Hi John I am running Mifos 2.6.0 in Jetty 7.5.4 on Debian. I'm not attempting to run Apache as well - your problems may relate more to that combination.
I followed instructions at http://docs.codehaus.org/display/JETTY/How+to+configure+SSL In /opt/jetty/etc/jetty.xml <!-- =========================================================== --> <!-- Set connectors--> <!-- =========================================================== --> <!--Call name="addConnector"> <Arg> <New class="org.eclipse.jetty.server.nio.SelectChannelConnector"> <Set name="host"><Property name="jetty.host" /></Set> <Set name="port"><Property name="jetty.port" default="8080"/></Set> <Set name="maxIdleTime">300000</Set> <Set name="Acceptors">2</Set> <Set name="statsOn">false</Set> <Set name="confidentialPort">8443</Set> <Set name="lowResourcesConnections">20000</Set> <Set name="lowResourcesMaxIdleTime">5000</Set> </New> </Arg> </Call--> <Call name="addConnector"> <Arg> <New class="org.eclipse.jetty.server.ssl.SslSocketConnector"> <Set name="Port">8443</Set> <Set name="maxIdleTime">30000</Set> <Set name="keystore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set> <Set name="password">OBF:xxxxx</Set> <Set name="keyPassword">OBF:xxxxxxx</Set> <Set name="truststore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set> <Set name="trustPassword">OBF:xxxxx</Set> </New> </Arg> </Call> jetty-ssl.xml looks like this: <?xml version="1.0"?> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure.dtd";> <!-- =============================================================== --> <!-- Configure SSL for the Jetty Server --> <!-- this configuration file should be used in combination with --> <!-- other configuration files. e.g. --> <!-- java -jar start.jar etc/jetty-ssl.xml --> <!-- --> <!-- alternately, add to the start.ini for easier usage --> <!-- =============================================================== --> <Configure id="Server" class="org.eclipse.jetty.server.Server"> <!-- if NIO is not available, use org.eclipse.jetty.server.ssl.SslSocketConnector --> <New id="sslContextFactory" class="org.eclipse.jetty.http.ssl.SslContextFactory"> <Set name="KeyStore"><Property name="jetty.home" default="." />/etc/keystore</Set> <Set name="KeyStorePassword">OBF:xxxx</Set> <Set name="KeyManagerPassword">OBF:xxxx</Set> <Set name="TrustStore"><Property name="jetty.home" default="." />/etc/keystore</Set> <Set name="TrustStorePassword">OBF:xxxxx</Set> </New> <Call name="addConnector"> <Arg> <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector"> <Arg><Ref id="sslContextFactory" /></Arg> <Set name="Port">8443</Set> <Set name="maxIdleTime">30000</Set> <Set name="Acceptors">2</Set> <Set name="AcceptQueueSize">100</Set> </New> </Arg> </Call> </Configure> I obfuscated the passwords by running org.mortbay.jetty.security.Password as a main class. /opt/jetty/lib# java -cp jetty-http-7.5.4.v20111024.jar:jetty-util-7.5.4.v20111024.jar org.eclipse.jetty.http.security.Password I use also iptables to redirect 443 traffic to 8443 (so don’t need to include :8443 in mifos URL) iptables -t nat -I PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443 iptables-save > /etc/iptables.up.rules vi /etc/network/if-pre-up.d/iptables chmod +x /etc/network/if-pre-up.d/iptables Hope this provides an idea on how you might proceed and good luck. Regards Matthew ------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may _______________________________________________ Mifos-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/mifos-users
