y
yannick.duthe@assemblee-virtuelle.org 8 years ago
#
# A fatal error has been detected by the Java Runtime Environment:
j
jeanmarc.vanel@gmail.com 8 years ago
En fait, l'URL du server Semantic_forms est déjà "connue" comme http://212.47.23
BA
Benoit Alessandroni 8 years ago
Poser la question à @Sylvain / Henry ?
y
yannick.duthe@assemblee-virtuelle.org 8 years ago
J'ai testé en déposant des fichiers depuis ma machine sur le serveur dans le con
y
yannick.duthe@assemblee-virtuelle.org 8 years ago
j'utilise la branche dev de rww-play, que j'ai beaucoup mise a jour récement. Je
- Installation du serveur LDP AV
- Objectifs de ce PAD
- Reste à faire
- Comment démarrer le serveur
- Se connecter sur le serveur LDP AV :
- Démarrer le serveur rwwplay :
- Comment arrêter le serveur
- Comment savoir que le serveur rwwplay est UP ou DOWN lorsqu'on se connecte ?
- Mise en conditions opérationnelle du serveur LDP AV
- 1er test : En ajoutant un "&" à la fin de la commande
- Historique
- Installation du 2/11/2015
- Prérequis :
- Installation de rwwplay
- Modification des ports
- Utilisation d'une JDK 1.8 (à la place de 1.7)
- Redirection depuis le domaine virtual-assembly.org
- Ajout d'un container pour la carto PAIR
- Problème initial:
- Raison:
- Test de la carto PAIR sur ce nouveau serveur LDP
- Attention ! Ne pas déposer des fichiers d'un serveur à un autre, cela ne fonctionne pas, il manque un lien !
- GET sur un container
- Comment voir les fichiers sur le serveur depuis l'extérieur ?
- Peut-on fonctionner en HTTP sur le port 9001
- Ajout d'un certificat SSL serveur
- Liens externes
- Création de la clé privée
- Génération du certificat :
- Lancement de rwwplay en précisant le certificat
- Discussion avec JM :
- Discussion avec Sylvain
- Tentative de modification du fichier de conf dans conf/application.conf
- Tests
- Discussion avec Henry
- Importing a Certificate for the CA
- Ce que je comprends (Yannick)
- Autres doc à propos du keystore
- Création d'un certificat serveur sur Let's encrypt
- Création du keystore JKS (magasin de certificat Java)
- Nouveaux tests du 18/01/2016
- Nouveau test avec le certificat CACert
- Tentative pour Rwwplay:
- Génération d'un nouveau certificat
- Renouvellement du certificat
- Pour le prochain renouvellement
- Nettoyage des autres KeyStore maintenant inutiles
- Problème constaté
- Problème de core dump
- La suite
Objectifs de ce PAD
Reste à faire
Comment démarrer le serveur
ssh av@212.47.232.171
cd ~/rwweb-0.7.2-SNAPSHOT/
bin/rwweb -Dhttp.port=9001 -Dhttps.port=8443 -Dhttps.keyStore=/home/av/letsencrypt/AV/keystore.jks -Dhttps.keyStorePassword=123Soleil! -Drww.root.container.path=/home/av/ldpwww -Dhttp.hostname=ldp.virtual-assembly.org &
bin/rwweb -Dhttp.port=9001 -Dhttps.port=8443 -Dhttps.trustStore=noCA -Drww.root.container.path=/home/av/ldpwww -Dhttp.hostname=ldp.virtual-assembly.org &
Comment arrêter le serveur
sudo kill sudo lsof -t -i:9001
rm ~/rwweb-0.7.2-SNAPSHOT/RUNNING_PID
Comment savoir que le serveur rwwplay est UP ou DOWN lorsqu'on se connecte ?
