From: Peter W. M. <pmo...@no...> - 2011-02-23 18:47:04
|
On Tue, 2011-02-22 at 17:19 +0100, Per Andersson wrote: > Hi! > > On Tue, Feb 22, 2011 at 4:53 PM, Peter W. Morreale <pmo...@no...> wrote: > > I'm attempting to enable ssl on an embedded yaws server. > > > > Can someone share an sconf record that enables ssl for an embedded yaws > > server? (assuming that is possible) > > This should be no different from an ordinary #sconf{}. I use the following > with embedded yaws in production > > #sconf{listen = {0, 0, 0, 0}, > port = 8000, > servername = servername_here, > docroot = "priv/docroot", > appmods = [{"/", handler_app_here}], > ssl = #ssl{depth = 0, > cacertfile = "priv/ssl/cacert.pem", > certfile = "priv/ssl/cert.pem", > keyfile = "priv/ssl/key.pem"} > } > > > -- > Per Thanks Per. I still seem to have something wrong as I get the following crash upon accessing the website: =CRASH REPORT==== 23-Feb-2011::11:37:04 === crasher: initial call: yaws_server:acceptor0/2 pid: <0.82.0> registered_name: [] exception exit: {noproc, {gen_server,call, [ssl_connection_sup, {start_child, [server,"localhost",8001,#Port<0.1207>, {{ssl_options,[],verify_none, {#Fun<ssl.1.66525248>,[]}, false,false,undefined,0, "priv/ssl/cert.pem",undefined, "priv/ssl/key.pem",undefined, "<omitted>",undefined,[],undefined, undefined, [<<0,57>>, <<0,56>>, <<0,53>>, <<0,22>>, <<0,19>>, <<0,10>>, <<0,51>>, <<0,50>>, <<0,47>>, <<0,5>>, <<0,4>>, <<0,21>>, <<0,9>>], #Fun<ssl.0.5561466>,true, 18446744073709551900,false,[]}, {socket_options,binary,http,0,0,false}}, <0.82.0>, {gen_tcp,tcp,tcp_closed,tcp_error}]}, infinity]}} in function gen_server:call/3 I generated the self-signed cert with: % openssl req -new -x509 -days 3650 -keyout key.pem -out cert.pem -newkey rsa:2048 -subj "/CN=hermosa.morreale.net" and configured my embedded yaws server as: GC = yaws_config:make_default_gconf(false, "example"), SC = #sconf{ port = 8001, servername = "localhost", listen = {0, 0, 0, 0}, docroot = "/tmp", ssl = #ssl{depth=0, certfile = "priv/ssl/cert.pem", keyfile = "priv/ssl/key.pem", password = "<omitted>"}, appmods = [{"/", yaws_security_filterchain}] }, Not familar (yet ;) with reading crash messages, but it appears that I blew out attempting to start the ssl application, is that right? Please note that I am new to Erlang/OTP/yaws so I'm probably missing something simple. Please be gentle. ;-) Does the above look right? THanks for any and all pointers. Best, -PWM |