Setting up OpenSSL with Resin 4.0.32 on Ubuntu 12.0.4
From Resin 4.0 Wiki
(Difference between revisions)
(Created page with "For this exercise, I am using Amazon EC2 to startup a clean Ubuntu 12.0.4 instance. I started up a 64 bit large instance. I am following the instructions here for setup: <p...") |
|||
Line 31: | Line 31: | ||
$ sudo apt-get install openjdk-7-jdk | $ sudo apt-get install openjdk-7-jdk | ||
$ sudo apt-get install libssl-dev | $ sudo apt-get install libssl-dev | ||
+ | </pre> | ||
+ | |||
+ | |||
+ | Turn stuff on. | ||
+ | |||
+ | <pre> | ||
+ | # resin.properties - configuration variable values | ||
+ | # | ||
+ | # See resin.xml, cluster-default.xml, and health.xml for full configuration. | ||
+ | # Any variable defined by ${...} can be set as a property in this file. | ||
+ | # | ||
+ | # Individual server overrides can be specified by prepending the server.id. | ||
+ | # For example, increasing the log level for an individual server: | ||
+ | # | ||
+ | log_level : finest | ||
+ | # app-0.log_level : finest | ||
+ | # | ||
+ | # Like Resin XML configuration, modification of this file will trigger | ||
+ | # a restart. | ||
+ | # | ||
+ | |||
+ | # General log level (modify resin.xml for more granular log level adjustments) | ||
+ | # log_level : finer | ||
+ | |||
+ | # Enable verbose browser error reporting | ||
+ | dev_mode : true | ||
+ | |||
+ | # How often Resin should check for updated files. | ||
+ | # dependency_check_interval : 5m | ||
+ | |||
+ | # Enable /resin-doc Resin documentation | ||
+ | resin_doc : true | ||
+ | |||
+ | # List Triad server ip-addresses:hmux-port for each tier, space separated | ||
+ | # App tier Triad servers must be listed to enable web-tier to | ||
+ | # app-tier load-balancing | ||
+ | |||
+ | # web-tier Triad servers: web-0 web-1 web-2 | ||
+ | # web_servers : 127.0.0.1:6810 | ||
+ | |||
+ | # app-tier Triad servers: app-0 app-1 app-2 | ||
+ | app_servers : 127.0.0.1:6800 | ||
+ | |||
+ | # Configures Resin for a memcached server tier | ||
+ | # memcached-tier Triad servers: memcached-0 memcached-1 memcached-2 | ||
+ | # memcached_servers : 127.0.0.1:6820 | ||
+ | # memcached_port : 11211 | ||
+ | |||
+ | # Allow elastic nodes to join the cluster (enable for cloud mode) | ||
+ | # elastic_cloud_enable : true | ||
+ | |||
+ | # The cluster that elastic nodes should join - each will contact a Triad server | ||
+ | # Use a separate resin.properties file for each cluster | ||
+ | home_cluster : app | ||
+ | |||
+ | # Used for an elastic server to join the cluster in home_cluster | ||
+ | # elastic_server : true | ||
+ | |||
+ | # Create a distinct webapps/ directory for each server, for vertical scaling | ||
+ | # elastic_webapp : true | ||
+ | |||
+ | # Used for cloud servers with dynamic IP addresses where the DNS name for the | ||
+ | # server is assigned after the server starts. Resin will retry the start. | ||
+ | # elastic_dns : true | ||
+ | |||
+ | # specifies the --server in the config file | ||
+ | # home_server : app-0 | ||
+ | |||
+ | # Set HTTP and HTTPS bind address | ||
+ | # http_address : * | ||
+ | |||
+ | # Set HTTP and HTTPS ports. | ||
+ | # Use overrides for individual server control, for example: app-0.http : 8081 | ||
+ | app.http : 8080 | ||
+ | app.https : 8443 | ||
+ | |||
+ | web.http : 8080 | ||
+ | web.https : 8443 | ||
+ | |||
+ | # memcached.http : 8080 | ||
+ | # memcached.https : 8443 | ||
+ | |||
+ | # For security, Resin can switch to a non-root user after binding to port 80 | ||
+ | setuid_user : resin | ||
+ | setuid_group : resin | ||
+ | |||
+ | # Arg passed directly to the JVM | ||
+ | # jvm_args : -Xmx2048m -XX:MaxPermSize=256m | ||
+ | |||
+ | # Local URLs for the watchdog to check to ensure the server is up, | ||
+ | # space separated | ||
