Setting up OpenSSL with Resin 4.0.32 on Ubuntu 12.0.4
For this exercise, I am using Amazon EC2 to startup a clean Ubuntu 12.0.4 instance. One advantage that Resin has over other similar products is integration with OpenSSL. OpenSSL is much faster and less resource intensive than the SSL/TLS support that ships with Java. If you use Resin, you want to use OpenSSL, it is more scalable and faster.
For this exercise, I started up a 64 bit large instance in Amazon EC2 and I am using Ubuntu 12.0.4 with Resin 4.0.32.
Contents |
Install Resin
I am following the instructions here for setup:
$ sudo add-apt-repository http://caucho.com/download/debian
Then update the repo cache
$ sudo apt-get update
This is now broken with Ubuntu 12.0.4. It will work again in Resin 4.0.33 and beyond.
If you are using Resin 4.0.32 and before do this instead:
$ wget http://www.caucho.com/download/debian/dists/unstable/multiverse/binary-amd64/resin-pro_4.0.32-amd64.deb
Install Java 7 SDK (or Java 6 SDK) and OpenSSL as follows:
$ sudo apt-get -f install $ sudo apt-get install openjdk-7-jdk $ sudo apt-get install libssl-dev $ sudo dpkg -i resin-pro_4.0.32-amd64.deb
(sudo apt-get install works in Resin 4.0.33 for Debian, but not for Resin 4.0.32.)
Generate a resin password.
$ resinctl password-generate admin mypassword
admin_user : admin
admin_password : {SSHA}yAKopu5id740xAoePKZOGyAtu78DpZck
Add the username and password to /etc/resin/resin.properties and turn stuff on. (Leave most of resin.properties alone, unless it is mentioned in the following listing.)
# Enable /resin-doc Resin documentation
resin_doc : true
app.https : 8443
web.http : 8080
web.https : 8443
# Must be identical between web, app, and cache clusters.
cluster_system_key : changeme
# Enable remote admin (for remote CLI and for EC2 ext: triad discovery)
remote_admin_enable : true
# Enable /resin-admin web administration console
web_admin_enable : true
# Permit access to /resin-admin from non-local network ip-addresses
web_admin_external : true
# Require HTTPS to access /resin-admin
web_admin_ssl : true
# Enable Resin REST Admin
rest_admin_enable : true
# Require SSL for REST Admin
rest_admin_ssl : true
admin_user : admin
admin_password : {SSHA}ypqpON4IGSWY6XZ6NtU9uadsfasdfasdfasdfasdf
The above turns on the Resin web admin remotely over SSL and we can use that to test our SSL setup.
Resin will create a self signed certificate so go ahead and load the admin to test your Resin setup before we get started.
In order to get OpenSSL to work, you need a Resin license. If you don't have, contact us and get one.
You should be able to load the admin and such using SSL.
https://mydomain.com:8443/resin-admin/
It should all work now. The browser will complain because you are using a certificate that is not from a certificate authority. Proceed past there errors.
___________________________________________________
Bill Digman is a Java EE / Servlet enthusiast and Open Source enthusiast who loves working with Caucho's Resin Servlet Container, a Java EE Web Profile Servlet Container.
Caucho's Resin OpenSource Servlet Container
(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)
