B4J Question [solved] B4J Server at Home with SSL (Jetty)

MarkusR

Well-Known Member
Licensed User
hello,
i have a problem to get data if me used a http(s) server.
it not response if me test local at same pc or from web.
if me use port 80 with without ssl config it works fine local and extern.

in firefox i got a message selfsigned cert if not ok but i clicked ok for allow
then nothing happens.

the keystore file i made at pc.
the ssl .cert and .key i made with a online tool. http://www.selfsignedcertificate.com/
then i renamed the file to .crt and installed it at pc (windows 10).

i also added firewall rules for port 443 in my gdata internet security
i also tested it with other port for ssl but no success.

i am helpless :(

(gui) app start:
B4X:
    srvr.Initialize("srvr")
    Dim ssl As SslConfiguration
    ssl.Initialize
    ssl.SetKeyStorePath(File.DirApp, "server.keystore")
    ssl.KeyStorePassword = "123456"
    srvr.SetSslConfiguration(ssl, 443)
 
    srvr.AddFilter("/*", "HttpsFilter", False)
 
    srvr.StaticFilesFolder = File.Combine(File.DirApp, "www")
    srvr.AddHandler("/hello", "HelloPage", False)
    srvr.Start
httpsfilter
B4X:
Sub Class_Globals
    Private fx As JFX
End Sub

'Return True to allow the request to proceed.
Public Sub Filter(req As ServletRequest, resp As ServletResponse) As Boolean
    If req.Secure Then
        Return True
    Else
        Return False
    End If
End Sub
HelloPage Class
B4X:
'Class module
Sub Class_Globals
    Private mreq As ServletRequest 'ignore
    Private mresp As ServletResponse 'ignore
End Sub

Public Sub Initialize

End Sub

Sub Handle(req As ServletRequest, resp As ServletResponse)
    mreq = req
    mresp = resp
    Dim start As Long = DateTime.Now
    resp.ContentType = "text/html"
    resp.Write("<img src='images/logo.png'/ width=100 height=100><br/>") 'this file will be loaded from the www folder
    resp.Write("<b>Hello world!!!</b><br/>")
    resp.Write("Your ip address is: " & req.RemoteAddress & "<br/>")
    resp.Write("The time here is: " & DateTime.Time(DateTime.Now)).Write("<br/>")
    resp.Write("It took: ").Write(DateTime.Now - start).Write(" ms to create this page.<br/>")
    resp.Write("<a href='/'>Back</a>")
End Sub
 
Last edited:

OliverA

Expert
Licensed User
There should be two passwords. One for the keystore (ssl.KeyStorePassword) and one for the key/certificate (ssl.KeyManagerPassword). What instructions did you follow to create the keystore and store your key in the keystore?
 

MarkusR

Well-Known Member
Licensed User
for creating the keystore file i used this in batch
D:\Java\jdk-9.0.4\bin\keytool -keystore E:\MR_B4J\Test\server.keystore.new -alias jetty -genkey -keyalg RSA
so it seems i miss the .key file import into this .keystore file.
KeyManagerPassword no plan where i can set this.

i remember i tryed this for the import yesterday
D:\Java\jdk-9.0.4\bin\keytool -import -trustcacerts -alias jetty -file E:\MR_B4J\Test\Objects\one.ddns.net.cert -keystore E:\MR_B4J\Test\Objects\server.keystore
and then there was a error public key in answer and keystore did not match.
if me use the .key file there i got other error.



i tryed to follow this tutorial here.
https://www.b4x.com/android/forum/threads/server-building-web-servers-with-b4j.37172/

and i found this
https://www.b4x.com/android/forum/threads/server-ssl-connections.40130/
 
Last edited:

OliverA

Expert
Licensed User
You need to load the key and certificate into your keystore. For steps see (https://www.eclipse.org/jetty/documentation/9.4.x/configuring-ssl.html#loading-keys-and-certificates-via-pkcks12) and go the the "Loading Keys and Certificates via PKCS12". For these steps you need OpenSSL. I'm guessing you're on Windows and therefore need to download and installer for Windows (for example, here: https://slproweb.com/products/Win32OpenSSL.html.) Install either the 1.1.0h or the 1.0.2o lite versions (either 32 or 64). I do not know if the "chain of certificates" applies to the certificate that you created.
 

MarkusR

Well-Known Member
Licensed User
online tool .cert .key > PFX/PKCS#12
https://www.sslshopper.com/ssl-converter.html

Snap_2018.08.08_20h40m27s_001_.png

import into .keystore
D:\Java\jdk-9.0.4\bin\keytool -importkeystore -srckeystore E:\MR_B4J\Test\Objects\one.ddns.net.pfx -srcstoretype PKCS12 -destkeystore E:\MR_B4J\Test\Objects\server.keystore
i used this and the import work, now i will continue testing ..
 
Last edited:

MarkusR

Well-Known Member
Licensed User
i copied the source from a gui app into a non gui app and now it works.
(i saw that after the first request the gui app starts to hang and not response^^)
but i would be happy to have a server with gui.

@OliverA
Thank you so much for your support! :)
 

AHilton

Active Member
Licensed User
There's nothing stopping you from creating a GUI desktop / mobile app or even a web-based solution (running in the same NON-GUI server, by the way) that monitors your NON-GUI server. The advantage is that your server and monitoring/status/config app can be de-coupled and run remotely from the server. Very flexible! Maybe a very small amount of extra work to build it, though.

I've built a generic server monitor GUI app for just this purpose. All of my server apps expose a simple API that the monitor app taps into giving me one app (multiple locations ... desktop, mobile) to see what all of my server apps are doing. From anywhere I happen to be at that moment.
 

MarkusR

Well-Known Member
Licensed User
to see the status remote it make sense to make a extra project, yes.
its just nice to see a server app running with some visual feedback there where it run.
if the server class crash as example i can show the error handling there, but i can not see it remote because i can not open a connection to it.
the server app i will run at home at raspberry pi, if something not work as expected i can switch on the monitor or i can connect via remote desktop from www to it.
 
Last edited:

AHilton

Active Member
Licensed User
If you're not doing it web-based, yes, 2 separate projects.

re: Crash - What's the difference? If your server crashes catastrophically, then you'll need to be looking at the server apps' error logs whether or not you have a server with integrated GUI. At least with the solution I mentioned, if you get a crash or errors (that aren't extreme) then you'll be able to read those from the status/monitor GUI app.
 

mrred128

Active Member
Licensed User
I did the traditional way with the server engine at first. It was quite painful in comparison with just using HAProxy (free unix load balencer) with auto renewable certs implemented there. Now I have nothing special to do on the server object side (except source urls are by way of the xforwarded-for variable). Make your life easy.

Try this.... https://www.blindally.com/myfilmstuff

Two linux VM's running the b4j server object, load balanced and ssl.
 
Last edited:
Top