+ | # http_ping_urls : http://127.0.0.1/test.jsp | ||
+ | |||
+ | # Throttle the number of active threads for a port | ||
+ | port_thread_max : 256 | ||
+ | accept_thread_max : 32 | ||
+ | accept_thread_min : 4 | ||
+ | |||
+ | # Enable JNI TCP speed optimizations | ||
+ | tcp_cork : true | ||
+ | sendfile : true | ||
+ | |||
+ | # OpenSSL certificate configuration | ||
+ | # Keys are typically stored in the resin configuration directory. | ||
+ | # openssl_file : keys/test.crt | ||
+ | # openssl_key : keys/test.key | ||
+ | # openssl_password : changeme | ||
+ | |||
+ | # JSSE certificate configuration | ||
+ | # Keys are typically stored in the resin configuration directory. | ||
+ | # jsse_keystore_type : jks | ||
+ | # jsse_keystore_file : /etc/resin/keys/server.keystore | ||
+ | # jsse_keystore_password : changeme | ||
+ | |||
+ | # In absence of a signed certificate, Resin will fallback to using a | ||
+ | # self-signed development certificate if HTTPS is enabled | ||
+ | |||
+ | # Enable the proxy-cache - for caching static content in memory | ||
+ | proxy_cache_enable : true | ||
+ | |||
+ | # Sets the proxy cache memory size | ||
+ | proxy_cache_size : 256m | ||
+ | |||
+ | # Enable clustered persistent sessions (for failover) | ||
+ | session_store : true | ||
+ | |||
+ | # Web-apps named with numeric suffixes, e.g. foo-10.0.war and can be browsed | ||
+ | # as /foo. When a new version of the web-app is deployed, Resin continues | ||
+ | # to route active session requests to the previous web-app version while | ||
+ | # new sessions go to the new version, so users will not be aware of the | ||
+ | # application upgrade. | ||
+ | # webapp_multiversion_routing : true | ||
+ | |||
+ | # Set the email address to receive weekly and restart PDF reports | ||
+ | # email : admin@example.com | ||
+ | |||
+ | # Set a global password to prevent foreign Resin instances from connecting. | ||
+ | # Must be identical between web, app, and cache clusters. | ||
+ | cluster_system_key : changeme | ||
+ | |||
+ | # Enable remote admin (for remote CLI and for EC2 ext: triad discovery) | ||
+ | remote_admin_enable : true | ||
+ | |||
+ | # Enable /resin-admin web administration console | ||
+ | web_admin_enable : true | ||
+ | |||
+ | # Permit access to /resin-admin from non-local network ip-addresses | ||
+ | web_admin_external : true | ||
+ | |||
+ | # Require HTTPS to access /resin-admin | ||
+ | web_admin_ssl : true | ||
+ | |||
+ | # Enable Resin REST Admin | ||
+ | rest_admin_enable : true | ||
+ | |||
+ | # Require SSL for REST Admin | ||
+ | rest_admin_ssl : true | ||
+ | |||
+ | # Access to /resin-admin and remote CLI is password restricted. | ||
+ | # Use "resinctl generate-password" and copy/paste here to set the admin | ||
+ | # admin_user : admin | ||
+ | # admin_password : {SSHA}xxxxxxxx | ||
+ | admin_user : admin | ||
+ | admin_password : {SSHA}ypqpON4IGSWY6XZ6NtU9uadsfasdfasdfasdfasdf | ||
+ | |||
+ | # Enable reading EC2 user data as resin properties | ||
+ | # properties_import_url : http://169.254.169.254/latest/user-data | ||
</pre> | </pre> |
Revision as of 00:00, 17 January 2013
For this exercise, I am using Amazon EC2 to startup a clean Ubuntu 12.0.4 instance.
I started up a 64 bit large instance.
I am following the instructions here for setup:
$ sudo add-apt-repository http://caucho.com/download/debian
Then update the repo cache
$ sudo apt-get update
This is now broken with Ubuntu 12.0.4. We will get it working again.
instead do this
$ wget http://www.caucho.com/download/debian/dists/unstable/multiverse/binary-amd64/resin-pro_4.0.32-amd64.deb
Install Java 7 SDK (or Java 6 SDK) and OpenSSL as follows:
$ sudo apt-get -f install $ sudo apt-get install openjdk-7-jdk $ sudo apt-get install libssl-dev
Turn stuff on.
