freemarker-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Dekany <ddek...@apache.org>
Subject Re: try.freemarker.apache.org instead of try.freemarker.org?
Date Thu, 17 May 2018 17:47:20 GMT
Thursday, May 17, 2018, 3:05:02 PM, Jacques Le Roux wrote:

> Le 17/05/2018 à 09:04, Jacques Le Roux a écrit :
>> Le 16/05/2018 à 22:26, Jacques Le Roux a écrit :
>>> When I read the content in my local Git repo it's commented out. I guess I should
manually change it on the VM and restart the app with Gradle?
>>>
>>> As it's a bit late already, I let you handle this last part ;)
>> OK I remember now that you documented the app restart at
>> https://cwiki.apache.org/confluence/display/FREEMARKER/try.freemarker.org+maintenance+and+installation
>> I'll do so now and will have a look at the code change for the renew
>>
>> Jacques
>>
> I have just changed the file according to my previous message, ie modified to
>          keyStorePath: /etc/letsencrypt/live/certificate.p12
>          keyStorePassword: HTTPDisUnnecessary
> and also while at it (not sure we want that)
>          validateCerts: true
>
> But after setting the iptables for 443-8443 (v4 and v6), saving the
> change and restarting the app it did not work:
>
> May 17 11:51:06 freemarker-vm systemd[1]: Stopped FreeMarker Online Tester.
> May 17 11:51:06 freemarker-vm systemd[1]: Started FreeMarker Online Tester.
> May 17 11:52:10 freemarker-vm java[14009]:
> MultiException[java.lang.IllegalStateException: no valid keystore,
> java.lang.IllegalStateException: no

That was because the service had no right to read the parent directory
of the p12 file. (Yeah, that error message is not very helpful...) I
have fixed that. So now the only problem we have what I said in the
other mail. And we will need the cron script... or maybe a systemd
timer unit instead.

> valid keystore, java.util.concurrent.RejectedExecutionException: org.eclipse.jetty.io.Manag
> May 17 11:52:10 freemarker-vm java[14009]:         at
> org.eclipse.jetty.server.Server.doStart(Server.java:382)
> May 17 11:52:10 freemarker-vm java[14009]:         at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
> May 17 11:52:10 freemarker-vm java[14009]:         at
> io.dropwizard.cli.ServerCommand.run(ServerCommand.java:53)
> May 17 11:52:10 freemarker-vm java[14009]:         at
> io.dropwizard.cli.EnvironmentCommand.run(EnvironmentCommand.java:44)
> May 17 11:52:10 freemarker-vm java[14009]:         at
> io.dropwizard.cli.ConfiguredCommand.run(ConfiguredCommand.java:87)
> May 17 11:52:10 freemarker-vm java[14009]:         at
> io.dropwizard.cli.Cli.run(Cli.java:78)
> May 17 11:52:10 freemarker-vm java[14009]:         at
> io.dropwizard.Application.run(Application.java:93)
> May 17 11:52:10 freemarker-vm java[14009]:         at 
> org.apache.freemarker.onlinetester.dropwizard.FreeMarkerOnlineTester.main(FreeMarkerOnlineTester.java:43)
>
> So I commented out the HTTPS part
>      #      # FOR PRODUCTION:
>      #      - type: https
>      #        port: 8443
>      #        keyStorePath: /etc/letsencrypt/live/certificate.p12
>      #        keyStoreType: PKCS12
>      #        keyStorePassword: HTTPDisUnnecessary
>      #        validateCerts: true
> and restarted the app
>
> Now http://try.freemarker.org/ works again, but no longer
> http://try.freemarker.apache.org/ which is redirected to
> https://try.freemarker.apache.org/
> I don't understand the redirect. Does have this changed before my change? I don't know.
> I have double-checked, thought I have not reverted the config yet, HTTPD is no longer
working.
> Maybe it's due to the certificate (created for a.o) but I can't see
> how DropWizard would now relate to it, since
>      keyStorePath: /etc/letsencrypt/live/certificate.p12
> and the whole HTTPS block, is commented out :/
>
> I'll get back to that later...
>
> Jacques
>
>

-- 
Thanks,
 Daniel Dekany


Mime
View raw message