sudo netstat -tulpn | grep 9001
av@c1-10-1-34-165:~/rwweb-0.7.2-SNAPSHOT$ sudo netstat -tulpn | grep 9001
tcp6 0 0 :::9001 :::* LISTEN 493/java
Mise en conditions opérationnelle du serveur LDP AV
top - 10:16:31 up 238 days, 19:37, 1 user, load average: 3.00, 3.40, 3.32
Tasks: 72 total, 1 running, 71 sleeping, 0 stopped, 0 zombie
%Cpu(s): 0.0 us, 0.0 sy, 0.0 ni,100.0 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
KiB Mem: 2072392 total, 1395764 used, 676628 free, 135572 buffers
KiB Swap: 0 total, 0 used, 0 free. 582204 cached Mem
top - 10:16:34 up 238 days, 19:38, 1 user, load average: 3.00, 3.39, 3.32
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
%Cpu(s): 6.7 us, 0.1 sy, 0.0 ni, 93.2 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
KiB Mem: 2072392 total, 1402460 used, 669932 free, 135572 buffers
30673 jmv 20 0 391524 196940 13516 S 0.3 9.5 21:18.58 java
2 root 20 0 0 0 0 S 0.0 0.0 0:00.01 kthreadd
28926 av 20 0 1282080 88684 12720 S 28.5 4.3 0:05.98 java
Historique
sudo netstat -tulpn | grep LISTEN
Installation du 2/11/2015
ssh av@212.47.232.171
java - version
java version "1.7.0_65"
OpenJDK Runtime Environment (IcedTea 2.5.3) (7u71-2.5.3-0ubuntu0.14.04.1)
OpenJDK Zero VM (build 24.65-b04, mixed mode)
mkdir install
cd install
wget http://download.openinitiative.com/rwweb-0.7.2-SNAPSHOT.zip
unzip rwweb-0.7.2-SNAPSHOT.zip
mv rwweb-0.7.2-SNAPSHOT.zip ../
wget http://download.openinitiative.com/ldpwww.tar.gz
tar -xzf ldpwww.tar.gz
mv ldpwww ../
cd rwweb-0.7.2-SNAPSHOT/
bin/rwweb -Dhttps.port=8443 -Dhttps.trustStore=noCA -Drww.root.container.path=/home/av/ldpwww
ln -s /home/jmv/apps/jdk $HOME/jdk
export JAVA_HOME=$HOME/jdk
export PATH=$HOME/bin:$JAVA_HOME/bin:$PATH
ls -ld ~/apps/jdk*
lrwxrwxrwx 1 jmv jmv 11 août 6 10:44 /home/jmv/apps/jdk -> jdk1.8.0_51
drwxrwxr-x 8 jmv jmv 4096 oct. 28 2014 /home/jmv/apps/jdk1.8.0_06
drwxrwxr-x 8 jmv jmv 4096 août 6 10:43 /home/jmv/apps/jdk1.8.0_51
av@c1-10-1-34-165:~$ java -version
java version "1.8.0_51"
Java(TM) SE Runtime Environment (build 1.8.0_51-b07)
Java HotSpot(TM) Client VM (build 25.51-b07, mixed mode)
Redirection depuis le domaine virtual-assembly.org
Ajout d'un container pour la carto PAIR
cd ~/ldpwww
cp -r todos/ cartopair/
@prefix acl: <http://www.w3.org/ns/auth/acl#> .
@prefix foaf: <http://xmlns.com/foaf/0.1/> .
[] acl:accessToClass [ acl:regex "https://(\\w+\\.)?ldp.virtual-assembly.org:8443/.*[.]acl" ];
acl:mode acl:Read;
acl:agentClass foaf:Agent .
[] acl:accessToClass [ acl:regex "https://(\\w+\\.)?ldp.virtual-assembly.org:8443/.*" ];
acl:mode acl:Write, acl:Read, acl:Append;
acl:agentClass foaf:Agent .
#if you name your computer "bleau" in /etc/hosts then it is easier to debug virtual cell phone apps
#for Android for example: http://www.bradcurtis.com/hosts-files-and-the-google-android-emulator/
[] acl:accessToClass [ acl:regex "https://(\\w+\\.)?bleau:8443/.*" ];
acl:mode acl:Read, acl:Write;
acl:agent <card#i> .
