incubator-clerezza-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reto Bachmann-Gmuer <reto.bachm...@trialox.org>
Subject Re: notes for setting up Clerezza with SSL
Date Thu, 12 Aug 2010 11:55:15 GMT
Thanks Henry for summarizing this!

Additionally to what you describe I also had to create the following file:

[root@retobg reto]# cat /etc/xinetd.d/ssl
service https
{
 disable = no
 flags = REUSE
 socket_type = stream
 protocol = tcp
 user = root
 wait = no
 port = 443
 redirect = 127.0.0.1 8443
 log_type = FILE /tmp/xinetdssl.log
}

and restart xinetd with:
$ /etc/init.d/xinetd restart

What I do for running clerezza in the background is using screen (
http://de.wikipedia.org/wiki/GNU_Screen), is the following

$ ssh myserver
$ screen
SCREEN_PROMT$ java -jar ....

disconnect by closing terminal windows or turning off local machine


$ ssh myserver
$ screen -d -r

... and I'm back to my running instance

It would of course be nice to have a clerezza-launch script, but for this we
should have options to start in non-interactive mode.

Cheers,
reto
On Wed, Aug 11, 2010 at 9:28 PM, Henry Story <henry.story@gmail.com> wrote:

> Here is what I did to get https://bblfish.net:8443/ going. I just thought
> I might as well write it down
> here before going on.
>
> Note that to get keygen working I need to publish the keygen module on the
> main maven repository. I should do that in the next day or so.
>
> 0. Compile Clerezza
> ===================
>
> $ svn co
> http://svn.apache.org/repos/asf/incubator/clerezza/trunk/org.apache.clerezza.parent
> $ export MAVEN_OPTS=-Xmx524m
> $ mvn compile install
>
> tips:
>
> if it breaks half way say while compiling org.apache.clerezza.platform.mail
> $ mvn -rf org.apache.clerezza.platform.mail install -o
> -Dmaven.test.skip=true
>
> (remove -o if all dependencies have not yet been downloaded)
>
> 1. Get a free certificate from StartSSL
> =======================================
>
>  - general overview of how to do this
>    http://www.h-online.com/security/features/In-practice-906870.html
>
>  - more detailed java specific way
>    http://forum.startcom.org/viewtopic.php?t=1390
>
> Warning
> -------
>
> note, everything works as explained on the starcom forum but watch out for
> the following: you need to import the reply to your certificate request
> under the same alias as the alias that contains the private key.
>
> So after creating a key with alias 'server' and importing the root and
> intermediary CA certificate I have
>
> $ keytool -keystore keystore -list
> Enter keystore password:
>
> Keystore type: JKS
> Keystore provider: SUN
>
> Your keystore contains 3 entries
>
> startcom.ca.sub, Aug 11, 2010, trustedCertEntry,
> Certificate fingerprint (MD5):
> 30:B0:5A:F7:B2:F4:BE:0C:28:67:15:EA:CC:5B:24:20
> startcom.ca, Aug 11, 2010, trustedCertEntry,
> Certificate fingerprint (MD5):
> 22:4D:8F:8A:FC:F7:35:C2:BB:57:34:90:7B:8B:22:16
> server, Aug 11, 2010, PrivateKeyEntry,
> Certificate fingerprint (MD5):
> 18:2F:3F:D7:E2:8E:0C:65:46:67:37:21:0A:53:C6:EE
>
> $ # I then import the reply under the same alias!!!
>
> $ keytool -keystore keystore -import -alias server -file ssl.crt
> Enter keystore password:
> Certificate reply was installed in keystore
>
> 2. Start Clerezza
> =================
>
> After moving the certificate to ~/.keystore I could start clerezza with the
> sesame launcher
>
> $ cd org.apache.clerezza.platform.launcher.sesame/target
> $ java -Xmx248m -XX:MaxPermSize=128M -jar
> org.apache.clerezza.platform.launcher.sesame-0.5-incubating-SNAPSHOT.jar
> --https_keystore_password changeme --https_keystore_clientauth want
> --https_keystore_type JKS --https_port 8443
>
> Note that clerezza now has a command line -help arguments
>
> At that point you will then need to go to
> https://bblfish.net:8443/dashboard
> to login as admin/admin, change password, and set the default url for the
> server to be https://bblfish.net:8443/
>
>
> Question
> ========
>
> How do I start Clerezza in the background, so it can continue running when
> I am disconnected from my server?
> I tried using nohup, but that did not seem to work.
>
> Henry
>
>
> Social Web Architect
> http://bblfish.net/
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message