLSv1.1 TLSv1.2" />
>
> Seems that the standard configuration of the undertow.xml is outdated.
>
> Best
> Gerald
>
>> Gerald Kallas <ca...@mailbox.org> hat am 14.08.2020 19:20 geschrieben:
>>
>>
>> Dear all,
>>
>> I did setup a vanilla Karaf 4.3.0RC1 and executed the following commands
>>
>> feature:install pax-http-undertow
>> feature:install webconsole
>>
>> How can I bind the webconsole (and later camel servlets) to the HTTPS port?
>>
>> Many thanks in advance.
>>
>> My undertow.xml looks like
>>
>> <?xml version="1.0" encoding="UTF-8"?>
>> <!--
>> Licensed under the Apache License, Version 2.0 (the "License");
>> you may not use this file except in compliance with the License.
>> You may obtain a copy of the License at
>>
>> http://www.apache.org/licenses/LICENSE-2.0
>>
>> Unless required by applicable law or agreed to in writing, software
>> distributed under the License is distributed on an "AS IS" BASIS,
>> WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>> implied.
>>
>> See the License for the specific language governing permissions and
>> limitations under the License.
>> -->
>> <undertow xmlns="urn:org.ops4j.pax.web:undertow:1.0"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> xmlns:w="urn:jboss:domain:5.0"
>> xmlns:io="urn:jboss:domain:io:3.0"
>> xsi:schemaLocation="
>> urn:jboss:domain:io:3.0 http://www.jboss.org/schema/jbossas/wildfly-io_3_0.xsd
>> urn:jboss:domain:undertow:4.0 http://www.jboss.org/schema/jbossas/wildfly-undertow_4_0.xsd
>> urn:jboss:domain:5.0 http://www.jboss.org/schema/jbossas/wildfly-config_5_0.xsd">
>>
>> <!--
>> Only "default" worker and buffer-pool are supported and can be used to override the default values
>> used by all listeners
>>
>> buffer-pool:
>> - buffer-size defaults to:
>> - when < 64MB of Xmx: 512
>> - when < 128MB of Xmx: 1024
>> - when >= 128MB of Xmx: 16K - 20
>> - direct-buffers defaults to:
>> - when < 64MB of Xmx: false
>> - when >= 64MB of Xmx: true
>>
>> worker:
>> - io-threads defaults to Math.max(Runtime.getRuntime().availableProcessors(), 2);
>> - task-core-threads and task-max-threads default to io-threads * 8
>> -->
>> <!--
>> <subsystem xmlns="urn:jboss:domain:io:3.0">
>> <buffer-pool name="default" buffer-size="16364" direct-buffers="true" />
>> <worker name="default" io-threads="8" task-core-threads="64" task-max-threads="64" />
>> </subsystem>
>> -->
>>
>> <!-- https://docs.jboss.org/author/display/WFLY/Undertow+subsystem+configuration -->
>> <subsystem xmlns="urn:jboss:domain:undertow:4.0">
>> <!-- org.wildfly.extension.undertow.BufferCacheDefinition -->
>> <buffer-cache name="default" buffer-size="1024" buffers-per-region="1024" max-regions="10" />
>> <server name="default-server">
>> <!-- HTTP(S) Listener references Socket Binding (and indirectly - Interfaces) -->
>> <http-listener name="http" socket-binding="http" />
>> <!-- verify-client: org.xnio.SslClientAuthMode.NOT_REQUESTED, org.xnio.SslClientAuthMode.REQUESTED, org.xnio.SslClientAuthMode.REQUIRED -->
>> <https-listener name="https" socket-binding="https"
>> security-realm="default" verify-client="NOT_REQUESTED" />
>> <host name="default-host" alias="localhost">
>> <!--<location name="/" handler="welcome-content" />-->
>> <!--<location name="/docs" handler="docs-content" />-->
>> <access-log directory="${karaf.data}/log" pattern="common" prefix="access_log." suffix="log" rotate="true" />
