B4J Question jRDC and SSL Let's Encrypt

Sifu

Active Member
Hello,

is this old threads still valid?
https://www.b4x.com/android/forum/threads/server-ssl-connections.40130/#content if so then where should these scripts be put? in jRDC server project created in B4J or in the B4A project which is requesting the data? For me it is not clear in that thread.

(B4A which still works ok with http but not https).

I have a little Ubuntu linux server with ISPconfig running and using SSL Let's Encrypt certificates. ISPconfig creates it for the website. It is reachable from outside the local network.

Do I still need to use the keytool as I read in other threads? And is that primarly for the jRDC? or also for the B4A app? It is quite confusing for me on how to get jRDC acces via https.

Hope someone can be a bit clear on it.
Thank you.
 

Erel

B4X founder
Staff member
Licensed User
Longtime User
is this old threads still valid?
Yes. It was last edited on June 2021 (you can see it in the bottom right corner).

jRDC2 = regular B4J server.

if so then where should these scripts be put? in jRDC server project created in B4J or in the B4A project which is requesting the data? For me it is not clear in that thread.
In the B4J server project.

I have a little Ubuntu linux server with ISPconfig running and using SSL Let's Encrypt certificates. ISPconfig creates it for the website. It is reachable from outside the local network.

Do I still need to use the keytool as I read in other threads?
You need to create a Java keystore with the key. There are all kinds of ways to do it.

And is that primarly for the jRDC? or also for the B4A app?
Only for the server.
 
Upvote 0

aeric

Expert
Licensed User
Longtime User
You can read this as reference:
 
Upvote 0

Sifu

Active Member
Ok, stupid question from me.
Those 2 subs ConfigureSSL and Filter, do I just put them before AppStart sub or do I have to call them from the AppStart Sub before the first line of that Sub?
Like:
B4X:
Sub AppStart (Args() As String)
ConfigureSSL(17178)
    srvr.Initialize("")
    rdcConnector1.Initialize
    srvr.Port = rdcConnector1.serverPort
    srvr.AddHandler("/test", "TestHandler", False)
    srvr.AddHandler("/rdc", "RDCHandler", False)
    srvr.Start
    Log($"jRDC is running (version = $1.2{VERSION})"$)
    StartMessageLoop
End Sub
?

and should this line:
B4X:
srvr.AddFilter("/*", "HttpsFilter", False)
not be
B4X:
srvr.AddFilter("/*", "Filter", False)
the sub name from the filter?

Thank you.
 
Upvote 0

aeric

Expert
Licensed User
Longtime User
I have a sample project you may refer:
Thread 'JQuiz - API Server / Web Service for B4XQuiz (with SSL)'
 
Upvote 0

Sifu

Active Member
I have a sample project you may refer:
Thread 'JQuiz - API Server / Web Service for B4XQuiz (with SSL)'
Thank you, I will go thru that.

I have a question, a thought that came up. Following you recipe, due to that the keystore is created as root, is it possible that jRDC server has no access to that keystore file and could be reason for not getting access via https? Because jRDC is not root. Or should that not matter?
I noticed the folder ...../letsencrypt/live/domainname is only readable as root.

***edit*** already saw something what I did not see before in other threads and that the line SSLport=17182 in the config.properties file for jRDC, I only have Serverport=17178. Also interesting to see that the SQL commands do not have to be strictly in the configuration File, but as you do can also be in a sub.
 
Last edited:
Upvote 0

aeric

Expert
Licensed User
Longtime User
due to that the keystore is created as root, is it possible that jRDC server has no access to that keystore file and could be reason for not getting access via https? Because jRDC is not root. Or should that not matter?
I noticed the folder ...../letsencrypt/live/domainname is only readable as root.
I think because the directory /etc is only accessible by root. I think it doesn’t matter after the keystore files are generated.

the line SSLport=17182 in the config.properties file for jRDC, I only have Serverport=17178
Yes, you need to specify a different port number other than the server port.

the SQL commands do not have to be strictly in the configuration File
Yes, you can separate them into a different file if you like. It is simpler to use a single file for all configuration in jRDC2 settings. I just want to do it my own preference and use case.
 
Upvote 0

Sifu

Active Member
now is confusing me.

in b4A app I now have this, is it correct? (ruled http line out)
B4X:
'Dim const rdcLink As String = "http://website.com:17178/rdc"
    Dim const rdcLink As String = "https://website.com:17180/rdc"

in b4j jRDC I try this:
B4X:
Sub Process_Globals
    Public srvr As Server
    Public srvrssl As Server
    Public rdcConnector1 As RDCConnector
    Public const VERSION As Float = 2.22
    Type DBCommand (Name As String, Parameters() As Object)
    Type DBResult (Tag As Object, Columns As Map, Rows As List)
End Sub

Sub AppStart (Args() As String)
    'Dim config As Map = rdcConnector1.LoadConfigMap
    '#If RELEASE
    'ConfigureSSL(config.Get("SSLPort"))
    ' #End If
    
    srvr.Initialize("")
    ConfigureSSL(rdcConnector1.serverSSLPort)
    rdcConnector1.Initialize
    srvr.Port = rdcConnector1.serverPort
    srvr.AddHandler("/test", "TestHandler", False)
    srvr.AddHandler("/rdc", "RDCHandler", False)
    srvr.Start
    srvrssl.Port = rdcConnector1.serverSSLPort
    srvrssl.AddHandler("/test", "TestHandler", False)
    srvrssl.AddHandler("/rdc", "RDCHandler", False)
    srvrssl.Start
    Log($"jRDC is running (version = $1.2{VERSION})"$)
    StartMessageLoop
End Sub

Private Sub ConfigureSSL (SslPort As Int)
    Dim ssl As SslConfiguration
    ssl.Initialize
   
    ssl.SetKeyStorePath("/etc/letsencrypt/live/website.com", "keystore.jks") 'path to keystore file
   
    ssl.KeyStorePassword = "scoobydoo"
    ssl.KeyManagerPassword = "scoobydoo"
    srvr.SetSslConfiguration(ssl, SslPort)
    'add filter to redirect all traffic from http to https (optional)
    srvr.AddFilter("/*", "HttpsFilter", False)
End Sub

Also I see in examples direct port nr:
B4X:
ConfigureSSL(1780)
should be with double quotes or not?

But in webbrowser no access to https://website.com:17800/test, so maybe it not allowing to read keystore?
Maybe try to creat keystore not as root, or copy from root to no-root, is possible?

will test further also

thank you, sorry
 
Upvote 0

Sifu

Active Member
Working in browser!! :D

Made the Appstart Sub original again as Erel's example.
used
B4X:
ConfigureSSL(17180)
without quotes
httpfilter is a standard class module in jRDC
changed the line in Sub ConfigureSSL to :
B4X:
ssl.SetKeyStorePath("/home/username/", "keystore.jks") 'path to keystore file
copied the keystore.jks from /etc/letsencrypt/live/website.com to /home/username/ with this command as root : cp keystore.jks ~username
I did not yet: chown username ~username/keystore.jks because I first wanted to check if copy alone was enough, and it is enough. chown is not needed.

So my feeling was right that jRDC could not reach the keystore file in the original place

Now it working in browser with https://website.com:17180/test I can start testing with B4A app.

Thank you both!
and myself for keep on trying 🤣

***edit*** working in B4A too by changing http to https and changing 17179 to 17180 in B4A app
 
Last edited:
Upvote 0
Top