Fork me on GitHub
#immutant
<
2015-11-20
>
jcrossley313:11:43

@jaen: i've had a little success

jcrossley313:11:46

it seems having the alpn-boot jar on the bootclasspath is a fundamental requirement

jcrossley313:11:53

so this does the trick for me...

jcrossley313:11:04

java -Xbootclasspath/p:/tmp/alpn.jar -jar target/immutant-repro-0.1.0-SNAPSHOT-standalone.jar

jcrossley313:11:55

that alpn.jar is a copy of [org.mortbay.jetty.alpn/alpn-boot "8.1.5.v20150921"] from my local .m2 repo

jcrossley314:11:09

@jaen: i just pushed changes to my fork that fix both 'lein run' and invoking core/start! from a REPL. the :prepend true option is critical in that :boot-dependencies vector

jcrossley314:11:42

still wish i could get the less-awful-ssl stuff working, but i guess like it's name implies, "less awful" is still awful 😉

jaen16:11:24

@jcrossley3: nice, I'll check it out with a while; I made the reproduction with lein for your convenience, but I usually use boot, so I'll have to figure out how to do it there. I assume AOT and genclass something that is required and this won't work without it?

jcrossley316:11:26

@jaen: no, aot/genclass only required for uberjar creation, which isn't relevant. i only put it in there to make sure all 3 worked (lein run, repl, and uberjar)

jcrossley316:11:12

that bootclasspath plugin is pretty simple -- it just adds jvm options -- so should be straightforward in boot

jaen16:11:21

I see. When I tried to use boot-immutantand did it like (comp (aot) (immutant-war)) I ended up with a war that didn't contain sources and wouldn't boot in Wildfly, so just wanted to know if it's necessary to AOT.

jaen16:11:29

(or I might have been doing something else wrong)

jaen16:11:48

I'll let you know when I try it out.

jcrossley316:11:37

our own @tcrawley is the boot-immutant expert, but i wouldn't think any aot stuff would be required for an immutant-war

jaen16:11:22

Yeah, it seems to require just sources.

tcrawley16:11:27

jaen: that sounds like it might be a bug. would you mind filing an issue at https://github.com/immutant/boot-immutant/issues

jaen16:11:51

Sure, I will.

jaen16:11:23

@jcrossley3: so you say lein run works for your repo when you connect with a browser, yes?

tcrawley16:11:04

jaen: thanks!

jaen16:11:11

I'm just trying it as-is for now and I get this - https://gist.github.com/jaen/48e4f17644bdaa4bf279

jcrossley316:11:19

i'm using java "1.8.0_66"

jaen16:11:42

Tried with curl, Open SSL, Chrome 47.0.2526.35 and Firefox 38.0a1 (2015-02-18) and they all just hang there waiting for a reply.

jaen16:11:59

1.8.0_40 over here.

jaen16:11:09

I can try upgrading

jcrossley316:11:20

or try downgrading to [org.mortbay.jetty.alpn/alpn-boot "8.1.2.v20141202"]

jaen16:11:29

Just wanted to say that

jaen16:11:37

That I remembered it's locked to JVM version

jcrossley316:11:12

i actually tried a few alpn versions in my noodlings and they all worked for me

jcrossley316:11:27

the 8.1.2 version is hardcoded in the undertow source examples

jaen16:11:48

Though it says OpenJDK. I have Orcale JDK, so maybe that's the cause?

jcrossley316:11:20

yeah, i'm just relaying what Mr. Empirical told me. simple_smile

jcrossley316:11:17

i'm using oracle, fwiw

jcrossley316:11:18

@jaen: you get that when lein run starts or when the browser connects?

jaen16:11:45

When I connect

jcrossley317:11:49

and this is using my latest fork?

jaen17:11:44

Yes, just pulled

jaen17:11:45

Updating JDK did the trick

jcrossley317:11:50

@jaen: can you do this at a repl? (import 'sun.security.ssl.ServerHandshaker)

jaen17:11:52

1.8.0_66 works perfectly

jcrossley317:11:07

i guess that's a new class then

jcrossley317:11:18

man this stuff is BRITTLE!

jaen17:11:45

That's interesting though, I think I read in some docs _40 was sufficient. Guess not.

jaen17:11:47

Yeah, quite so.

jaen17:11:32

I'll just see if this works with boot and I'll be set.

jaen17:11:47

I imagine you have to do it differently if you run from Wildfly instead of standalone, right?

jaen17:11:57

Config with some XMLs and whatnot.

jcrossley317:11:15

yes, but the principles are the same. this just came out yesterday: http://blog.eisele.net/2015/11/http2-with-jboss-eap-7.html

jcrossley317:11:26

should apply to wildfly as well as eap

jcrossley317:11:24

yep, same idea

jaen17:11:30

So I'll just have to figure what XML that maps to and modify the configuration of Wildfly accordingly.

jaen17:11:50

Thanks for all the help. I'll file the boot-immutant issue when I get this figured out.

jcrossley317:11:36

@jaen: thanks for driving us to figure this stuff out! simple_smile

jcrossley317:11:03

people underestimate the value of bug reports

jaen17:11:31

Incidentally, I imagine it's of less interest since you can config that in Wildfly and I guess it's the more "proper" way to deploy than standalone Immutant, but do you know whether you can config cipher suites and TLS levels programmatically for undertow?

jaen17:11:49

Because it's in the XMLs, but I'm not sure how that maps to the config builder.

jcrossley317:11:22

maybe? i guess that's what JAAS is for? but probably involves the use of keytool or some openssl tool? i dunno really.

jcrossley317:11:21

@jaen: i think your changes through the cli will persist in the xml files, so you can copy/paste from them afterwards

jaen17:11:00

I figured that maybe you know of some resource that explains how <https-listener name="https-2" socket-binding="https-2" security-realm="UndertowRealm" enabled-cipher-suites="ALL:!MD5:!DHA" enabled-protocols="SSLv3, TLSv1.2"/> maps to Undertow config builder, but then maybe again I'm expecting too much documentation ; F

jcrossley317:11:26

yeah, that's a lot to expect simple_smile

jaen17:11:47

Yeah, it's all fresh stuff so no surprise there's not all that much docs (and in general Java libs documentation seems somewhat lacking at times).

jaen17:11:58

I'll just dig around then, maybe something will come up.