Hello czw., 3 wrz 2020 o 09:10 Gerald Kallas <catsh...@mailbox.org> napisał(a):
> Thanks Grzegorz. > > Yes, I did found the same in between and changed the undertow.xml. Finally > it works and undertow pax web seems a bit more flexible than jetty. Would > it be a further part of Pax Web 8 and Karaf as well? > Pax Web 8 will have many improvements (for pax-web-undertow, io.undertow.Undertow one-size-fits-all class won't be used - I explicitly create/configure listeners/connectors/buffers almost exactly like Wildfly does it) and the emphasis is on making the experience similar when using Jetty, Undertow and Tomcat. regards Grzegorz > > Best > - Gerald > > > Grzegorz Grzybek <gr.grzy...@gmail.com> hat am 03.09.2020 08:29 > geschrieben: > > > > > > Hello > > > > Sorry for late response (holidays!), but I tried your example with tiny > > (not relevant) details. > > > > I used Karaf 4.2.9, but Camel 2.23.2. So I used > > "org.apache.camel.component.servlet.osgi.OsgiServletRegisterer" instead > of > > "org.apache.camel.component.osgi.OsgiServletRegisterer", but no more > > changes to blueprint.xml or etc/org.ops4j.pax.web.cfg. > > > > However, I had ONE problem with TLS connection: > > > > $ curl -k -v https://localhost:8443/camel/services/hello1 > > * Trying ::1:8443... > > * Connected to localhost (::1) port 8443 (#0) > > * ALPN, offering h2 > > * ALPN, offering http/1.1 > > * successfully set certificate verify locations: > > * CAfile: /etc/pki/tls/certs/ca-bundle.crt > > CApath: none > > * TLSv1.3 (OUT), TLS handshake, Client hello (1): > > * OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:8443 > > * Closing connection 0 > > curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to > > localhost:8443 > > > > I think (and I'll review it at some point in Pax Web itself) it's the > > mismatch between "enabled-protocols" and "enabled-cipher-suites" in > > undertow.xml. Please remove: > > > > enabled-cipher-suites="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 > > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" > > > > and it should work (note that change to undertow.xml WON'T automatically > > restart relevant bundles). > > > > $ curl -k -v https://localhost:8443/camel/services/hello1 > > * Trying ::1:8443... > > * Connected to localhost (::1) port 8443 (#0) > > * ALPN, offering h2 > > * ALPN, offering http/1.1 > > * successfully set certificate verify locations: > > * CAfile: /etc/pki/tls/certs/ca-bundle.crt > > CApath: none > > * TLSv1.3 (OUT), TLS handshake, Client hello (1): > > * TLSv1.3 (IN), TLS handshake, Server hello (2): > > * TLSv1.2 (IN), TLS handshake, Certificate (11): > > * TLSv1.2 (IN), TLS handshake, Server key exchange (12): > > * TLSv1.2 (IN), TLS handshake, Server finished (14): > > * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): > > * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): > > * TLSv1.2 (OUT), TLS handshake, Finished (20): > > * TLSv1.2 (IN), TLS handshake, Finished (20): > > * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 > > * ALPN, server did not agree to a protocol > > * Server certificate: > > * subject: C=PL; ST=Dolny Śląsk; L=Wrocław; O=Red Hat; CN=localhost; > > emailAddress=ggrzy...@redhat.com > > * start date: Aug 17 11:14:46 2017 GMT > > * expire date: Aug 17 11:14:46 2027 GMT > > * issuer: C=PL; ST=Dolny Śląsk; L=Wrocław; O=Red Hat; CN=everfree-ca; > > emailAddress=ggrzy...@redhat.com > > * SSL certificate verify result: unable to get local issuer certificate > > (20), continuing anyway. > > > GET /camel/services/hello1 HTTP/1.1 > > > Host: localhost:8443 > > > User-Agent: curl/7.69.1 > > > Accept: */* > > > > > * Mark bundle as not supporting multiuse > > < HTTP/1.1 200 OK > > < Accept: */* > > < Connection: keep-alive > > < X-Powered-By: Pax-HTTP-Undertow/7.2.16 > > < breadcrumbId: ID-everfree-forest-1599112295273-1-1 > > < Server: Pax-HTTP-Undertow > > < Transfer-Encoding: chunked > > < User-Agent: curl/7.69.1 > > < Date: Thu, 03 Sep 2020 05:59:31 GMT > > < > > * Connection #0 to host localhost left intact > > Hello 1 > > > > kind regards > > Grzegorz Grzybek > > > > pt., 7 sie 2020 o 11:53 Gerald Kallas <catsh...@mailbox.org> napisał(a): > > > > > Hi, > > > > > > I tried this out but it doesnt work properly. (keystore and truststore > are > > > the same as with jetty setuo, they're valid). > > > > > > See below my configuration and the log. The HTTPS listener starts but > > > neither the webconsole nor the servlet does work. > > > > > > On client side I'm getting > > > > > > Error: Client network socket disconnected before secure TLS connection > was > > > established > > > > > > > > > undertow.xml > > > > > > <?xml version="1.0" encoding="UTF-8"?