External IP
-
@phildunlap So this means that if I login with SSH and run this command:
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass changei -validity 365 -keysize 1024
than I can give the answer to the question from that help? -
That command will create the keystore file, yes. Had some weird formatting though, so I edited your post. You may want to use a different storepass than "changei" (or omit that argument to have it ask for that, first)
-
Hi @sky_watcher
Just for your information, browsers will not recognise a self signed certificate. your browser will give a warning saying the certificate is not trusted. Not the end of the world if the server is just for yourself. If you want the green lock on the URL you'll need to purchase a certificate from a registered CA.
-
The other option is to use let's encrypt's certbot certificate authority. Install that on mango and validate with the dns option. @phildunlap is there not a way to import a signed cert into the Java SSL script that you are talking about?
Am also happy to show how to reverse proxy with Apache 2 for those who are interested...
-
@phildunlap I executed that command and I made changes to env.properties file. But after reboot I couldn't connect to the web, so I restored back the env.properties file and now is working.
Those errors I got when I couldn't connect to the web:
And this one was in the ma.log file:
-
is there not a way to import a signed cert into the Java SSL script that you are talking about?
There is! Here's my little note scratches about how to do that... Step 0 is submit a CSR and get a certificate bundle back.
1. openssl pkcs12 -export -certfile server.ca-bundle -inkey server.key -in server.crt -name NAME -out keystore.p12 -passout pass:morethan6c 1a. cd to your jdk/bin folder 2. sudo ./keytool -importkeystore -destkeystore /path/to/keystore.jks -srckeystore keystore.p12 -srcstoretype PKCS12 -alias NAME -srcstorepass morethan6c 3. Enter destination keystore password: morethan6c Now you have a keystore.jks file, 4. copy this into your Mango/overrides/properties directory. 5. Edit your Mango/overrides/properties/env.properties file such that... ssl.on=true ssl.port=443 ssl.keystore.location=/path/to/Mango/overrides/properties/keystore.jks ssl.keystore.password=morethan6characters 5a. Add the APLN script into the ext-enabled folder 6. Restart Mango 7. Success!
-
Gent and a scholar, thanks!
-
Can you share your web.port and ssl.port from your env.properties? Have you tried clearing your browser cache?
The warning you shared suggests there isn't a
jetty-alpn-agent.jar
in the Mango/boot directory perhaps. Enabling ALPN takes advantage of HTTP/2 but you may need to move the enable-alph extension script from your Mango/bin/ext-available to Mango/bin/ext-enabled/ to get the benefits. SSL is required to be enabled, as well. -
@phildunlap web port is 8888 and ssl port is 8443.
Yes, I've cleared the cash.
-
@phildunlap I moved enable-alph extension script to ext-enable folder, and also I made the SSL settings like before but I get the same errors and I couldn't navigate to the web page.