Test de la carto PAIR sur ce nouveau serveur LDP
var store = new MyStore({ container : "https://ldp.virtual-assembly.org:8443/2013/cartopair/",
context : "http://owl.openinitiative.com/oicontext.jsonld",
template : "",
partials : ""})
var jsonLd = {
"@context":{
"av" : "http://www.assemblee-virtuelle.org/ontologies/v1.owl#"
},
"@type" : "av:Organization"
}
store.save(jsonLd);
store.get("https://ldp.virtual-assembly.org:8443/2013/cartopair/b3af65a422").then(console.log.bind(console))
Comment voir les fichiers sur le serveur depuis l'extérieur ?
Peut-on fonctionner en HTTP sur le port 9001
No SSLHandler!
javax.net.ssl.SSLException: No SSLHandler!
Ajout d'un certificat SSL serveur
sudo apt-get install openssl
av@c1-10-1-34-165:/etc/ssl$ cd /etc/ssl
av@c1-10-1-34-165:/etc/ssl$ sudo mkdir tmp
av@c1-10-1-34-165:/etc/ssl$ cd tmp
av@c1-10-1-34-165:/etc/ssl$ sudo openssl genrsa -out server.key 2048
Generating RSA private key, 2048 bit long modulus
.....................................................+++
............+++
e is 65537 (0x10001)
av@c1-10-1-34-165:/etc/ssl/tmp$ sudo openssl req -new -key server.key -out server_v-a.csr
[sudo] password for av:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:FR
State or Province Name (full name) [Some-State]:Ile de france
Locality Name (eg, city) []:Paris
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Assemblée Virtuelle
Organizational Unit Name (eg, section) []:AV
Common Name (e.g. server FQDN or YOUR name) []:virtual-assembly.org
Email Address []:webmaster@virtual-assembly.org
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:toto
An optional company name []:Practishare
-----BEGIN CERTIFICATE-----
MIIFHDCCAwSgAwIBAgIDEYzOMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv
b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
dEBjYWNlcnQub3JnMB4XDTE1MTIyMTIwNDQ0NFoXDTE2MDYxODIwNDQ0NFowHzEd
MBsGA1UEAxMUdmlydHVhbC1hc3NlbWJseS5vcmcwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDPAuBrUe8Tr4IxkyOheTNkd4TvKyAbdUHDZh9XKJjnufss
BK9PDo98ltyFvmbwyZEYD+1JTob1I42r2O94nVcNbI3zwvAOuB7CcPfYNmWJKxKq
SI5Btq9xAXTgq7b2MSFLB/MnJAG7bN9j88zDEVZnq/SPws9ZowP7ZwDCQGQy+t2X
mqxwpez3SpNZa2L+0/PkoOLTNYpOrXqtrdRZmV3LdxFn9JdBnd+ZKxZ3l9bxN5m4
VuOcN3rElNwupX02dkwnRhUEu95XNOFiXEz7gMno1ff3ztsuPWRRMRGBSaKd5Nr7
Vce5/4KgO7X12xITBtU04IjGhKU+AyBnFEMlR2upAgMBAAGjggEFMIIBATAMBgNV
HRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIDqDA0BgNVHSUELTArBggrBgEFBQcDAgYI
KwYBBQUHAwEGCWCGSAGG+EIEAQYKKwYBBAGCNwoDAzAzBggrBgEFBQcBAQQnMCUw
IwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmNhY2VydC5vcmcvMDEGA1UdHwQqMCgw
JqAkoCKGIGh0dHA6Ly9jcmwuY2FjZXJ0Lm9yZy9yZXZva2UuY3JsMEMGA1UdEQQ8
MDqCFHZpcnR1YWwtYXNzZW1ibHkub3JnoCIGCCsGAQUFBwgFoBYMFHZpcnR1YWwt