> > > > <!-- > > > Licensed under the Apache License, Version 2.0 (the "License"); > > > you may not use this file except in compliance with the License. > > > You may obtain a copy of the License at > > > > > > http://www.apache.org/licenses/LICENSE-2.0 > > > > > > Unless required by applicable law or agreed to in writing, software > > > distributed under the License is distributed on an "AS IS" BASIS, > > > WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or > > > implied. > > > > > > See the License for the specific language governing permissions and > > > limitations under the License. > > > --> > > > <undertow xmlns="urn:org.ops4j.pax.web:undertow:1.0" > > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > > > xmlns:w="urn:jboss:domain:5.0" > > > xmlns:io="urn:jboss:domain:io:3.0" > > > xsi:schemaLocation=" > > > urn:jboss:domain:io:3.0 > > > http://www.jboss.org/schema/jbossas/wildfly-io_3_0.xsd > > > urn:jboss:domain:undertow:4.0 > > > http://www.jboss.org/schema/jbossas/wildfly-undertow_4_0.xsd > > > urn:jboss:domain:5.0 > > > http://www.jboss.org/schema/jbossas/wildfly-config_5_0.xsd";> > > > > > > <!-- > > > Only "default" worker and buffer-pool are supported and can be > > > used to override the default values > > > used by all listeners > > > > > > buffer-pool: > > > - buffer-size defaults to: > > > - when < 64MB of Xmx: 512 > > > - when < 128MB of Xmx: 1024 > > > - when >= 128MB of Xmx: 16K - 20 > > > - direct-buffers defaults to: > > > - when < 64MB of Xmx: false > > > - when >= 64MB of Xmx: true > > > > > > worker: > > > - io-threads defaults to > > > Math.max(Runtime.getRuntime().availableProcessors(), 2); > > > - task-core-threads and task-max-threads default to > io-threads * 8 > > > --> > > > <!-- > > > <subsystem xmlns="urn:jboss:domain:io:3.0"> > > > <buffer-pool name="default" buffer-size="16364" > > > direct-buffers="true" /> > > > <worker name="default" io-threads="8" task-core-threads="64" > > > task-max-threads="64" /> > > > </subsystem> > > > --> > > > > > > <!-- > > > > https://docs.jboss.org/author/display/WFLY/Undertow+subsystem+configuration > > > --> > > > <subsystem xmlns="urn:jboss:domain:undertow:4.0"> > > > <!-- org.wildfly.extension.undertow.BufferCacheDefinition --> > > > <buffer-cache name="default" buffer-size="1024" > > > buffers-per-region="1024" max-regions="10" /> > > > <server name="default-server"> > > > <!-- HTTP(S) Listener references Socket Binding (and > > > indirectly - Interfaces) --> > > > <!-- verify-client: > org.xnio.SslClientAuthMode.NOT_REQUESTED, > > > org.xnio.SslClientAuthMode.REQUESTED, > org.xnio.SslClientAuthMode.REQUIRED > > > --> > > > <https-listener name="https" socket-binding="https" > > > security-realm="https" > verify-client="NOT_REQUESTED" /> > > > <host name="default-host" alias="localhost"> > > > <!--<location name="/" handler="welcome-content" />--> > > > <!--<location name="/docs" handler="docs-content" />--> > > > <access-log directory="${karaf.data}/log" > pattern="common" > > > prefix="access_log." suffix="log" rotate="true" /> > > > <filter-ref name="server-header" /> > > > <filter-ref name="x-powered-by-header" /> > > > </host> > > > </server> > > > <servlet-container name="default"> > > > <jsp-config /> > > > <websockets /> > > > <welcome-files> > > > <welcome-file name="index.html" /> > > > <welcome-file name="index.txt" /> > > > </welcome-files> > > > </servlet-container> > > > <handlers> > > > <file name="welcome-content" path="${karaf.home}/welcome" > /> > > > <!--<file name="docs-content" path="${karaf.home}/docs" > />--> > > > </handlers> > > > <filters> > > > <!-- filters for reference from /host/filter-ref and > > > /host/location/filter-ref --> > > > <response-header name="server-header" header-name="Server" > > > header-value="Pax-HTTP-Undertow" /> > > > <response-header name="x-powered-by-header" > > > header-name="X-Powered-By" header-value="Pax-HTTP-Undertow/7.2.16" /> > > > </filters> > > > </subsystem> > > > > > > <!-- https://docs.jboss.org/author/display/WFLY/Security+Realms > --> > > > <!-- > > > we'll use "default" security realm by default to configure > > > jaas/properties authentication > > > (io.undertow.security.idm.IdentityManager): > > > - w:jaas - > > > > org.ops4j.pax.web.service.undertow.internal.security.JaasIdentityManager > > > - w:properties - > > > > org.ops4j.pax.web.service.undertow.internal.security.PropertiesIdentityManager > > > --> > > > <security-realm name="default"> > > > <w:authentication> > > > <!