A couple of extra points...
On 12 Aug 2010, at 13:55, Reto Bachmann-Gmuer wrote:
> Thanks Henry for summarizing this!
>
> Additionally to what you describe I also had to create the following file:
>
> [r...@retobg reto]# cat /etc/xinetd.d/ssl
> service https
> {
> disable = no
> flags = REUSE
> socket_type = stream
> protocol = tcp
> user = root
> wait = no
> port = 443
> redirect = 127.0.0.1 8443
> log_type = FILE /tmp/xinetdssl.log
> }
>
> and restart xinetd with:
> $ /etc/init.d/xinetd restart
>
> What I do for running clerezza in the background is using screen (
> http://de.wikipedia.org/wiki/GNU_Screen), is the following
>
> $ ssh myserver
> $ screen
> SCREEN_PROMT$ java -jar ....
>
> disconnect by closing terminal windows or turning off local machine
>
>
> $ ssh myserver
> $ screen -d -r
>
> ... and I'm back to my running instance
>
> It would of course be nice to have a clerezza-launch script, but for this we
> should have options to start in non-interactive mode.
>
> Cheers,
> reto
> On Wed, Aug 11, 2010 at 9:28 PM, Henry Story <[email protected]> wrote:
>
>> Here is what I did to get https://bblfish.net:8443/ going. I just thought
>> I might as well write it down
>> here before going on.
>>
>> Note that to get keygen working I need to publish the keygen module on the
>> main maven repository. I should do that in the next day or so.
>>
>> 0. Compile Clerezza
>> ===================
>>
>> $ svn co
>> http://svn.apache.org/repos/asf/incubator/clerezza/trunk/org.apache.clerezza.parent
>> $ export MAVEN_OPTS=-Xmx524m
>> $ mvn compile install
>>
>> tips:
>>
>> if it breaks half way say while compiling org.apache.clerezza.platform.mail
>> $ mvn -rf org.apache.clerezza.platform.mail install -o
>> -Dmaven.test.skip=true
>>
>> (remove -o if all dependencies have not yet been downloaded)
>>
>> 1. Get a free certificate from StartSSL
>> =======================================
>>
>> - general overview of how to do this
>> http://www.h-online.com/security/features/In-practice-906870.html
>>
>> - more detailed java specific way
>> http://forum.startcom.org/viewtopic.php?t=1390
>>
>> Warning
>> -------
>>
>> note, everything works as explained on the starcom forum but watch out for
>> the following: you need to import the reply to your certificate request
>> under the same alias as the alias that contains the private key.
>>
>> So after creating a key with alias 'server' and importing the root and
>> intermediary CA certificate I have
>>
>> $ keytool -keystore keystore -list
>> Enter keystore password:
>>
>> Keystore type: JKS
>> Keystore provider: SUN
>>
>> Your keystore contains 3 entries
>>
>> startcom.ca.sub, Aug 11, 2010, trustedCertEntry,
>> Certificate fingerprint (MD5):
>> 30:B0:5A:F7:B2:F4:BE:0C:28:67:15:EA:CC:5B:24:20
>> startcom.ca, Aug 11, 2010, trustedCertEntry,
>> Certificate fingerprint (MD5):
>> 22:4D:8F:8A:FC:F7:35:C2:BB:57:34:90:7B:8B:22:16
>> server, Aug 11, 2010, PrivateKeyEntry,
>> Certificate fingerprint (MD5):
>> 18:2F:3F:D7:E2:8E:0C:65:46:67:37:21:0A:53:C6:EE
>>
>> $ # I then import the reply under the same alias!!!
>>
>> $ keytool -keystore keystore -import -alias server -file ssl.crt
>> Enter keystore password:
>> Certificate reply was installed in keystore
>>
>> 2. Start Clerezza
>> =================
>>
>> After moving the certificate to ~/.keystore I could start clerezza with the
>> sesame launcher
Before doing this it is probably good to replace the cacerts file that comes
with unix jdks
with ones that come with desktop JDKs such as OSX, as those tend to have a lot
more CAs in them,
especially for example ones such as startssl .
>>
>> $ cd org.apache.clerezza.platform.launcher.sesame/target
>> $ java -Xmx248m -XX:MaxPermSize=128M -jar
>> org.apache.clerezza.platform.launcher.sesame-0.5-incubating-SNAPSHOT.jar
>> --https_keystore_password changeme --https_keystore_clientauth want
>> --https_keystore_type JKS --https_port 8443
>>
>> Note that clerezza now has a command line -help arguments
>>
>> At that point you will then need to go to
>> https://bblfish.net:8443/dashboard
>> to login as admin/admin, change password, and set the default url for the
>> server to be https://bblfish.net:8443/
[[TEMPORARY
currently I also need to
install mvn:org.jsslutils.keygen/keygenapp-base/0.3.2-SNAPSHOT
start it
then reload the Clerezza - Platform Account Control Panel Core
(0.2.0.incubating-SNAPSHOT)
As soon as org.jssutils.keygen is realease to maven central (Friday hopefully)
then this should no longer
be needed.
]]
1. login as admin/admin
2. Change password to something else
3. change the default base URI in Administration->Configuration
https://bblfish.net:8443/admin/configuration#
4. The one can go create a certificate for the user in Administration/Account
Control Panel/Profile
>>
>>
>> Question
>> ========
>>
>> How do I start Clerezza in the background, so it can continue running when
>> I am disconnected from my server?
>> I tried using nohup, but that did not seem to work.
>>
>> Henry
>>
>>
>> Social Web Architect
>> http://bblfish.net/
>>
>>