# resin.properties - configuration variable values # # See resin.xml, cluster-default.xml, and health.xml for full configuration. # Any variable defined by ${...} can be set as a property in this file. # # Individual server overrides can be specified by prepending the server.id. # For example, increasing the log level for an individual server: # log_level : finest # app-0.log_level : finest # # Like Resin XML configuration, modification of this file will trigger # a restart. # # General log level (modify resin.xml for more granular log level adjustments) # log_level : finer # Enable verbose browser error reporting dev_mode : true # How often Resin should check for updated files. # dependency_check_interval : 5m # Enable /resin-doc Resin documentation resin_doc : true # List Triad server ip-addresses:hmux-port for each tier, space separated # App tier Triad servers must be listed to enable web-tier to # app-tier load-balancing # web-tier Triad servers: web-0 web-1 web-2 # web_servers : 127.0.0.1:6810 # app-tier Triad servers: app-0 app-1 app-2 app_servers : 127.0.0.1:6800 # Configures Resin for a memcached server tier # memcached-tier Triad servers: memcached-0 memcached-1 memcached-2 # memcached_servers : 127.0.0.1:6820 # memcached_port : 11211 # Allow elastic nodes to join the cluster (enable for cloud mode) # elastic_cloud_enable : true # The cluster that elastic nodes should join - each will contact a Triad server # Use a separate resin.properties file for each cluster home_cluster : app # Used for an elastic server to join the cluster in home_cluster # elastic_server : true # Create a distinct webapps/ directory for each server, for vertical scaling # elastic_webapp : true # Used for cloud servers with dynamic IP addresses where the DNS name for the # server is assigned after the server starts. Resin will retry the start. # elastic_dns : true # specifies the --server in the config file # home_server : app-0 # Set HTTP and HTTPS bind address # http_address : * # Set HTTP and HTTPS ports. # Use overrides for individual server control, for example: app-0.http : 8081 app.http : 8080 app.https : 8443 web.http : 8080 web.https : 8443 # memcached.http : 8080 # memcached.https : 8443 # For security, Resin can switch to a non-root user after binding to port 80 setuid_user : resin setuid_group : resin # Arg passed directly to the JVM # jvm_args : -Xmx2048m -XX:MaxPermSize=256m # Local URLs for the watchdog to check to ensure the server is up, # space separated # http_ping_urls : http://127.0.0.1/test.jsp # Throttle the number of active threads for a port port_thread_max : 256 accept_thread_max : 32 accept_thread_min : 4 # Enable JNI TCP speed optimizations tcp_cork : true sendfile : true # OpenSSL certificate configuration # Keys are typically stored in the resin configuration directory. # openssl_file : keys/test.crt # openssl_key : keys/test.key # openssl_password : changeme # JSSE certificate configuration # Keys are typically stored in the resin configuration directory. # jsse_keystore_type : jks # jsse_keystore_file : /etc/resin/keys/server.keystore # jsse_keystore_password : changeme # In absence of a signed certificate, Resin will fallback to using a # self-signed development certificate if HTTPS is enabled # Enable the proxy-cache - for caching static content in memory proxy_cache_enable : true # Sets the proxy cache memory size proxy_cache_size : 256m # Enable clustered persistent sessions (for failover) session_store : true # Web-apps named with numeric suffixes, e.g. foo-10.0.war and can be browsed # as /foo. When a new version of the web-app is deployed, Resin continues # to route active session requests to the previous web-app version while # new sessions go to the new version, so users will not be aware of the # application upgrade. # webapp_multiversion_routing : true # Set the email address to receive weekly and restart PDF reports # email : admin@example.com # Set a global password to prevent foreign Resin instances from connecting. # Must be identical between web, app, and cache clusters. cluster_system_key : changeme # Enable remote admin (for remote CLI and for EC2 ext: triad discovery) remote_admin_enable : true # Enable /resin-admin web administration console web_admin_enable : true # Permit access to /resin-admin from non-local network ip-addresses web_admin_external : true # Require HTTPS to access /resin-admin web_admin_ssl : true # Enable Resin REST Admin rest_admin_enable : true # Require SSL for REST Admin rest_admin_ssl : true # Access to /resin-admin and remote CLI is password restricted. # Use "resinctl generate-password" and copy/paste here to set the admin # admin_user : admin # admin_password : {SSHA}xxxxxxxx admin_user : admin admin_password : {SSHA}ypqpON4IGSWY6XZ6NtU9uadsfasdfasdfasdfasdf # Enable reading EC2 user data as resin properties # properties_import_url : http://169.254.169.254/latest/user-data