-- JaasIdentityManager for given realm --> > > > <w:jaas name="karaf" /> > > > <!-- OR PropertiesIdentityManager (mutually exclusive with > > > <w:jaas>) --> > > > <!--<w:properties path="users.properties" />--> > > > </w:authentication> > > > > > > > <user-principal-class-name>org.apache.karaf.jaas.boot.principal.UserPrincipal</user-principal-class-name> > > > > > > > <role-principal-class-name>org.apache.karaf.jaas.boot.principal.RolePrincipal</role-principal-class-name> > > > > <!--<role-principal-class-name>...</role-principal-class-name>--> > > > </security-realm> > > > <!-- > > > Any security realm may be referenced by https-listener to > define > > > trust/keystore, protocols and cipher suites > > > --> > > > <security-realm name="https"> > > > <w:server-identities> > > > <w:ssl> > > > <!-- sun.security.ssl.ProtocolVersion --> > > > <!-- sun.security.ssl.CipherSuite --> > > > <!-- openssl ciphers 'ALL:eNULL' | sed -e 's/:/\n/g' | > > > sort --> > > > <w:engine > > > > > > enabled-cipher-suites="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 > > > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" > > > enabled-protocols="TLSv1 TLSv1.1 TLSv1.2" /> > > > <w:keystore path="${karaf.etc}/server.p12" > > > provider="PKCS12" alias="server" > > > keystore-password="password" > > > key-password="password" > > > > generate-self-signed-certificate-host="localhost" > > > /> > > > </w:ssl> > > > </w:server-identities> > > > <w:authentication> > > > <w:jaas name="karaf" /> > > > <w:truststore path="${karaf.etc}/truststore.jks" > > > provider="JKS" keystore-password="password" /> > > > </w:authentication> > > > > > > > <user-principal-class-name>org.apache.karaf.jaas.boot.principal.UserPrincipal</user-principal-class-name> > > > > > > > <role-principal-class-name>org.apache.karaf.jaas.boot.principal.RolePrincipal</role-principal-class-name> > > > </security-realm> > > > > > > <!-- Interface lists IP addresses to bind to --> > > > <interface name="secure"> > > > <w:inet-address value="0.0.0.0" /> > > > </interface> > > > > > > <!-- Socket Binding adds port for each IP from referenced > Interface --> > > > <socket-binding name="https" interface="secure" > > > port="${org.osgi.service.http.port.secure}" /> > > > > > > </undertow> > > > > > > > > > org.ops4j.pax.web.cfg > > > > > > > > > org.osgi.service.http.enabled=false > > > > > > org.osgi.service.http.secure.enabled=true > > > org.osgi.service.http.port.secure=8443 > > > > > > javax.servlet.context.tempdir=${karaf.data}/pax-web-jsp > > > #org.ops4j.pax.web.config.file=${karaf.etc}/undertow.properties > > > org.ops4j.pax.web.config.file=${karaf.etc}/undertow.xml > > > org.apache.karaf.features.configKey = org.ops4j.pax.web > > > > > > > > > servlet (hello1.xml) > > > > > > <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"; > > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > > > xsi:schemaLocation=" > http://www.osgi.org/xmlns/blueprint/v1.0.0 > > > https://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd";> > > > > > > <reference id="httpService" > > > interface="org.osgi.service.http.HttpService" /> > > > > > > <bean id="camelServlet" > > > class="org.apache.camel.component.servlet.CamelHttpTransportServlet"/> > > > > > > <bean > class="org.apache.camel.component.osgi.OsgiServletRegisterer" > > > init-method="register" > > > destroy-method="unregister"> > > > <property name="servletName" value="httpServlet" /> > > > <property name="alias" value="/camel/services" /> > > > <property name="httpService" ref="httpService" /> > > > <property name="servlet" ref="camelServlet" /> > > > </bean> > > > > > > <bean id="servlet" > > > class="org.apache.camel.component.servlet.ServletComponent" /> > > > > > > <camelContext xmlns="http://camel.apache.org/schema/blueprint > "> > > > <route> > > > <from > > > uri="servlet://hello1?servletName=httpServlet" /> > > > <setBody> > > > <constant>Hello 1</constant> > > > </setBody> > > > </route> > > > </camelContext> > > > > > > </blueprint> > > > > > > > > > log excerpt > > > > > > 2020-08-07T11:47:29,596 | INFO | paxweb-config-1-thread-1 | > > > ServerControllerImpl | 63 - > org.ops4j.pax.web.pax-web-undertow > > > - 7.2.16 | Using > > > "file:/E:/apache-karaf/apache-karaf-4.2.9/etc/undertow.xml" to > configure > > > Undertow > > > 2020-08-07T11:47:29,848 | INFO | paxweb-config-1-thread-1 | > > > ServerControllerImpl | 63 - > org.ops4j.pax.web.pax-web-undertow > > > - 7.2.16 | Starting undertow https listener on 0.0.0.0:8443 > > > 2020-08-07T11:47:29,985 | INFO | FelixStartLevel | > > > BlueprintContainerImpl | 69 - > org.apache.aries.blueprint.core - > > > 1.10.2 | Blueprint bundle hello1.xml/0.0.0 is waiting for dependencies > > > [(objectClass=org.osgi.service.http.HttpService)] > > > 2020-08-07T11:47:29,987 | INFO | activator-1-thread-2 | > > > BouncyCastleSecurityProviderRegistrar | 38 - org.apache.sshd.core - > 1.7.0 | > > > getOrCreateProvider(BC) created instance of > > > org.bouncycastle.jce.provider.BouncyCastleProvider > > > 2020-08-07T11:47:30,286 | INFO | activator-1-thread-2 | > CommandExtension > > > | 34 - org.apache.karaf.shell.core - 4.2.9 | Registering > > > commands for bundle org.apache.karaf.features.command/4.2.9 > > > 2020-08-07T11:47:30,446 | INFO | activator-1-thread-3 | > CommandExtension > > > | 34 - org.apache.karaf.shell.core - 4.2.9 | Registering > > > commands for bundle org.apache.karaf.kar.core/4.2.9 > > > 2020-08-07T11:47:30,487 | INFO | activator-1-thread-2 | Activator > > > | 18 - org.apache.karaf.deployer.features - 4.2.9 | > > > Deployment finished. Registering FeatureDeploymentListener > > > 2020-08-07T11:47:30,543 | INFO | activator-1-thread-2 | FeaturesPlugin > > > | 140 - org.apache.karaf.webconsole.features - 4.2.9 | > > > Features plugin deactivated > > > 2020-08-07T11:47:30,544 | INFO | activator-1-thread-2 | FeaturesPlugin > > > | 140 - org.apache.karaf.webconsole.features - 4.2.9 | > > > Features plugin activated > > > 2020-08-07T11:47:30,839 | INFO | paxweb-config-1-thread-1 | > > > ServerControllerImpl | 63 - > org.ops4j.pax.web.pax-web-undertow > > > - 7.2.16 | Using in-memory session persistence > > > 2020-08-07T11:47:30,864 | INFO | paxweb-config-1-thread-1 | > > > HttpServiceFactoryImpl | 61 - > org.ops4j.pax.web.pax-web-runtime - > > > 7.2.16 | Binding bundle: [org.apache.karaf.webconsole.console [139]] to > > > http service > > > 2020-08-07T11:47:31,000 | INFO | paxweb-config-1-thread-1 | Context > > > | 63 - org.ops4j.pax.web.pax-web-undertow - 7.2.16 > | > > > registering context DefaultHttpContext > > > [bundle=org.apache.karaf.webconsole.console [139], contextID=custom], > with > > > context path: / > > > 2020-08-07T11:47:31,011 | INFO | paxweb-config-1-thread-1 | Context > > > | 63 - org.ops4j.pax.web.pax-web-undertow - 7.2.16 > | > > > Starting context / > > > 2020-08-07T11:47:31,013 | WARN | paxweb-config-1-thread-1 | > PathMatcher > > > | 63 - org.ops4j.pax.web.pax-web-undertow - 7.2.16 > | > > > Overwriting existing default context > > > io.undertow.server.handlers.PathHandler@382344b0 with a new one > > > org.ops4j.pax.web.service.undertow.internal.Context@8c1553c > > > 2020-08-07T11:47:31,034 | INFO | paxweb-config-1-thread-1 | Context > > > | 63 - org.ops4j.pax.web.pax-web-undertow - 7.2.16 > | > > > Adding implicit "default" servlet > > > 2020-08-07T11:47:31,047 | INFO | paxweb-config-1-thread-1 | > > > ServletContainerInitializerScanner | 60 - > org.ops4j.pax.web.pax-web-api - > > > 7.2.16 | will add io.undertow.servlet.sse.ServerSentEventSCI to > > > ServletContainerInitializers > > > 2020-08-07T11:47:31,048 | WARN | paxweb-config-1-thread-1 | > > > ServletContainerInitializerScanner | 60 - > org.ops4j.pax.web.pax-web-api - > > > 7.2.16 | failed to parse and instantiate of > > > javax.servlet.ServletContainerInitializer in classpath > > > 2020-08-07T11:47:31,070 | INFO | paxweb-config-1-thread-1 | Context > > > | 63 - org.ops4j.pax.web.pax-web-undertow - 7.2.16 > | > > > Creating undertow servlet deployment for context path /... > > > 2020-08-07T11:47:31,224 | INFO | paxweb-config-1-thread-1 | Context > > > | 63 - org.ops4j.pax.web.pax-web-undertow - 7.2.16 > | > > > Creating undertow servlet deployment for context path / - done > > > 2020-08-07T11:47:31,225 | INFO | paxweb-config-1-thread-1 | Context > > > | 63 - org.ops4j.pax.web.pax-web-undertow - 7.2.16 > | > > > Registering io.undertow.servlet.spec.ServletContextImpl@e72855b as > OSGi > > > service... > > > 2020-08-07T11:47:31,236 | INFO | paxweb-config-1-thread-1 | Context > > > | 63 - org.ops4j.pax.web.pax-web-undertow - 7.2.16 > | > > > Registering io.undertow.servlet.spec.ServletContextImpl@e72855b as > OSGi > > > service - done > > > 2020-08-07T11:47:31,237 | INFO | paxweb-config-1-thread-1 | Context > > > | 63 - org.ops4j.pax.web.pax-web-undertow - 7.2.16 > | > > > Starting Undertow web application for context path / > > > 2020-08-07T11:47:31,271 | INFO | paxweb-config-1-thread-1 | > > > HttpServiceFactoryImpl | 61 - > org.ops4j.pax.web.pax-web-runtime - > > > 7.2.16 | Binding bundle: [org.apache.karaf.http.core [126]] to http > service > > > 2020-08-07T11:47:31,272 | INFO | paxweb-config-1-thread-1 | Activator > > > | 61 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | > > > Starting server controller > > > org.ops4j.pax.web.service.undertow.internal.ServerControllerImpl > > > 2020-08-07T11:47:31,332 | INFO | activator-1-thread-2 | > CommandExtension > > > | 34 - org.apache.karaf.shell.core - 4.2.9 | Registering > > > commands for bundle org.apache.karaf.http.core/4.2.9 > > > 2020-08-07T11:47:31,436 | INFO | activator-1-thread-2 | HttpPlugin > > > | 142 - org.apache.karaf.webconsole.http - 4.2.9 | Http > > > plugin activated > > > 2020-08-07T11:47:31,487 | INFO | Blueprint Extender: 1 | > LRUCacheFactory > > > | 108 - org.apache.camel.camel-support - 3.4.2 | > Detected > > > and using LRUCacheFactory: camel-caffeine-lrucache > > > 2020-08-07T11:47:31,489 | INFO | CM Configuration Updater > > > (ManagedServiceFactory Update: factoryPid=[org.ops4j.pax.web.context]) > | > > > HttpContextProcessing | 61 - > org.ops4j.pax.web.pax-web-runtime - > > > 7.2.16 | Updated configuration for > > > pid=org.ops4j.pax.web.context.dff8c6e5-f690-4ac6-9268-d87fc0dce06d > > > 2020-08-07T11:47:31,538 | INFO | paxweb-context-2-thread-1 | > > > HttpContextProcessing | 61 - > org.ops4j.pax.web.pax-web-runtime - > > > 7.2.16 | Found bundle "hello1.xml", scheduling customization of its > > > WebContainer > > > 2020-08-07T11:47:31,539 | INFO | paxweb-context-2-thread-1 | > > > HttpContextProcessing | 61 - > org.ops4j.pax.web.pax-web-runtime - > > > 7.2.16 | Customizing WebContainer for bundle hello1.xml/0.0.0 > > > 2020-08-07T11:47:31,539 | INFO | paxweb-context-2-thread-1 | > > > HttpServiceFactoryImpl | 61 - > org.ops4j.pax.web.pax-web-runtime - > > > 7.2.16 | Binding bundle: [hello1.xml [134]] to http service > > > 2020-08-07T11:47:31,542 | INFO | paxweb-context-2-thread-1 | > > > HttpContextProcessing | 61 - > org.ops4j.pax.web.pax-web-runtime - > > > 7.2.16 | Registering login configuration in WebContainer for bundle > > > "hello1.xml": method=BASIC, realm=karaf > > > 2020-08-07T11:47:31,545 | INFO | paxweb-context-2-thread-1 | > > > HttpContextProcessing | 61 - > org.ops4j.pax.web.pax-web-runtime - > > > 7.2.16 | Registering security mappings in WebContainer for bundle > > > "hello1.xml": SecurityConstraintsMapping{name='constraint.1', > > > url='/camel/services/*', roles=[admin]} > > > 2020-08-07T11:47:31,550 | INFO | paxweb-context-2-thread-1 | Context > > > | 63 - org.ops4j.pax.web.pax-web-undertow - 7.2.16 > | > > > registering context DefaultHttpContext [bundle=hello1.xml [134], > > > contextID=default], with context path: / > > > 2020-08-07T11:47:31,555 | INFO | paxweb-context-2-thread-1 | Context > > > | 63 - org.ops4j.pax.web.pax-web-undertow - 7.2.16 > | > > > Starting context / > > > 2020-08-07T11:47:31,610 | WARN | paxweb-context-2-thread-1 | > PathMatcher > > > | 63 - org.ops4j.pax.web.pax-web-undertow - 7.2.16 > | > > > Overwriting existing default context > > > org.ops4j.pax.web.service.undertow.internal.Context@8c1553c with a new > > > one org.ops4j.pax.web.service.undertow.internal.Context@681b959c > > > 2020-08-07T11:47:31,616 | INFO | paxweb-context-2-thread-1 | Context > > > | 63 - org.ops4j.pax.web.pax-web-undertow - 7.2.16 > | > > > Adding implicit "default" servlet > > > 2020-08-07T11:47:31,624 | INFO | paxweb-context-2-thread-1 | > > > ServletContainerInitializerScanner | 60 - > org.ops4j.pax.web.pax-web-api - > > > 7.2.16 | will add io.undertow.servlet.sse.ServerSentEventSCI to > > > ServletContainerInitializers > > > 2020-08-07T11:47:31,686 | INFO | paxweb-context-2-thread-1 | > > > ServletContainerInitializerScanner | 60 - > org.ops4j.pax.web.pax-web-api - > > > 7.2.16 | added ServletContainerInitializer: > > > io.undertow.servlet.sse.ServerSentEventSCI > > > 2020-08-07T11:47:31,697 | INFO | paxweb-context-2-thread-1 | Context > > > | 63 - org.ops4j.pax.web.pax-web-undertow - 7.2.16 > | > > > Creating undertow servlet deployment for context path /... > > > 2020-08-07T11:47:31,716 | INFO | paxweb-context-2-thread-1 | Context > > > | 63 - org.ops4j.pax.web.pax-web-undertow - 7.2.16 > | > > > Creating undertow servlet deployment for context path / - done > > > 2020-08-07T11:47:31,717 | INFO | paxweb-context-2-thread-1 | Context > > > | 63 - org.ops4j.pax.web.pax-web-undertow - 7.2.16 > | > > > Registering