YXNzZW1ibHkub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQBE+dTY7LyFW6nG/YjZtsOa
S4EuwDUBaPK/qYZilyB/yqNeegJ7OhibDNvX1EfoMAx74DEwuc1R4QTfLdZuTuon
S//wAzjjEmlteU8jK73er61UpHAq1q04y9jSIHlGlXolzQ4EFTrqsRg+U1Ex4fgl
3kcBEbpyfVUA7wcafsjHLx9dpNBTEgNN0HImBp2jlgLlFkDJVcuRw4qenkSjNw6I
85/P6azV8lZtZQwA/cV+yjlqhmZf5Yjp6xVivhtcsNMPpFTHn5exHtF7SfPrAi7P
FoWguBH/2Ofq+OFOIxnHTwUdXN/4aeOkNbSq1/cm62ywIAgFRT6eW5TnQLGg2mqq
xn57xs0/WQADgZRXJYD2oZniYIMEidyRXHPHDuXYLP8f5nrxw2JjYfeULK8epztM
oidPdXvRViTCGmE7m/SRsDxzcIfoMMSILvUGucOkPP7rz4c6rHPflx2lY5T0Csny
zR77ka/k12MjbRZHUWADewlasB3EYzg1Cb47e2CLn2AlgXaOVPyKF0daMFdaI8Dm
mfh+ZShFxExAQV6XSyXCCYiII7h5FF+i8B0BhAZ0OSseC5QKWiZlDDujS9Y6FhkA
RW9eIVOt00h6MbUbRTbcf59S0psbmEAkx8osxtwYIW/RVOBXvmYxV7G1ClpUnA+f
OFj7IPAv1VtXcKYJBxLD/w==
-----END CERTIFICATE-----
bin/rwweb -Dhttps.port=8443 -Dhttps.trustStore=noCA
sudo kill sudo lsof -t -i:9001
sudo netstat -tulpn | grep 9001
bin/rwweb -Dhttp.port=9001 -Dhttps.port=8443 -Dhttps.trustStore=server_v-a.crt -Drww.root.container.path=/home/av/ldpwww -Dhttp.hostname=ldp.virtual-assembly.org &
Discussion avec JM :
Discussion avec Sylvain
Tentative de modification du fichier de conf dans conf/application.conf
# This is the main configuration file for the application.
# ~~~~~
# RWW Play Apps setup
# ===================
#
# RWW Play contains a number of apps, some of which are optional
http.hostname=ldp.virtual-assembly.org
https.port=8443
https.trustStore="/etc/ssl/tmp/server_v-a.crt"
# enable Subdomain support
rww.subdomains=true //default:false
Tests
Discussion avec Henry
Ce que je comprends (Yannick)
yannick@logthree:~/Téléchargements$ scp cacert* av@212.47.232.171:/home/av
av@212.47.232.171's password:
cacert_int.crt 100% 2610 2.6KB/s 00:00
cacert_root.crt 100% 2569 2.5KB/s 00:00
Création d'un certificat serveur sur Let's encrypt
ssh av@212.47.232.171
$ git clone https://github.com/letsencrypt/letsencrypt
$ cd letsencrypt
$ ./letsencrypt-auto --help
cat fullchain1.pem privkey1.pem | openssl pkcs12 -export -out cert.p1
Création du keystore JKS (magasin de certificat Java)
root@c1-10-1-34-165:~/letsencrypt/AV# keytool -genkey -alias ldp.virtual-assembly.org -keyalg RSA -keystore keystore.jks
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: Yannick DUTHE
What is the name of your organizational unit?
[Unknown]: Assemblée Virtuelle
What is the name of your organization?
[Unknown]: AV
What is the name of your City or Locality?
[Unknown]: Paris
What is the name of your State or Province?
[Unknown]: France
What is the two-letter country code for this unit?
[Unknown]: FR
Is CN=Yannick DUTHE, OU=Assemblée Virtuelle, O=AV, L=Paris, ST=France, C=FR correct?
