Accessing REST API in Apache Ignite Using HTTPS

0
votes

I am using Apache Ignite 2.8.0. This is my server configuration, 

<property name="sslContextFactory">
    <bean class="org.apache.ignite.ssl.SslContextFactory">
        <property name="keyStoreFilePath" value="C:\\ignite\\apache-ignite-2.8.0-bin\\keystore.jks"/>
        <property name="keyStorePassword" value="1234567"/>
        <property name="trustStoreFilePath" value="C:\\ignite\\\\apache-ignite-2.8.0-bin\\\\trust.jks"/>
        <property name="trustStorePassword" value="123456"/>
    </bean>
</property> 
<property name="connectorConfiguration">

              <bean class="org.apache.ignite.configuration.ConnectorConfiguration">

                    <property name="jettyPath" value="C:\apache-ignite-2.8.0-bin\examples\config\jetty-config.xml" />

              </bean>

        </property>

And This is My jetty-config.xml, https://apacheignite.readme.io/docs/rest-api (Copy pasted)

Still it works with HTTP only.. It doesn't work with HTTPS. What is wrong with me? How I can enable the HTTPS on Rest API?

1
sslhttpsigniterest

1 Answers

0
votes

Unfortunately, the documentation snippet is not complete.

You also need sslContextFactory defined in jetty configuration:

<New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
    <Set name="keyStorePath">src/test/keystore/server.jks</Set>
    <Set name="keyStorePassword">123456</Set>
    <Set name="keyManagerPassword">123456</Set>
    <Set name="trustStorePath">src/test/keystore/trust-one.jks</Set>
    <Set name="trustStorePassword">123456</Set>
</New>

You also need a differently configured connector:

<Call name="addConnector">
    <Arg>
        <New class="org.eclipse.jetty.server.ServerConnector">
            <Arg><Ref refid="Server"/></Arg>
            <Arg>
                <Array type="org.eclipse.jetty.server.ConnectionFactory">
                    <Item>
                        <New class="org.eclipse.jetty.server.SslConnectionFactory">
                            <Arg><Ref refid="sslContextFactory"/></Arg>
                            <Arg>http/1.1</Arg>
                        </New>
                    </Item>
                    <Item>
                        <New class="org.eclipse.jetty.server.HttpConnectionFactory">
                            <Arg><Ref refid="httpCfg"/></Arg>
                        </New>
                    </Item>
                </Array>
            </Arg>
  ...

You also need trust store and signed server key. Generating those, especially ones which may be accepted by web browsers, is way out of scope of this answer. Try letsencrypt for generating these, perhaps.