typesafe activator - How to configure akkacluster using SSL support -
i looking cluster setup using akka play framework projects. want know how can support plugable ssl transport support. looking @ http://doc.akka.io/docs/akka/snapshot/scala/remoting.html , tired configuration.
here sample configuration:
akka { loglevel = error actor.provider = "akka.cluster.clusteractorrefprovider" remote { enabled-transports = ["akka.remote.netty.tcp"] enabled-transports = [akka.remote.netty.ssl] netty.ssl.tcp { hostname = "127.0.0.1" enable-ssl = true } netty.ssl.security { key-store = "mykeystore" trust-store = "mytruststore" key-store-password = "changeme" key-password = "changeme" trust-store-password = "changeme" protocol = "tlsv1" random-number-generator = "aes128countersecurerng" enabled-algorithms = [tls_rsa_with_aes_128_cbc_sha] } } cluster { auto-down = on akka.cluster.auto-down-unreachable-after = 5s } } i start server :
activator -dnode.id=1 -dhttp.port=9000 -dakka.remote.netty.tcp.port=2551 -dakka.cluster.seed-nodes.0="akka.ssl.tcp://application@127.0.0.1:2551" run
i not sure more missing. can't see events when member up
i referred implementation : https://github.com/zarinfam/play-akka-cluster-pub-sub
please suggest.
i had used folloing configuration.also generated proper certificates following : http://docs.oracle.com/cd/e19528-01/819-4733/6n6s6u1gl/index.html note : need set keystore , truststore, define ssl/tls version used , set enabled algorithms. these settings correspond directly jsse configuration, documented here : http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/jsserefguide.html
here configuration:
akka { log-dead-letters = on loglevel = info actor.provider = "akka.cluster.clusteractorrefprovider" remote { #enabled-transports = ["akka.remote.netty.tcp"] enabled-transports = [akka.remote.netty.ssl] log-remote-lifecycle-events =on netty.tcp { hostname = "core06" enable-ssl = true } netty.ssl = ${akka.remote.netty.tcp} netty.ssl = { # enable ssl/tls encryption. # must enabled on both client , server work. enable-ssl = true security { # java key store used server connection key-store = "keystore.jks" # password used decrypting key store key-store-password = "changeit" # password used decrypting key key-password = "changeit" # java key store used client connection trust-store = "cacerts.jks" # password used decrypting trust store trust-store-password = "changeit" # protocol use ssl encryption, choose from: # java 6 & 7: # 'sslv3', 'tlsv1' # java 7: # 'tlsv1.1', 'tlsv1.2' protocol = "tlsv1" # example: ["tls_rsa_with_aes_128_cbc_sha", "tls_rsa_with_aes_256_cbc_sha"] # need install jce unlimited strength jurisdiction policy # files use aes 256. # more info here: # http://docs.oracle.com/javase/7/docs/technotes/guides/security/sunproviders.html#sunjceprovider enabled-algorithms = ["tls_rsa_with_aes_128_cbc_sha"] random-number-generator = "aes128countersecurerng" } } } cluster { seed-nodes = [ "akka.ssl.tcp://application@core06:2551", "akka.ssl.tcp://application@core06:2552" ] #auto-down = on auto-down-unreachable-after = 5s } } hope helps in future.
cheers!
Comments
Post a Comment