[no]: yes
Enter key password for <ldp.virtual-assembly.org>
(RETURN if same as keystore password):
root@c1-10-1-34-165:~/letsencrypt/AV# keytool -import -trustcacerts -alias root -file fullchain1.crt -keystore keystore.jks
Enter keystore password:
Owner: CN=ldp.virtual-assembly.org
Issuer: CN=Let's Encrypt Authority X1, O=Let's Encrypt, C=US
Serial number: 1933c52e7f2e2fa11cdfcbd3e580c9ed615
Valid from: Tue Jan 05 17:51:00 UTC 2016 until: Mon Apr 04 17:51:00 UTC 2016
Certificate fingerprints:
MD5: 9B:14:CE:C4:07:59:AC:8D:31:AD:B8:9E:BB:5F:6D:84
SHA1: 77:7D:AC:45:46:91:FA:17:56:23:B3:7B:ED:32:9A:ED:63:51:3E:74
SHA256: 00:C0:8B:1C:BB:4C:7C:A4:89:E0:3D:BB:22:E0💿7B:10:A8:30:FE:4A:11:7C:22:37:B2:32:12:77:E1:D7:AB
Signature algorithm name: SHA256withRSA
Version: 3
...
Trust this certificate? [no]: yes
Certificate was added to keystore
sudo kill sudo lsof -t -i:9001
sudo netstat -tulpn | grep 9001
cd ~/rwweb-0.7.2-SNAPSHOT/
bin/rwweb -Dhttp.port=9001 -Dhttps.port=8443 -Dhttps.keyStore=/home/av/letsencrypt/AV/keystore.jks -Dhttps.keyStorePassword=123Soleil! -Drww.root.container.path=/home/av/ldpwww -Dhttp.hostname=ldp.virtual-assembly.org &
Nouveaux tests du 18/01/2016
keytool -delete -alias ldp.virtual-assembly.org -keystore keystore.jks
keytool -list -v -keystore keystore.jks
keytool -import -trustcacerts -alias root -file cacert_root.crt -keystore keystore.jks
keytool -import -trustcacerts -alias inter -file cacert_int.crt -keystore keystore.jks
keytool -import -trustcacerts -alias cert -file server_v-a.crt -keystore keystore.jks
openssl pkcs12 -export -in cert1.pem -inkey privkey1.pem -out cert_and_key_play.p12 -name rwwplay -CAfile fullchain1.pem -caname root
keytool -importkeystore -deststorepass 123Soleil! -destkeypass 123Soleil! -destkeystore MyDSKeyStore.jks -srckeystore cert_and_key_play.p12 -srcstoretype PKCS12 -srcstorepass 123Soleil! -alias root
bin/rwweb -Dhttp.port=9001 -Dhttps.port=8443 -Dhttps.keyStore=/home/av/letsencrypt/AV/MyDSKeyStore.jks -Dhttps.keyStorePassword=123Soleil! -Drww.root.container.path=/home/av/ldpwww -Dhttp.hostname=ldp.virtual-assembly.org &
Génération d'un nouveau certificat
cp /etc/letsencrypt/archive/ldp.virtual-assembly.org/cert2.pem .
cp /etc/letsencrypt/archive/ldp.virtual-assembly.org/privkey2.pem .