>> <filter-ref name="server-header" />
>> <filter-ref name="x-powered-by-header" />
>> </host>
>> </server>
>> <servlet-container name="default">
>> <jsp-config />
>> <websockets />
>> <welcome-files>
>> <welcome-file name="index.html" />
>> <welcome-file name="index.txt" />
>> </welcome-files>
>> </servlet-container>
>> <handlers>
>> <file name="welcome-content" path="${karaf.home}/welcome" />
>> <!--<file name="docs-content" path="${karaf.home}/docs" />-->
>> </handlers>
>> <filters>
>> <!-- filters for reference from /host/filter-ref and /host/location/filter-ref -->
>> <response-header name="server-header" header-name="Server" header-value="Pax-HTTP-Undertow" />
>> <response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Pax-HTTP-Undertow/7.2.16" />
>> </filters>
>> </subsystem>
>>
>> <!-- https://docs.jboss.org/author/display/WFLY/Security+Realms -->
>> <!--
>> we'll use "default" security realm by default to configure jaas/properties authentication
>> (io.undertow.security.idm.IdentityManager):
>> - w:jaas - org.ops4j.pax.web.service.undertow.internal.security.JaasIdentityManager
>> - w:properties - org.ops4j.pax.web.service.undertow.internal.security.PropertiesIdentityManager
>> -->
>> <security-realm name="default">
>> <w:server-identities>
>> <w:ssl>
>> <!-- sun.security.ssl.ProtocolVersion -->
>> <!-- sun.security.ssl.CipherSuite -->
>> <!-- openssl ciphers 'ALL:eNULL' | sed -e 's/:/\n/g' | sort -->
>> <w:engine
>> enabled-cipher-suites="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
>> enabled-protocols="TLSv1 TLSv1.1 TLSv1.2" />
>> <w:keystore path="${karaf.etc}/keystore.p12" provider="PKCS12" alias="server"
>> keystore-password="password" key-password="password"
>> generate-self-signed-certificate-host="localhost" />
>> </w:ssl>
>> </w:server-identities>
>> <w:authentication>
>> <!-- JaasIdentityManager for given realm -->
>> <w:jaas name="karaf" />
>> <!-- OR PropertiesIdentityManager (mutually exclusive with <w:jaas>) -->
>> <!--<w:properties path="users.properties" />-->
>> <w:truststore path="${karaf.etc}/truststore.jks" provider="JKS" keystore-password="password" />
>> </w:authentication>
>> <user-principal-class-name>org.apache.karaf.jaas.boot.principal.UserPrincipal</user-principal-class-name>
>> <role-principal-class-name>org.apache.karaf.jaas.boot.principal.RolePrincipal</role-principal-class-name>
>> <!--<role-principal-class-name>...</role-principal-class-name>-->
>> </security-realm>
>>
>> <!-- Interface lists IP addresses to bind to -->
>> <interface name="default">
>> <w:inet-address value="0.0.0.0" />
>> <!--<w:inet-address value="127.0.0.1" />-->
>> </interface>
>>
>> <!-- Socket Binding adds port for each IP from referenced Interface -->
>> <socket-binding name="http" interface="default" port="${org.osgi.service.http.port}" />
>> <socket-binding name="https" interface="default" port="${org.osgi.service.http.port.secure}" />
>>
>> </undertow>
>>
>> The log shows
>>
>> 2020-08-14T19:12:59,801 | INFO | paxweb-config-1-thread-1 | ServerControllerImpl | 64 - org.ops4j.pax.web.pax-web-undertow - 7.2.14 | Using "file:/E:/apache-karaf/apache-karaf-4.3.0.RC1/etc/undertow.xml" to configure Undertow
>> 2020-08-14T19:13:00,018 | INFO | activator-1-thread-2 | BouncyCastleSecurityProviderRegistrar | 39 - org.apache.sshd.core - 1.7.0 | getOrCreateProvider(BC) created instance of org.bouncycastle.jce.provider.BouncyCastleProvider
