Thanks Matthew The config examples below are are essentially similar to those I have (since I followed the same instructions). That's reassuring.
This (along with Lech's message) confirms that my problem lies in trying to run Jetty alongside Apache and Tomcat (each of which is required for one reason or another). I'm sure it must be possible, but it's a long way beyond my abilities. It seems I have no choice other than to place Mifos and Jetty in a separate server, but I would probably have had to do that eventually in any case. Regards John (: On 22/05/13 09:07, Matthew Laurenson wrote: > Hi John > > I am running Mifos 2.6.0 in Jetty 7.5.4 on Debian. I'm not > attempting to run Apache as well - your problems may > relate more to that combination. > > I followed instructions at > http://docs.codehaus.org/display/JETTY/How+to+configure+SSL > > In /opt/jetty/etc/jetty.xml > > <!-- =========================================================== --> > > <!-- Set connectors--> > <!-- =========================================================== --> > <!--Call name="addConnector"> > <Arg> > <New class="org.eclipse.jetty.server.nio.SelectChannelConnector"> > <Set name="host"><Property name="jetty.host" /></Set> > <Set name="port"><Property name="jetty.port" default="8080"/></Set> > <Set name="maxIdleTime">300000</Set> > <Set name="Acceptors">2</Set> > <Set name="statsOn">false</Set> > <Set name="confidentialPort">8443</Set> > <Set name="lowResourcesConnections">20000</Set> > <Set name="lowResourcesMaxIdleTime">5000</Set> > </New> > </Arg> > </Call--> > <Call name="addConnector"> > > <Arg> > <New class="org.eclipse.jetty.server.ssl.SslSocketConnector"> > <Set name="Port">8443</Set> > <Set name="maxIdleTime">30000</Set> > <Set name="keystore"><SystemProperty name="jetty.home" default="." > />/etc/keystore</Set> > <Set name="password">OBF:xxxxx</Set> > <Set name="keyPassword">OBF:xxxxxxx</Set> > <Set name="truststore"><SystemProperty name="jetty.home" default="." > />/etc/keystore</Set> > <Set name="trustPassword">OBF:xxxxx</Set> > </New> > </Arg> > </Call> > > jetty-ssl.xml looks like this: > <?xml version="1.0"?> > <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" > "http://www.eclipse.org/jetty/configure.dtd";> > > <!-- =============================================================== --> > <!-- Configure SSL for the Jetty Server --> > <!-- this configuration file should be used in combination with --> > <!-- other configuration files. e.g. --> > <!-- java -jar start.jar etc/jetty-ssl.xml --> > <!-- --> > <!-- alternately, add to the start.ini for easier usage --> > <!-- =============================================================== --> > <Configure id="Server" class="org.eclipse.jetty.server.Server"> > > <!-- if NIO is not available, use > org.eclipse.jetty.server.ssl.SslSocketConnector --> > > <New id="sslContextFactory" > class="org.eclipse.jetty.http.ssl.SslContextFactory"> > <Set name="KeyStore"><Property name="jetty.home" default="." > />/etc/keystore</Set> > <Set name="KeyStorePassword">OBF:xxxx</Set> > <Set name="KeyManagerPassword">OBF:xxxx</Set> > <Set name="TrustStore"><Property name="jetty.home" default="." > />/etc/keystore</Set> > <Set name="TrustStorePassword">OBF:xxxxx</Set> > </New> > > <Call name="addConnector"> > <Arg> > <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector"> > <Arg><Ref id="sslContextFactory" /></Arg> > <Set name="Port">8443</Set> > <Set name="maxIdleTime">30000</Set> > <Set name="Acceptors">2</Set> > <Set name="AcceptQueueSize">100</Set> > </New> > </Arg> > </Call> > </Configure> > > I obfuscated the passwords by running > org.mortbay.jetty.security.Password as a main class. > > /opt/jetty/lib# java -cp > jetty-http-7.5.4.v20111024.jar:jetty-util-7.5.4.v20111024.jar > org.eclipse.jetty.http.security.Password > > I use also iptables to redirect 443 traffic to 8443 (so don’t need to > include :8443 in mifos URL) > > iptables -t nat -I PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443 > > iptables-save > /etc/iptables.up.rules > > vi /etc/network/if-pre-up.d/iptables > > chmod +x /etc/network/if-pre-up.d/iptables > > Hope this provides an idea on how you might proceed and good luck. > > Regards > Matthew > > > ------------------------------------------------------------------------------ > Try New Relic Now & We'll Send You this Cool Shirt > New Relic is the only SaaS-based application performance monitoring service > that delivers powerful full stack analytics. Optimize and monitor your > browser, app, & servers with just a few lines of code. Try New Relic > and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may > _______________________________________________ > Mifos-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/mifos-users > > ------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may _______________________________________________ Mifos-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/mifos-users