io.undertow.servlet.spec.ServletContextImpl@757d3a20 as > OSGi > > > service... > > > 2020-08-07T11:47:31,728 | INFO | paxweb-context-2-thread-1 | Context > > > | 63 - org.ops4j.pax.web.pax-web-undertow - 7.2.16 > | > > > Registering io.undertow.servlet.spec.ServletContextImpl@757d3a20 as > OSGi > > > service - done > > > 2020-08-07T11:47:31,729 | INFO | paxweb-context-2-thread-1 | Context > > > | 63 - org.ops4j.pax.web.pax-web-undertow - 7.2.16 > | > > > Starting Undertow web application for context path / > > > 2020-08-07T11:47:32,115 | INFO | Blueprint Extender: 1 | > > > BlueprintContainerImpl | 69 - > org.apache.aries.blueprint.core - > > > 1.10.2 | Blueprint bundle hello1.xml/0.0.0 has been started > > > 2020-08-07T11:47:32,118 | INFO | Blueprint Event Dispatcher: 1 | > > > BlueprintCamelContext | 119 - > > > org.apache.camel.karaf.camel-blueprint - 3.4.2 | Attempting to start > > > CamelContext: camel-1 > > > 2020-08-07T11:47:32,165 | INFO | Blueprint Event Dispatcher: 1 | > > > JmxManagementStrategy | 98 - > org.apache.camel.camel-management - > > > 3.4.2 | JMX is enabled > > > 2020-08-07T11:47:32,418 | INFO | Blueprint Event Dispatcher: 1 | > > > AbstractCamelContext | 76 - org.apache.camel.camel-base - > 3.4.2 > > > | Apache Camel 3.4.2 (camel-1) is starting > > > 2020-08-07T11:47:33,264 | INFO | Blueprint Event Dispatcher: 1 | > > > AbstractCamelContext | 76 - org.apache.camel.camel-base - > 3.4.2 > > > | StreamCaching is not in use. If using streams then its recommended to > > > enable stream caching. See more details at > > > http://camel.apache.org/stream-caching.html > > > 2020-08-07T11:47:33,265 | INFO | Blueprint Event Dispatcher: 1 | > > > AbstractCamelContext | 76 - org.apache.camel.camel-base - > 3.4.2 > > > | Using HealthCheck: camel-health > > > 2020-08-07T11:47:33,361 | INFO | Blueprint Event Dispatcher: 1 | > > > InternalRouteStartupManager | 76 - org.apache.camel.camel-base - > 3.4.2 > > > | Route: route1 started and consuming from: servlet:/hello1 > > > 2020-08-07T11:47:33,369 | INFO | Blueprint Event Dispatcher: 1 | > > > AbstractCamelContext | 76 - org.apache.camel.camel-base - > 3.4.2 > > > | Total 1 routes, of which 1 are started > > > 2020-08-07T11:47:33,370 | INFO | Blueprint Event Dispatcher: 1 | > > > AbstractCamelContext | 76 - org.apache.camel.camel-base - > 3.4.2 > > > | Apache Camel 3.4.2 (camel-1) started in 0.951 seconds > > > > > > > > > > Grzegorz Grzybek <gr.grzy...@gmail.com> hat am 07.08.2020 11:07 > > > geschrieben: > > > > > > > > > > > > Hello > > > > > > > > In theory (I can't check now), you have to: > > > > > > > > 1. comment out <http-listener name="http" socket-binding="http" /> > > > > 2. ensure that org.ops4j.pax.web PID has > org.osgi.service.http.enabled = > > > false (so pax-web-undertow won't try to recreate the non-secure > listener if > > > it's not available in etc/undertow.xml) > > > > > > > > regards > > > > Grzegorz Grzybek > > > > > > > > > > > > pt., 7 sie 2020 o 10:52 Gerald Kallas <catsh...@mailbox.org> > napisał(a): > > > > > Thanks, Grzegorz for the explanation. > > > > > > > > > > At the moment I'd be happy to use HTTPS (on 8443) only for all web > > > related services (web console, servlets) w/ undertow and disable HTTP > (on > > > 8181). Could this be reached with the setup I have? > > > > > > > > > > Thanks > > > > > - Gerald > > > > > > > > > > > Grzegorz Grzybek <gr.grzy...@gmail.com> hat am 07.08.2020 10:47 > > > geschrieben: > > > > > > > > > > > > > > > > > > Hello > > > > > > > > > > > > Unfortunately it is not possible to use the internal (managed by > Pax > > > Web) servlet runtime selectively - by specifying which listener (or > more > > > generally - virtual host) should be used for the servlets created and > > > registered by Camel into HttpService (Pax Web) runtime. > > > > > > > > > > > > pax-web-jetty has partial (legacy, non-standard from the point of > > > view of OSGi CMPN specification) support for virtual hosts where a > > > Whiteboard-registered servlet (or filter, or other "web element") may > > > specify a comma-separated list of virtual host/connector names. But > that's > > > only for Jetty. > > > > > > > > > > > > I'm still working on refactoring Pax Web 8 and I plan to have > > > unified "experience" for dealing with separate connectors/virtual hosts > > > across Jetty/Tomcat/Undertow runtimes, but it'll come only in Pax Web > 8. > > > > > > > > > > > > regards > > > > > > Grzegorz Grzybek > > > > > > > > > > > > > > > > > > pt., 7 sie 2020 o 10:34 Gerald Kallas <catsh...