>> 2020-08-14T19:13:00,050 | INFO | paxweb-config-1-thread-1 | ServerControllerImpl | 64 - org.ops4j.pax.web.pax-web-undertow - 7.2.14 | Starting undertow http listener on 0.0.0.0:8181
>> 2020-08-14T19:13:00,052 | INFO | paxweb-config-1-thread-1 | ServerControllerImpl | 64 - org.ops4j.pax.web.pax-web-undertow - 7.2.14 | Starting undertow https listener on 0.0.0.0:8443
>> 2020-08-14T19:13:00,093 | INFO | activator-1-thread-2 | CommandExtension | 36 - org.apache.karaf.shell.core - 4.3.0.RC1 | Registering commands for bundle org.apache.karaf.features.command/4.3.0.RC1
>> 2020-08-14T19:13:00,244 | INFO | activator-1-thread-2 | Activator | 20 - org.apache.karaf.deployer.features - 4.3.0.RC1 | Deployment finished. Registering FeatureDeploymentListener
>> 2020-08-14T19:13:00,310 | INFO | activator-1-thread-3 | CommandExtension | 36 - org.apache.karaf.shell.core - 4.3.0.RC1 | Registering commands for bundle org.apache.karaf.kar.core/4.3.0.RC1
>> 2020-08-14T19:13:00,320 | INFO | activator-1-thread-2 | FeaturesPlugin | 73 - org.apache.karaf.webconsole.features - 4.3.0.RC1 | Features plugin deactivated
>> 2020-08-14T19:13:00,333 | INFO | activator-1-thread-2 | FeaturesPlugin | 73 - org.apache.karaf.webconsole.features - 4.3.0.RC1 | Features plugin activated
>> 2020-08-14T19:13:00,813 | INFO | activator-1-thread-2 | CommandExtension | 36 - org.apache.karaf.shell.core - 4.3.0.RC1 | Registering commands for bundle org.apache.karaf.shell.ssh/4.3.0.RC1
>> 2020-08-14T19:13:01,295 | INFO | paxweb-config-1-thread-1 | ServerControllerImpl | 64 - org.ops4j.pax.web.pax-web-undertow - 7.2.14 | Using in-memory session persistence
>> 2020-08-14T19:13:01,344 | INFO | paxweb-config-1-thread-1 | HttpServiceFactoryImpl | 62 - org.ops4j.pax.web.pax-web-runtime - 7.2.14 | Binding bundle: [org.apache.karaf.webconsole.console [72]] to http service
Re: Bind services to HTTPS port with undertow
Posted by Gerald Kallas <ca...@mailbox.org>.
I found a solution. I replaced the engine tag
<w:engine enabled-cipher-suites="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
enabled-protocols="TLSv1 TLSv1.1 TLSv1.2" />
with
<w:engine
enabled-cipher-suites="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"
enabled-protocols="TLSv1 TLSv1.1 TLSv1.2" />
Seems that the standard configuration of the undertow.xml is outdated.
Best
Gerald
> Gerald Kallas <ca...@mailbox.org> hat am 14.08.2020 19:20 geschrieben:
>
>
> Dear all,
>
> I did setup a vanilla Karaf 4.3.0RC1 and executed the following commands
>
> feature:install pax-http-undertow
> feature:install webconsole
>
> How can I bind the webconsole (and later camel servlets) to the HTTPS port?
>
> Many thanks in advance.
>
> My undertow.xml looks like
>
> <?xml version="1.0" encoding="UTF-8"?>
> <!--
> Licensed under the Apache License, Version 2.0 (the "License");
> you may not use this file except in compliance with the License.
> You may obtain a copy of the License at
>
> http://www.apache.org/licenses/LICENSE-2.0
>
> Unless required by applicable law or agreed to in writing, software
> distributed under the License is distributed on an "AS IS" BASIS,
> WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
> implied.
>
> See the License for the specific language governing permissions and
> limitations under the License.