openssl x509 -outform der -in fullchain2.pem -out fullchain2.crt
openssl pkcs12 -export -in cert2.pem -inkey privkey2.pem -out cert_and_key_play2.p12 -name rwwplay -CAfile fullchain2.pem -caname root
root@c1-10-1-34-165:~/letsencrypt/AV# keytool -importkeystore -deststorepass 123Soleil! -destkeypass 123Soleil! -destkeystore MyDSKeyStore2.jks -srckeystore cert_and_key_play2.p12 -srcstoretype PKCS12 -srcstorepass 123Soleil! -alias root
keytool error: java.lang.Exception: Alias <root> does not exist
keytool -list -v -keystore keystore.jks
sudo kill sudo lsof -t -i:9001
sudo netstat -tulpn | grep 9001
cd rwweb-0.7.2-SNAPSHOT/
bin/rwweb -Dhttp.port=9001 -Dhttps.port=8443 -Dhttps.keyStore=/home/av/letsencrypt/AV/MyDSKeyStore2.jks -Dhttps.keyStorePassword=123Soleil! -Drww.root.container.path=/home/av/ldpwww -Dhttp.hostname=ldp.virtual-assembly.org &
Renouvellement du certificat
keytool -list -v -keystore keystore.jks
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 0 entries
keytool -importkeystore -v -srckeystore cert_and_key_play2.p12 -destkeystore keystore.jks -srcstoretype PKCS12 -deststoretype JKS -deststorepass 123Soleil! -srcstorepass 123Soleil!
cd rwweb-0.7.2-SNAPSHOT/
bin/rwweb -Dhttp.port=9001 -Dhttps.port=8443 -Dhttps.keyStore=/home/av/letsencrypt/AV/keystore.jks -Dhttps.keyStorePassword=123Soleil! -Drww.root.container.path=/home/av/ldpwww -Dhttp.hostname=ldp.virtual-assembly.org &
keytool -list -v -keystore my_keystore_name.jks
keytool -delete -alias alias -keystore my_keystore_name.jks
rm -f ./my_keystore_name.jks
cd ~/lets-encrypt/av
rm -f cert_and_key_* // Suppression des p12 pour nettoyage
openssl pkcs12 -export -in fullchain2.pem -inkey privkey2.pem -out cert_and_key2.p12 -name ldp.virtual-assembly.org -CAfile fullchainX.pem -caname root
keytool -list -v -keystore my_keystore_name.jks // Listing des certifs
keytool -delete -alias rwwplay -keystore keystore.jks // Suppression du certif
keytool -importkeystore -v -srckeystore cert_and_key2.p12 -destkeystore keystore.jks -srcstoretype PKCS12 -deststoretype JKS -deststorepass 123Soleil! -srcstorepass 123Soleil!
> Faire un "exit" pour revenir en utilisateur AV
sudo kill sudo lsof -t -i:9001
cd ~/rwweb-0.7.2-SNAPSHOT/
bin/rwweb -Dhttp.port=9001 -Dhttps.port=8443 -Dhttps.keyStore=/home/av/letsencrypt/AV/keystore.jks -Dhttps.keyStorePassword=123Soleil! -Drww.root.container.path=/home/av/ldpwww -Dhttp.hostname=ldp.virtual-assembly.org &
Problème de core dump
root@c1-10-1-8-62:/home/av/rwweb-0.7.2-SNAPSHOT# bin/rwweb -Dhttp.port=9001 -Dhttps.port=8443 -Dhttps.keyStore=/home/av/letsencrypt/AV/keystore.jks -Dhttps.keyStorePassword=123Soleil! -Drww.root.container.path=/home/av/ldpwww -Dhttp.hostname=ldp.virtual-assembly.org &
[1] 29390
root@c1-10-1-8-62:/home/av/rwweb-0.7.2-SNAPSHOT# #
A fatal error has been detected by the Java Runtime Environment:
#
Internal Error (os_linux_zero.cpp:285), pid=29390, tid=1091343456
fatal error: caught unhandled signal 11
#
JRE version: OpenJDK Runtime Environment (7.0_65-b32) (build 1.7.0_65-b32)
Java VM: OpenJDK Zero VM (24.65-b04 mixed mode linux-arm )
Derivative: IcedTea 2.5.3
Distribution: Ubuntu 14.04 LTS, package 7u71-2.5.3-0ubuntu0.14.04.1
Failed to write core dump. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again
#
An error report file with more information is saved as:
/home/av/rwweb-0.7.2-SNAPSHOT/hs_err_pid29390.log
#
If you would like to submit a bug report, please include
instructions on how to reproduce the bug and visit:
http://icedtea.classpath.org/bugzilla
La suite