Turning OFF https?

2007-08-15
2013-04-22
  • Charles Roth
    Charles Roth
    2007-08-15

    Is it possible to turn OFF Webhuddle's use of https?  And just do straight http?

    That may seem like a dumb question, given that one of the features of Webhuddle is its use of https... but there's actually a good reason behind it.  We run our own apps on ~60 JBoss instances across several servers, and they all run on their sets of ports, which then are VirtualHosted through Apache.  So we let *Apache* do the https (where required), but apache expects to talk pure http (via ProxyVia and ProxyPass) to the Jboss apps.

    (This is in keeping with the unix philosophy of "let each tool do the thing it is best at, and then chain them all together", but it has other practical advantages as well.)

     
    • John McCaughey
      John McCaughey
      2007-08-16

      This happens to be something I implemented recently.  It will be in the next version (0.9.0) but if you can't wait you can grab the source from CVS and build it yourself.  This page tells how to get the source:

      http://sourceforge.net/cvs/?group_id=114433

      For compiling instructions, see:

      docs/README-BUILD.txt

      Please post here if you hit any snags

       
    • Charles Roth
      Charles Roth
      2007-08-16

      Wonderful!  I'll give it a try.

       
    • Charles Roth
      Charles Roth
      2007-10-11

      I'm trying out the current source, checked-out from CVS.

      Two very minor notes:

      1. When building more than once, an "ant clean" must be done in between the builds, otherwise the 2nd build dies.

      2. The ejbdoclet target fails under just a plain "ant" build (i.e. "ant" with no arguments):
      ejbdoclet:
          [mkdir] Created dir: /home/wh2/webhuddle/build/gen-src
          [mkdir] Created dir: /home/wh2/webhuddle/build/ejb-meta/META-INF
      [ejbdoclet] java.lang.ClassNotFoundException: org.jboss.logging.XLevel
      [ejbdoclet]     at java.net.URLClassLoader$1.run(URLClassLoader.java:200)

      Sounds like a CLASSPATH setting issue (didn't see any info in the docs, unless I missed it somehow).

       
      • John McCaughey
        John McCaughey
        2007-10-12

        Thanks for the post!  I just altered the ant build script so the build completes even if you have not run 'clean' since the previous build.

        Regarding the class not found stack trace, I have no idea what this is but have been getting it for months.  The task doesn't actually fail so you can ignore it.

         
    • Charles Roth
      Charles Roth
      2007-10-14

      Thanks for the pointers.  I was able to build successfully from CVS, and after copying webhuddle.properties.sample to $HOME (*not* to the bin directory), and editing it to set
            webhuddle.property.ssl.required=false

      then it ran with http just fine.  That in turn let me run it on whatever port I want (e.g. 8080), and reroute it through an Apache virtualhost on port 80, like this:

      <VirtualHost 111.222.333.444 >
      ServerName webhuddle.myserver.com

        ProxyVia          on
        ProxyPreserveHost on
        ProxyPass        / http://127.0.0.1:8080/
        ProxyPassReverse / http://127.0.0.1:8080/

      </VirtualHost>

      That way I don't have to worry about other folks' firewalls, use port 80, and still do all the other normal webserver stuff on my box.

       
      • John McCaughey
        John McCaughey
        2007-10-15

        Thanks for sharing the details of your setup!  Remember, running without ssl means the data is sent over the network in the clear. 

        I wonder if you would be able to use ssl/https with a similar reverse proxy setup.  I guess the ssl cert would have ot live on the proxy box.

        Also, where ever the webhuddle.properties file is, it won't be discovered if it isn't in the working directory (or classpath?) of your jboss/java process.  Did you first try it in jboss/bin and have it not work?  Are you using an rc.d script to start WebHuddle on boot? 

        Anyway, thanks for sharing the information -- it's very helpful!

         
    • Charles Roth
      Charles Roth
      2007-10-15

      Some directions (don't remember which file) suggested putting it in JBoss' bin, but I saw in the JBoss log that it didn't find the properties file.  So I tried $HOME, which worked.  I suspect, as you suggest above, that, based on the way I started webhuddle/JBoss, it saw $HOME as the working directory.  Which is fine.

      Re: SSL, yes -- in fact we run many of our apps thru SSL, but let Apache do that for us.  So an SSL-ized version of the virtualhost file above would look something like:

      <VirtualHost 111.222.333.444:443 >
         ServerName webhuddle.myhost.com
         SSLCertificateFile      conf/ssl.crt/webhuddle.myhost.com.crt
         SSLCertificateKeyFile   conf/ssl.key/webhuddle.myhost.com.key
         SSLEngine on

         ProxyVia          on
         ProxyPass        / http://127.0.0.1:8080/
         ProxyPassReverse / http://127.0.0.1:8080/
         SSLProxyEngine    on
      </VirtualHost>

      In this case, we run the Apache "proxy" on the same box (note 127.0.0.1), but in theory we could run it on another box entirely.   I've just found that this approach gives us 'way more flexibility.

       
    • Charles Roth
      Charles Roth
      2007-10-15

      (I haven't actually tried the above with webhuddle -- yet -- but this approach works fine with our other apps.)

       
      • John McCaughey
        John McCaughey
        2007-10-16

        cool -- thanks for sharing the details!