Accessing REST API in Apache Ignite Using HTTPS

Question

I am using Apache Ignite 2.8.0. This is my server configuration,

<property name="sslContextFactory">
    <bean class="org.apache.ignite.ssl.SslContextFactory">
        <property name="keyStoreFilePath" value="C:\\ignite\\apache-ignite-2.8.0-bin\\keystore.jks"/>
        <property name="keyStorePassword" value="1234567"/>
        <property name="trustStoreFilePath" value="C:\\ignite\\\\apache-ignite-2.8.0-bin\\\\trust.jks"/>
        <property name="trustStorePassword" value="123456"/>
    </bean>
</property> 
<property name="connectorConfiguration">

              <bean class="org.apache.ignite.configuration.ConnectorConfiguration">

                    <property name="jettyPath" value="C:\apache-ignite-2.8.0-bin\examples\config\jetty-config.xml" />

              </bean>

        </property>

And This is My jetty-config.xml, https://apacheignite.readme.io/docs/rest-api (Copy pasted)

Still it works with HTTP only.. It doesn't work with HTTPS. What is wrong with me? How I can enable the HTTPS on Rest API?

score 0 · Accepted Answer · answered Apr 30 '20 at 08:33

0

Unfortunately, the documentation snippet is not complete.

You also need sslContextFactory defined in jetty configuration:

<New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
    <Set name="keyStorePath">src/test/keystore/server.jks</Set>
    <Set name="keyStorePassword">123456</Set>
    <Set name="keyManagerPassword">123456</Set>
    <Set name="trustStorePath">src/test/keystore/trust-one.jks</Set>
    <Set name="trustStorePassword">123456</Set>
</New>

You also need a differently configured connector:

<Call name="addConnector">
    <Arg>
        <New class="org.eclipse.jetty.server.ServerConnector">
            <Arg><Ref refid="Server"/></Arg>
            <Arg>
                <Array type="org.eclipse.jetty.server.ConnectionFactory">
                    <Item>
                        <New class="org.eclipse.jetty.server.SslConnectionFactory">
                            <Arg><Ref refid="sslContextFactory"/></Arg>
                            <Arg>http/1.1</Arg>
                        </New>
                    </Item>
                    <Item>
                        <New class="org.eclipse.jetty.server.HttpConnectionFactory">
                            <Arg><Ref refid="httpCfg"/></Arg>
                        </New>
                    </Item>
                </Array>
            </Arg>
  ...

You also need trust store and signed server key. Generating those, especially ones which may be accepted by web browsers, is way out of scope of this answer. Try letsencrypt for generating these, perhaps.

answered Apr 30 '20 at 08:33

alamar

18,729
4
64
97

Yes It works with HTTPS.. but i get your connection to this site is Not Secure in my browser. what can i do? – Balaji G Apr 30 '20 at 09:18
"Generating certificates which may be accepted by web browsers is way out of scope of this answer. Try letsencrypt for generating these, perhaps." – alamar Apr 30 '20 at 09:27
Actually i am using python for give https request. import requests URL = "https://127.0.0.1:8080//ignite?cmd=version" r = requests.get(url = URL ) print(r).......... This gives SSL Error for me – Balaji G Apr 30 '20 at 10:00
Try adding verify=False https://stackoverflow.com/questions/15445981/how-do-i-disable-the-security-certificate-check-in-python-requests – alamar Apr 30 '20 at 10:56
Maybe it's because you have double slash? Anyway, getting 404 shows you're on the right track – alamar Apr 30 '20 at 14:10
Actually i need to get my version of ignite for that request. but it gives 404, then how did you say it's right? – Balaji G May 03 '20 at 09:52
Try removing extra slash: 127.0.0.1:8080/ignite?cmd=version – alamar May 03 '20 at 12:07

Accessing REST API in Apache Ignite Using HTTPS

1 Answers1