> -->
> <undertow xmlns="urn:org.ops4j.pax.web:undertow:1.0"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:w="urn:jboss:domain:5.0"
> xmlns:io="urn:jboss:domain:io:3.0"
> xsi:schemaLocation="
> urn:jboss:domain:io:3.0 http://www.jboss.org/schema/jbossas/wildfly-io_3_0.xsd
> urn:jboss:domain:undertow:4.0 http://www.jboss.org/schema/jbossas/wildfly-undertow_4_0.xsd
> urn:jboss:domain:5.0 http://www.jboss.org/schema/jbossas/wildfly-config_5_0.xsd">
>
> <!--
> Only "default" worker and buffer-pool are supported and can be used to override the default values
> used by all listeners
>
> buffer-pool:
> - buffer-size defaults to:
> - when < 64MB of Xmx: 512
> - when < 128MB of Xmx: 1024
> - when >= 128MB of Xmx: 16K - 20
> - direct-buffers defaults to:
> - when < 64MB of Xmx: false
> - when >= 64MB of Xmx: true
>
> worker:
> - io-threads defaults to Math.max(Runtime.getRuntime().availableProcessors(), 2);
> - task-core-threads and task-max-threads default to io-threads * 8
> -->
> <!--
> <subsystem xmlns="urn:jboss:domain:io:3.0">
> <buffer-pool name="default" buffer-size="16364" direct-buffers="true" />
> <worker name="default" io-threads="8" task-core-threads="64" task-max-threads="64" />
> </subsystem>
> -->
>
> <!-- https://docs.jboss.org/author/display/WFLY/Undertow+subsystem+configuration -->
> <subsystem xmlns="urn:jboss:domain:undertow:4.0">
> <!-- org.wildfly.extension.undertow.BufferCacheDefinition -->
> <buffer-cache name="default" buffer-size="1024" buffers-per-region="1024" max-regions="10" />
> <server name="default-server">
> <!-- HTTP(S) Listener references Socket Binding (and indirectly - Interfaces) -->
> <http-listener name="http" socket-binding="http" />
> <!-- verify-client: org.xnio.SslClientAuthMode.NOT_REQUESTED, org.xnio.SslClientAuthMode.REQUESTED, org.xnio.SslClientAuthMode.REQUIRED -->
> <https-listener name="https" socket-binding="https"
> security-realm="default" verify-client="NOT_REQUESTED" />
> <host name="default-host" alias="localhost">
> <!--<location name="/" handler="welcome-content" />-->
> <!--<location name="/docs" handler="docs-content" />-->
> <access-log directory="${karaf.data}/log" pattern="common" prefix="access_log." suffix="log" rotate="true" />
> <filter-ref name="server-header" />
> <filter-ref name="x-powered-by-header" />
> </host>
> </server>
> <servlet-container name="default">
> <jsp-config />
> <websockets />
> <welcome-files>
> <welcome-file name="index.html" />
> <welcome-file name="index.txt" />
> </welcome-files>
> </servlet-container>
> <handlers>
> <file name="welcome-content" path="${karaf.home}/welcome" />
> <!--<file name="docs-content" path="${karaf.home}/docs" />-->
> </handlers>
> <filters>
> <!-- filters for reference from /host/filter-ref and /host/location/filter-ref -->
> <response-header name="server-header" header-name="Server" header-value="Pax-HTTP-Undertow" />
> <response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Pax-HTTP-Undertow/7.2.16" />
> </filters>
> </subsystem>
>
> <!-- https://docs.jboss.org/author/display/WFLY/Security+Realms -->
> <!--
> we'll use "default" security realm by default to configure jaas/properties authentication
> (io.undertow.security.idm.IdentityManager):
> - w:jaas - org.ops4j.pax.web.service.undertow.internal.security.JaasIdentityManager
> - w:properties - org.ops4j.pax.web.service.undertow.internal.security.PropertiesIdentityManager
> -->
> <security-realm name="default">
> <w:server-identities>
> <w:ssl>
> <!-- sun.security.ssl.ProtocolVersion -->
> <!-- sun.security.ssl.CipherSuite -->
> <!-- openssl ciphers 'ALL:eNULL' | sed -e 's/:/\n/g' | sort -->
> <w:engine
> enabled-cipher-suites="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
