Killed HTTP Server

cristiancs · January 18, 2018, 4:48am

I was trying to activate SSL from letsencrypt with this tutorial:

But after doing all the steps i noted that it doesn’t work and started trying to “fix” it, doing that i killed the jetty file located on /usr/share/openhab2/runtime/etc/jetty.xml, so i decided to download it again from openhab2/bundles/io/org.openhab.io.jetty/jettyhome/etc/jetty-ssl.xml at master · vlad-ivanov-name/openhab2 · GitHub and i fixed it (or something like that), now openhab starts but the HTTP server looks like doesn’t start, the log from openhab says everything is fine, i can ssh to the console (ssh -p 8101 openhab@localhost) without problems but the http interface is gone!

cristiancs · January 18, 2018, 5:05am

Edit:
I managed to fix the problem copying the correct, file from a fresh install, im going to post the default file if someone ever need it and don’t have another server to test:

<?xml version="1.0"?>

<!-- =========================================================== -->
<!-- Set handler Collection Structure -->
<!-- =========================================================== -->

<Get name="handler">
	<Call name="addHandler">
		<Arg>
			<New id="Rewrite" class="org.eclipse.jetty.rewrite.handler.RewriteHandler">
				<!-- Add rule in order to take care of the X-Forwarded-Scheme header -->
				<Call name="addRule">
					<Arg>
						<New class="org.eclipse.jetty.rewrite.handler.ForwardedSchemeHeaderRule">
							<Set name="header">X-Forwarded-Scheme</Set>
							<Set name="headerValue">https</Set> <!-- if this is unset, any value will match against the rule -->
							<Set name="scheme">https</Set>
						</New>
					</Arg>
				</Call>
				<Call name="addRule">
					<Arg>
						<New class="org.eclipse.jetty.rewrite.handler.ForwardedSchemeHeaderRule">
							<Set name="header">X-Forwarded-Scheme</Set>
							<Set name="headerValue">http</Set> <!-- if this is unset, any value will match against the rule -->
							<Set name="scheme">http</Set>
						</New>
					</Arg>
				</Call>

				<!-- show the dashboard as default -->
				<Call name="addRule">
					<Arg>
						<New class="org.eclipse.jetty.rewrite.handler.RedirectRegexRule">
							<Set name="regex">/$</Set>
							<Set name="replacement">/start/index</Set>
						</New>
					</Arg>
				</Call>
			</New>
		</Arg>
	</Call>
</Get>
<Get name="handler">
	<Call name="addHandler">
		<Arg>
			<New class="org.eclipse.jetty.server.handler.ContextHandler">
				<Set name="contextPath">/static</Set>
				<Set name="handler">
					<New class="org.eclipse.jetty.server.handler.ResourceHandler">
						<Set name="resourceBase"><SystemProperty name="openhab.conf" />/html</Set>
						<Set name="directoriesListed">false</Set>
					</New>
				</Set>
			</New>
		</Arg>
	</Call>
</Get>


<New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
	<Set name="secureScheme">https</Set>
	<Set name="securePort">
		<Property name="org.osgi.service.http.port.secure" default="8443" />
	</Set>
	<Set name="outputBufferSize">32768</Set>
	<Set name="requestHeaderSize">8192</Set>
	<Set name="responseHeaderSize">8192</Set>
	<Set name="sendServerVersion">true</Set>
	<Set name="sendDateHeader">false</Set>
	<Set name="headerCacheSize">512</Set>

	<Call name="addCustomizer">
		<Arg>
			<New class="org.eclipse.jetty.server.SecureRequestCustomizer" />
		</Arg>
	</Call>
</New>

<!-- =========================================================== -->
<!-- extra options -->
<!-- =========================================================== -->
<Set name="stopAtShutdown">true</Set>
<Set name="stopTimeout">1000</Set>
<Set name="dumpAfterStart">false</Set>
<Set name="dumpBeforeStop">false</Set>

