Hello In theory (I can't check now), you have to:
1. comment out <http-listener name="http" socket-binding="http" /> 2. ensure that org.ops4j.pax.web PID has org.osgi.service.http.enabled = false (so pax-web-undertow won't try to recreate the non-secure listener if it's not available in etc/undertow.xml) regards Grzegorz Grzybek pt., 7 sie 2020 o 10:52 Gerald Kallas <[email protected]> napisał(a): > Thanks, Grzegorz for the explanation. > > At the moment I'd be happy to use HTTPS (on 8443) only for all web related > services (web console, servlets) w/ undertow and disable HTTP (on 8181). > Could this be reached with the setup I have? > > Thanks > - Gerald > > > Grzegorz Grzybek <[email protected]> hat am 07.08.2020 10:47 > geschrieben: > > > > > > Hello > > > > Unfortunately it is not possible to use the internal (managed by Pax > Web) servlet runtime selectively - by specifying which listener (or more > generally - virtual host) should be used for the servlets created and > registered by Camel into HttpService (Pax Web) runtime. > > > > pax-web-jetty has partial (legacy, non-standard from the point of view > of OSGi CMPN specification) support for virtual hosts where a > Whiteboard-registered servlet (or filter, or other "web element") may > specify a comma-separated list of virtual host/connector names. But that's > only for Jetty. > > > > I'm still working on refactoring Pax Web 8 and I plan to have unified > "experience" for dealing with separate connectors/virtual hosts across > Jetty/Tomcat/Undertow runtimes, but it'll come only in Pax Web 8. > > > > regards > > Grzegorz Grzybek > > > > > > pt., 7 sie 2020 o 10:34 Gerald Kallas <[email protected]> napisał(a): > > > Dear all, > > > > > > following the guidance in the ticket > > > > > > https://issues.apache.org/jira/browse/KARAF-6772 > > > > > > I was setting up a vanilla Karaf 4.2.9 with the following features > > > > > > feature:repo-add camel 3.4.2 > > > feature:install pax-http-undertow > > > feature:install camel camel-servlet webconsole > > > > > > I wonder how I can bind the webconsole and the servlet consumer in the > camel routes to the HTTPS port. My undertow.xml see below. I tried to > change the org.ops4j.pax.web.cfg but with no success. > > > > > > Any hints are appreciated. > > > > > > Thanks > > > - Gerald > > > > > > > > > <?xml version="1.0" encoding="UTF-8"?> > > > <!-- > > > Licensed under the Apache License, Version 2.0 (the "License"); > > > you may not use this file except in compliance with the License. > > > You may obtain a copy of the License at > > > > > > http://www.apache.org/licenses/LICENSE-2.0 > > > > > > Unless required by applicable law or agreed to in writing, software > > > distributed under the License is distributed on an "AS IS" BASIS, > > > WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or > > > implied. > > > > > > See the License for the specific language governing permissions and > > > limitations under the License. > > > --> > > > <undertow xmlns="urn:org.ops4j.pax.web:undertow:1.0" > > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > > > xmlns:w="urn:jboss:domain:5.0" > > > xmlns:io="urn:jboss:domain:io:3.0" > > > xsi:schemaLocation=" > > > urn:jboss:domain:io:3.0 > http://www.jboss.org/schema/jbossas/wildfly-io_3_0.xsd > > > urn:jboss:domain:undertow:4.0 > http://www.jboss.org/schema/jbossas/wildfly-undertow_4_0.xsd > > > urn:jboss:domain:5.0 > http://www.jboss.org/schema/jbossas/wildfly-config_5_0.xsd";> > > > > > > <!-- > > > Only "default" worker and buffer-pool are supported and can be used > to override the default values > > > used by all listeners > > > > > > buffer-pool: > > > - buffer-size defaults to: > > > - when < 64MB of Xmx: 512 > > > - when < 128MB of Xmx: 1024 > > > - when >= 128MB of Xmx: 16K - 20 > > > - direct-buffers defaults to: > > > - when < 64MB of Xmx: false > > > - when >= 64MB of Xmx: true > > > > > > worker: > > > - io-threads defaults to > Math.max(Runtime.getRuntime().availableProcessors(), 2); > > > - task-core-threads and task-max-threads default to io-threads * 8 > > > --> > > > <!-- > > > <subsystem xmlns="urn:jboss:domain:io:3.0"> > > > <buffer-pool name="default" buffer-size="16364" direct-buffers="true" > /> > > > <worker name="default" io-threads="8" task-core-threads="64" > task-max-threads="64" /> > > > </subsystem> > > > --> > > > > > > <!-- > https://docs.jboss.org/author/display/WFLY/Undertow+subsystem+configuration > --> > > > <subsystem xmlns="urn:jboss:domain:undertow:4.0"> > > > <!