@mailbox.org> > > > napisał(a): > > > > > > > Dear all, > > > > > > > > > > > > > > following the guidance in the ticket > > > > > > > > > > > > > > https://issues.apache.org/jira/browse/KARAF-6772 > > > > > > > > > > > > > > I was setting up a vanilla Karaf 4.2.9 with the following > features > > > > > > > > > > > > > > feature:repo-add camel 3.4.2 > > > > > > > feature:install pax-http-undertow > > > > > > > feature:install camel camel-servlet webconsole > > > > > > > > > > > > > > I wonder how I can bind the webconsole and the servlet > consumer in > > > the camel routes to the HTTPS port. My undertow.xml see below. I tried > to > > > change the org.ops4j.pax.web.cfg but with no success. > > > > > > > > > > > > > > Any hints are appreciated. > > > > > > > > > > > > > > Thanks > > > > > > > - Gerald > > > > > > > > > > > > > > > > > > > > > <?xml version="1.0" encoding="UTF-8"?> > > > > > > > <!-- > > > > > > > Licensed under the Apache License, Version 2.0 (the "License"); > > > > > > > you may not use this file except in compliance with the > License. > > > > > > > You may obtain a copy of the License at > > > > > > > > > > > > > > http://www.apache.org/licenses/LICENSE-2.0 > > > > > > > > > > > > > > Unless required by applicable law or agreed to in writing, > software > > > > > > > distributed under the License is distributed on an "AS IS" > BASIS, > > > > > > > WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or > > > > > > > implied. > > > > > > > > > > > > > > See the License for the specific language governing > permissions and > > > > > > > limitations under the License. > > > > > > > --> > > > > > > > <undertow xmlns="urn:org.ops4j.pax.web:undertow:1.0" > > > > > > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > > > > > > > xmlns:w="urn:jboss:domain:5.0" > > > > > > > xmlns:io="urn:jboss:domain:io:3.0" > > > > > > > xsi:schemaLocation=" > > > > > > > urn:jboss:domain:io:3.0 > > > http://www.jboss.org/schema/jbossas/wildfly-io_3_0.xsd > > > > > > > urn:jboss:domain:undertow:4.0 > > > http://www.jboss.org/schema/jbossas/wildfly-undertow_4_0.xsd > > > > > > > urn:jboss:domain:5.0 > > > http://www.jboss.org/schema/jbossas/wildfly-config_5_0.xsd";> > > > > > > > > > > > > > > <!-- > > > > > > > Only "default" worker and buffer-pool are supported and can be > > > used to override the default values > > > > > > > used by all listeners > > > > > > > > > > > > > > buffer-pool: > > > > > > > - buffer-size defaults to: > > > > > > > - when < 64MB of Xmx: 512 > > > > > > > - when < 128MB of Xmx: 1024 > > > > > > > - when >= 128MB of Xmx: 16K - 20 > > > > > > > - direct-buffers defaults to: > > > > > > > - when < 64MB of Xmx: false > > > > > > > - when >= 64MB of Xmx: true > > > > > > > > > > > > > > worker: > > > > > > > - io-threads defaults to > > > Math.max(Runtime.getRuntime().availableProcessors(), 2); > > > > > > > - task-core-threads and task-max-threads default to io-threads > * 8 > > > > > > > --> > > > > > > > <!-- > > > > > > > <subsystem xmlns="urn:jboss:domain:io:3.0"> > > > > > > > <buffer-pool name="default" buffer-size="16364" > > > direct-buffers="true" /> > > > > > > > <worker name="default" io-threads="8" task-core-threads="64" > > > task-max-threads="64" /> > > > > > > > </subsystem> > > > > > > > --> > > > > > > > > > > > > > > <!-- > > > > https://docs.jboss.org/author/display/WFLY/Undertow+subsystem+configuration > > > --> > > > > > > > <subsystem xmlns="urn:jboss:domain:undertow:4.0"> > > > > > > > <!-- org.wildfly.extension.undertow.BufferCacheDefinition --> > > > > > > > <buffer-cache name="default" buffer-size="1024" > > > buffers-per-region="1024" max-regions="10" /> > > > > > > > <server name="default-server"> > > > > > > > <!-- HTTP(S) Listener references Socket Binding (and > indirectly - > > > Interfaces) --> > > > > > > > <http-listener name="http" socket-binding="http" /> > > > > > > > <!-- verify-client: org.xnio.SslClientAuthMode.NOT_REQUESTED, > > > org.xnio.SslClientAuthMode.REQUESTED, > org.xnio.SslClientAuthMode.REQUIRED > > > --> > > > > > > > <https-listener name="https" socket-binding="https" > > > > > > > security-realm="https" verify-client="NOT_REQUESTED" /> > > > > > > > <host name="default-host" alias="localhost"> > > > > > > > <!--<location name="/" handler="welcome-content" />--> > > > > > > > <!