> enabled-protocols="TLSv1 TLSv1.1 TLSv1.2" />
> <w:keystore path="${karaf.etc}/keystore.p12" provider="PKCS12" alias="server"
> keystore-password="password" key-password="password"
> generate-self-signed-certificate-host="localhost" />
> </w:ssl>
> </w:server-identities>
> <w:authentication>
> <!-- JaasIdentityManager for given realm -->
> <w:jaas name="karaf" />
> <!-- OR PropertiesIdentityManager (mutually exclusive with <w:jaas>) -->
> <!--<w:properties path="users.properties" />-->
> <w:truststore path="${karaf.etc}/truststore.jks" provider="JKS" keystore-password="password" />
> </w:authentication>
> <user-principal-class-name>org.apache.karaf.jaas.boot.principal.UserPrincipal</user-principal-class-name>
> <role-principal-class-name>org.apache.karaf.jaas.boot.principal.RolePrincipal</role-principal-class-name>
> <!--<role-principal-class-name>...</role-principal-class-name>-->
> </security-realm>
>
> <!-- Interface lists IP addresses to bind to -->
> <interface name="default">
> <w:inet-address value="0.0.0.0" />
> <!--<w:inet-address value="127.0.0.1" />-->
> </interface>
>
> <!-- Socket Binding adds port for each IP from referenced Interface -->
> <socket-binding name="http" interface="default" port="${org.osgi.service.http.port}" />
> <socket-binding name="https" interface="default" port="${org.osgi.service.http.port.secure}" />
>
> </undertow>
>
> The log shows
>
> 2020-08-14T19:12:59,801 | INFO | paxweb-config-1-thread-1 | ServerControllerImpl | 64 - org.ops4j.pax.web.pax-web-undertow - 7.2.14 | Using "file:/E:/apache-karaf/apache-karaf-4.3.0.RC1/etc/undertow.xml" to configure Undertow
> 2020-08-14T19:13:00,018 | INFO | activator-1-thread-2 | BouncyCastleSecurityProviderRegistrar | 39 - org.apache.sshd.core - 1.7.0 | getOrCreateProvider(BC) created instance of org.bouncycastle.jce.provider.BouncyCastleProvider
> 2020-08-14T19:13:00,050 | INFO | paxweb-config-1-thread-1 | ServerControllerImpl | 64 - org.ops4j.pax.web.pax-web-undertow - 7.2.14 | Starting undertow http listener on 0.0.0.0:8181
> 2020-08-14T19:13:00,052 | INFO | paxweb-config-1-thread-1 | ServerControllerImpl | 64 - org.ops4j.pax.web.pax-web-undertow - 7.2.14 | Starting undertow https listener on 0.0.0.0:8443
> 2020-08-14T19:13:00,093 | INFO | activator-1-thread-2 | CommandExtension | 36 - org.apache.karaf.shell.core - 4.3.0.RC1 | Registering commands for bundle org.apache.karaf.features.command/4.3.0.RC1
> 2020-08-14T19:13:00,244 | INFO | activator-1-thread-2 | Activator | 20 - org.apache.karaf.deployer.features - 4.3.0.RC1 | Deployment finished. Registering FeatureDeploymentListener
> 2020-08-14T19:13:00,310 | INFO | activator-1-thread-3 | CommandExtension | 36 - org.apache.karaf.shell.core - 4.3.0.RC1 | Registering commands for bundle org.apache.karaf.kar.core/4.3.0.RC1
> 2020-08-14T19:13:00,320 | INFO | activator-1-thread-2 | FeaturesPlugin | 73 - org.apache.karaf.webconsole.features - 4.3.0.RC1 | Features plugin deactivated
> 2020-08-14T19:13:00,333 | INFO | activator-1-thread-2 | FeaturesPlugin | 73 - org.apache.karaf.webconsole.features - 4.3.0.RC1 | Features plugin activated
> 2020-08-14T19:13:00,813 | INFO | activator-1-thread-2 | CommandExtension | 36 - org.apache.karaf.shell.core - 4.3.0.RC1 | Registering commands for bundle org.apache.karaf.shell.ssh/4.3.0.RC1
> 2020-08-14T19:13:01,295 | INFO | paxweb-config-1-thread-1 | ServerControllerImpl | 64 - org.ops4j.pax.web.pax-web-undertow - 7.2.14 | Using in-memory session persistence
> 2020-08-14T19:13:01,344 | INFO | paxweb-config-1-thread-1 | HttpServiceFactoryImpl | 62 - org.ops4j.pax.web.pax-web-runtime - 7.2.14 | Binding bundle: [org.apache.karaf.webconsole.console [72]] to http service