Bill Digman is a Java EE / Servlet enthusiast and Open Source enthusiast who loves working with Caucho's Resin Servlet Container, a Java EE Web Profile Servlet Container. Bill has posted 12 posts at DZone. You can read more from them at their website. View Full User Profile

Setting up OpenSSL with Resin 4.0.32 on Ubuntu 12.0.4

02.13.2013
| 3646 views |
  • submit to reddit

For this exercise, I am using Amazon EC2 to startup a clean Ubuntu 12.0.4 instance. One advantage that Resin has over other similar products is integration with OpenSSL. OpenSSL is much faster and less resource intensive than the SSL/TLS support that ships with Java. If you use Resin, you want to use OpenSSL, it is more scalable and faster.

For this exercise, I started up a 64 bit large instance in Amazon EC2 and I am using Ubuntu 12.0.4 with Resin 4.0.32.

Contents

Install Resin

I am following the instructions here for setup:

 $ sudo add-apt-repository http://caucho.com/download/debian


Then update the repo cache

$ sudo apt-get update


This is now broken with Ubuntu 12.0.4. It will work again in Resin 4.0.33 and beyond.

If you are using Resin 4.0.32 and before do this instead:

$ wget http://www.caucho.com/download/debian/dists/unstable/multiverse/binary-amd64/resin-pro_4.0.32-amd64.deb

Install Java 7 SDK (or Java 6 SDK) and OpenSSL as follows:

$ sudo apt-get -f install
$ sudo apt-get install openjdk-7-jdk
$ sudo apt-get install libssl-dev
$ sudo dpkg -i resin-pro_4.0.32-amd64.deb

(sudo apt-get install works in Resin 4.0.33 for Debian, but not for Resin 4.0.32.)

Generate a resin password.

$ resinctl password-generate admin mypassword
admin_user : admin
admin_password : {SSHA}yAKopu5id740xAoePKZOGyAtu78DpZck

Add the username and password to /etc/resin/resin.properties and turn stuff on. (Leave most of resin.properties alone, unless it is mentioned in the following listing.)

# Enable /resin-doc Resin documentation
resin_doc     : true

app.https         : 8443

web.http          : 8080
web.https         : 8443

# Must be identical between web, app, and cache clusters.
cluster_system_key : changeme

# Enable remote admin (for remote CLI and for EC2 ext: triad discovery)
remote_admin_enable : true

# Enable /resin-admin web administration console
web_admin_enable : true

# Permit access to /resin-admin from non-local network ip-addresses
web_admin_external : true

# Require HTTPS to access /resin-admin
web_admin_ssl : true

# Enable Resin REST Admin
rest_admin_enable : true

# Require SSL for REST Admin
rest_admin_ssl : true

admin_user : admin
admin_password : {SSHA}ypqpON4IGSWY6XZ6NtU9uadsfasdfasdfasdfasdf

The above turns on the Resin web admin remotely over SSL and we can use that to test our SSL setup.

Resin will create a self signed certificate so go ahead and load the admin to test your Resin setup before we get started.

In order to get OpenSSL to work, you need a Resin license. If you don't have, contact us and get one.

You should be able to load the admin and such using SSL.

https://mydomain.com:8443/resin-admin/

It should all work now. The browser will complain because you are using a certificate that is not from a certificate authority. Proceed past there errors.

___________________________________________________

Bill Digman is a Java EE / Servlet enthusiast and Open Source enthusiast who loves working with Caucho's Resin Servlet Container, a Java EE Web Profile Servlet Container.

Caucho's Resin OpenSource Servlet Container

Java EE Web Profile Servlet Container

Caucho's Resin 4.0 JCache blog post

Published at DZone with permission of its author, Bill Digman.

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)