--<location name="/docs" handler="docs-content" />--> > > > > > > > <access-log directory="${karaf.data}/log" pattern="common" > > > prefix="access_log." suffix="log" rotate="true" /> > > > > > > > <filter-ref name="server-header" /> > > > > > > > <filter-ref name="x-powered-by-header" /> > > > > > > > </host> > > > > > > > </server> > > > > > > > <servlet-container name="default"> > > > > > > > <jsp-config /> > > > > > > > <websockets /> > > > > > > > <welcome-files> > > > > > > > <welcome-file name="index.html" /> > > > > > > > <welcome-file name="index.txt" /> > > > > > > > </welcome-files> > > > > > > > </servlet-container> > > > > > > > <handlers> > > > > > > > <file name="welcome-content" path="${karaf.home}/welcome" /> > > > > > > > <!--<file name="docs-content" path="${karaf.home}/docs" />--> > > > > > > > </handlers> > > > > > > > <filters> > > > > > > > <!-- filters for reference from /host/filter-ref and > > > /host/location/filter-ref --> > > > > > > > <response-header name="server-header" header-name="Server" > > > header-value="Pax-HTTP-Undertow" /> > > > > > > > <response-header name="x-powered-by-header" > > > header-name="X-Powered-By" header-value="Pax-HTTP-Undertow/7.2.16" /> > > > > > > > </filters> > > > > > > > </subsystem> > > > > > > > > > > > > > > <!-- > https://docs.jboss.org/author/display/WFLY/Security+Realms > > > --> > > > > > > > <!-- > > > > > > > we'll use "default" security realm by default to configure > > > jaas/properties authentication > > > > > > > (io.undertow.security.idm.IdentityManager): > > > > > > > - w:jaas - > > > > org.ops4j.pax.web.service.undertow.internal.security.JaasIdentityManager > > > > > > > - w:properties - > > > > org.ops4j.pax.web.service.undertow.internal.security.PropertiesIdentityManager > > > > > > > --> > > > > > > > <security-realm name="default"> > > > > > > > <w:authentication> > > > > > > > <!-- JaasIdentityManager for given realm --> > > > > > > > <w:jaas name="karaf" /> > > > > > > > <!-- OR PropertiesIdentityManager (mutually exclusive with > > > <w:jaas>) --> > > > > > > > <!--<w:properties path="users.properties" />--> > > > > > > > </w:authentication> > > > > > > > > > > > <user-principal-class-name>org.apache.karaf.jaas.boot.principal.UserPrincipal</user-principal-class-name> > > > > > > > > > > > <role-principal-class-name>org.apache.karaf.jaas.boot.principal.RolePrincipal</role-principal-class-name> > > > > > > > > <!--<role-principal-class-name>...</role-principal-class-name>--> > > > > > > > </security-realm> > > > > > > > <!-- > > > > > > > Any security realm may be referenced by https-listener to > define > > > trust/keystore, protocols and cipher suites > > > > > > > --> > > > > > > > <security-realm name="https"> > > > > > > > <w:server-identities> > > > > > > > <w:ssl> > > > > > > > <!-- sun.security.ssl.ProtocolVersion --> > > > > > > > <!-- sun.security.ssl.CipherSuite --> > > > > > > > <!-- openssl ciphers 'ALL:eNULL' | sed -e 's/:/\n/g' | sort --> > > > > > > > <w:engine > > > > > > > enabled-cipher-suites="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 > > > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" > > > > > > > enabled-protocols="TLSv1 TLSv1.1 TLSv1.2" /> > > > > > > > <w:keystore path="${karaf.etc}/server.p12" provider="PKCS12" > > > alias="server" > > > > > > > keystore-password="password" key-password="password" > > > > > > > generate-self-signed-certificate-host="localhost" /> > > > > > > > </w:ssl> > > > > > > > </w:server-identities> > > > > > > > <w:authentication> > > > > > > > <w:jaas name="karaf" /> > > > > > > > <w:truststore path="${karaf.etc}/truststore.jks" provider="JKS" > > > keystore-password="password" /> > > > > > > > </w:authentication> > > > > > > > > > > > <user-principal-class-name>org.apache.karaf.jaas.boot.principal.UserPrincipal</user-principal-class-name> > > > > > > > > > > > <role-principal-class-name>org.apache.karaf.jaas.boot.principal.RolePrincipal</role-principal-class-name> > > > > > > > </security-realm> > > > > > > > > > > > > > > <!-- Interface lists IP addresses to bind to --> > > > > > > > <interface name="default"> > > > > > > > <w:inet-address value="0.0.0.0" /> > > > > > > > <!--<w:inet-address value="127.0.0.1" />--> > > > > > > > </interface> > > > > > > > <interface name="secure"> > > > > > > > <w:inet-address value="127.0.0.1" /> > > > > > > > </interface> > > > > > > > > > > > > > > <!-- Socket Binding adds port for each IP from referenced > > > Interface --> > > > > > > > <socket-binding name="http" interface="default" > > > port="${org.osgi.service.http.port}" /> > > > > > > > <socket-binding name="https" interface="secure" > > > port="${org.osgi.service.http.port.secure}" /> > > > > > > > > > > > > > > </undertow> > > > > >
