Cant seem to enable SSL - more documentation needed?

Question

Cant seem to enable SSL - more documentation needed?

kane81 opened this issue 8 months ago · 8 comments

Hi,
I am trying to enable SSL and have the following config

{:dev true
 :port nil
 :ssl? true
 :ssl-port 443
 :keystore "...keystore/mykeys.jks"
 :key-password "xxx"
 :http2? true
 :nrepl-port 7000
}

It starts up, but nothing starts on port 443 and trying to connect on that port I dont get anything either.

I am thinking maybe I need to set one of these settings here in the docs, but I have no idea how to set them / cant find any examples....

:truststore - if separate from the keystore
:trust-password - if :truststore passed
:ssl-context - a valid javax.net.ssl.SSLContext
:key-managers - a valid javax.net.ssl.KeyManager []
:trust-managers - a valid javax.net.ssl.TrustManager []

how do you create an SSLContext or KeyManager?

It would be really good if you can specify what minumum is required to enable SSL.
Some examples in the docs or test cases would really be helpful.

Thank you

Answer 1 · 2024-04-10T14:11:30.000Z

There are docs for configuring SSL here actually https://luminusweb.com/docs/deployment.html#setting_up_ssl

also, check to make sure that the app is able to bind to 443, which tends to be a reserved port by default

Answer 2 · 2024-04-11T00:24:08.000Z

Thank you, but that link doesn't refer to ring-undertow-adapter - the closest it refers to is the immutant library....
I tried a different port, but it still doesnt start up

Answer 3 · 2024-04-11T01:02:46.000Z

Immutant was an older wrapper for undertow that's no longer maintained, but SSL options should work mostly the same. The part of the code that assembles SSL can be seen here https://github.com/luminus-framework/ring-undertow-adapter/blob/master/src/ring/adapter/undertow.clj#L96

I'll take a look at trying this locally when I get a chance, I typically just front ngnix for SSL in my setups, so I haven't looked at this code for a while. It's possible there's a bug here.

Answer 4 · 2024-04-11T01:14:21.000Z

Thank you @yogthos, I'm very new at clojure trying to adapt an existing application to use HTTPS.
Trying to read that was hard ... but it seems like I, need ssl-context key-managers trust-managers for https to start?
Maybe I just need an ssl-context... not sure how I set that...

again I havent seen an example how to set

:key-managers - a valid javax.net.ssl.KeyManager []
:trust-managers - a valid javax.net.ssl.TrustManager []

I dont think I can just put into configuration
:trust-managers "javax.net.ssl.TrustManager []"

I dont see init of trust manager or key manager in this link https://luminusweb.com/docs/deployment.html#setting_up_ssl

I would prefer to enable SSL in the application over running a reverse proxy ngnix... we are on a windows box and it seems you need to configure external firewalls to do something too....

Answer 5 · 2024-04-11T01:19:30.000Z

I think you might have to do something similar to this to instantiate these https://stackoverflow.com/questions/27906682/enabling-https-in-undertow

Answer 6 · 2024-04-11T02:26:42.000Z

@yogthos
FYI I found this which is in clojure :)...but I couldn't quite get it to work and have commented on the code asking the author for help.....
https://gist.github.com/mikeananev/76346532933bd9ff108ccbb04a89b849

Answer 7 · 2024-04-11T04:42:44.000Z

Discovered the problem was passing configuration parameters to the server.
Although I didnt use it - there was a really good example of getting an SSLContext in clojure here
https://gist.github.com/mikeananev/76346532933bd9ff108ccbb04a89b849

Answer 8 · 2024-04-11T14:25:56.000Z

Ah ok, I'll take a look at updating the docs on the site to reflect this. Glad to hear you got it working.