-- org.wildfly.extension.undertow.BufferCacheDefinition --> > > > <buffer-cache name="default" buffer-size="1024" > buffers-per-region="1024" max-regions="10" /> > > > <server name="default-server"> > > > <!-- HTTP(S) Listener references Socket Binding (and indirectly - > Interfaces) --> > > > <http-listener name="http" socket-binding="http" /> > > > <!-- verify-client: org.xnio.SslClientAuthMode.NOT_REQUESTED, > org.xnio.SslClientAuthMode.REQUESTED, org.xnio.SslClientAuthMode.REQUIRED > --> > > > <https-listener name="https" socket-binding="https" > > > security-realm="https" verify-client="NOT_REQUESTED" /> > > > <host name="default-host" alias="localhost"> > > > <!--<location name="/" handler="welcome-content" />--> > > > <!--<location name="/docs" handler="docs-content" />--> > > > <access-log directory="${karaf.data}/log" pattern="common" > prefix="access_log." suffix="log" rotate="true" /> > > > <filter-ref name="server-header" /> > > > <filter-ref name="x-powered-by-header" /> > > > </host> > > > </server> > > > <servlet-container name="default"> > > > <jsp-config /> > > > <websockets /> > > > <welcome-files> > > > <welcome-file name="index.html" /> > > > <welcome-file name="index.txt" /> > > > </welcome-files> > > > </servlet-container> > > > <handlers> > > > <file name="welcome-content" path="${karaf.home}/welcome" /> > > > <!--<file name="docs-content" path="${karaf.home}/docs" />--> > > > </handlers> > > > <filters> > > > <!-- filters for reference from /host/filter-ref and > /host/location/filter-ref --> > > > <response-header name="server-header" header-name="Server" > header-value="Pax-HTTP-Undertow" /> > > > <response-header name="x-powered-by-header" > header-name="X-Powered-By" header-value="Pax-HTTP-Undertow/7.2.16" /> > > > </filters> > > > </subsystem> > > > > > > <!-- https://docs.jboss.org/author/display/WFLY/Security+Realms --> > > > <!-- > > > we'll use "default" security realm by default to configure > jaas/properties authentication > > > (io.undertow.security.idm.IdentityManager): > > > - w:jaas - > org.ops4j.pax.web.service.undertow.internal.security.JaasIdentityManager > > > - w:properties - > org.ops4j.pax.web.service.undertow.internal.security.PropertiesIdentityManager > > > --> > > > <security-realm name="default"> > > > <w:authentication> > > > <!-- JaasIdentityManager for given realm --> > > > <w:jaas name="karaf" /> > > > <!-- OR PropertiesIdentityManager (mutually exclusive with <w:jaas>) > --> > > > <!--<w:properties path="users.properties" />--> > > > </w:authentication> > > > > <user-principal-class-name>org.apache.karaf.jaas.boot.principal.UserPrincipal</user-principal-class-name> > > > > <role-principal-class-name>org.apache.karaf.jaas.boot.principal.RolePrincipal</role-principal-class-name> > > > <!--<role-principal-class-name>...</role-principal-class-name>--> > > > </security-realm> > > > <!-- > > > Any security realm may be referenced by https-listener to define > trust/keystore, protocols and cipher suites > > > --> > > > <security-realm name="https"> > > > <w:server-identities> > > > <w:ssl> > > > <!-- sun.security.ssl.ProtocolVersion --> > > > <!-- sun.security.ssl.CipherSuite --> > > > <!-- openssl ciphers 'ALL:eNULL' | sed -e 's/:/\n/g' | sort --> > > > <w:engine > > > enabled-cipher-suites="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" > > > enabled-protocols="TLSv1 TLSv1.1 TLSv1.2" /> > > > <w:keystore path="${karaf.etc}/server.p12" provider="PKCS12" > alias="server" > > > keystore-password="password" key-password="password" > > > generate-self-signed-certificate-host="localhost" /> > > > </w:ssl> > > > </w:server-identities> > > > <w:authentication> > > > <w:jaas name="karaf" /> > > > <w:truststore path="${karaf.etc}/truststore.jks" provider="JKS" > keystore-password="password" /> > > > </w:authentication> > > > > <user-principal-class-name>org.apache.karaf.jaas.boot.principal.UserPrincipal</user-principal-class-name> > > > > <role-principal-class-name>org.apache.karaf.jaas.boot.principal.RolePrincipal</role-principal-class-name> > > > </security-realm> > > > > > > <!-- Interface lists IP addresses to bind to --> > > > <interface name="default"> > > > <w:inet-address value="0.0.0.0" /> > > > <!--<w:inet-address value="127.0.0.1" />--> > > > </interface> > > > <interface name="secure"> > > > <w:inet-address value="127.0.0.1" /> > > > </interface> > > > > > > <!-- Socket Binding adds port for each IP from referenced Interface > --> > > > <socket-binding name="http" interface="default" > port="${org.osgi.service.http.port}" /> > > > <socket-binding name="https" interface="secure" > port="${org.osgi.service.http.port.secure}" /> > > > > > > </undertow> >