<New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
	<Set name="KeyStorePath"><SystemProperty name="jetty.keystore.path" default="/etc/myKeystore" /></Set>
	<Set name="KeyStorePassword"><SystemProperty name="jetty.ssl.password" default="OBF:1uh81uha1toc1wn31toi1ugg1ugi" /></Set>
	<Set name="KeyManagerPassword"><SystemProperty name="jetty.ssl.keypassword" default="OBF:1uh81uha1toc1wn31toi1ugg1ugi" /></Set>
	<Set name="TrustStorePath"><SystemProperty name="jetty.truststore.path" default="/etc/myKeystore" /></Set>
	<Set name="TrustStorePassword"><SystemProperty name="jetty.ssl.password" default="OBF:1uh81uha1toc1wn31toi1ugg1ugi" /></Set>
	<Set name="EndpointIdentificationAlgorithm"></Set>
	<Set name="NeedClientAuth"><SystemProperty name="jetty.ssl.needClientAuth" default="false" /></Set>
	<Set name="WantClientAuth"><SystemProperty name="jetty.ssl.wantClientAuth" default="false" /></Set>
	<Set name="ExcludeCipherSuites">
		<Array type="String">
			<Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
			<Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
			<Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
			<Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
			<Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
			<Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
			<!-- Disable cipher suites with Diffie-Hellman key exchange to prevent Logjam attack and avoid the ssl_error_weak_server_ephemeral_dh_key error in recent browsers -->
			<Item>SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA</Item>
			<Item>SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA</Item>
			<Item>TLS_DHE_RSA_WITH_AES_256_CBC_SHA256</Item>
			<Item>TLS_DHE_DSS_WITH_AES_256_CBC_SHA256</Item>
			<Item>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</Item>
			<Item>TLS_DHE_DSS_WITH_AES_256_CBC_SHA</Item>
			<Item>TLS_DHE_RSA_WITH_AES_128_CBC_SHA256</Item>
			<Item>TLS_DHE_DSS_WITH_AES_128_CBC_SHA256</Item>
			<Item>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</Item>
			<Item>TLS_DHE_DSS_WITH_AES_128_CBC_SHA</Item>
		</Array>
	</Set>
	<!-- setting required for preventing Poodle attack, see http://stackoverflow.com/questions/26382540/how-to-disable-the-sslv3-protocol-in-jetty-to-prevent-poodle-attack/26388531#26388531 -->
	<Set name="ExcludeProtocols">
		<Array type="java.lang.String">
			<Item>SSLv3</Item>
		</Array>
	</Set>


</New>


<!-- =========================================================== -->
<!-- Add a HTTPS Connector. -->
<!-- Configure an o.e.j.server.ServerConnector with connection -->
<!-- factories for TLS (aka SSL) and HTTP to provide HTTPS. -->
<!-- All accepted TLS connections are wired to a HTTP connection. -->
<!-- -->
<!-- Consult the javadoc of o.e.j.server.ServerConnector, -->
<!-- o.e.j.server.SslConnectionFactory and -->
<!-- o.e.j.server.HttpConnectionFactory for all configuration -->
<!-- that may be set here. -->
<!-- =========================================================== -->

<Call id="sslConnector" name="addConnector">
	<Arg>
		<New class="org.eclipse.jetty.server.ServerConnector" id="sslConnectorId">
			<Arg name="server">
				<Ref refid="Server" />
			</Arg>
			<Arg name="factories">
				<Array type="org.eclipse.jetty.server.ConnectionFactory">
					<Item>
						<New class="org.eclipse.jetty.server.SslConnectionFactory">
							<Arg name="next">http/1.1</Arg>
							<Arg name="sslContextFactory">
								<Ref refid="sslContextFactory" />
							</Arg>
						</New>
					</Item>
					<Item>
						<New class="org.eclipse.jetty.server.HttpConnectionFactory">
							<Arg name="config">
								<Ref refid="httpConfig" />
							</Arg>
						</New>
					</Item>
				</Array>
			</Arg>
			<Set name="name">
				<SystemProperty name="jetty.host" default="0.0.0.0" />:<SystemProperty name="org.osgi.service.http.port.secure" default="8443" />
			</Set>
			<Set name="host">
				<SystemProperty name="jetty.host" />
			</Set>
			<Set name="port">
				<SystemProperty name="org.osgi.service.http.port.secure" default="8443" />
			</Set>
			<Set name="idleTimeout">
				<SystemProperty name="https.timeout" default="30000" />
			</Set>
			<Set name="soLingerTime">
				<SystemProperty name="https.soLingerTime" default="-1" />
			</Set>
		</New>
	</Arg>
</Call>
<Call name="setAttribute">
            <Arg>org.eclipse.jetty.server.Request.maxFormContentSize</Arg>
            <Arg>300000</Arg>
</Call>