Java Code Examples for com.linecorp.armeria.server.ServerBuilder#tlsSelfSigned()
The following examples show how to use
com.linecorp.armeria.server.ServerBuilder#tlsSelfSigned() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: ArmeriaConfigurationUtilTest.java From armeria with Apache License 2.0 | 5 votes |
|
@Test
void configureServer() throws Exception {
final File yml = new File(resourceFilePath("armeria-settings.yaml"));
final ArmeriaSettings armeriaSettings = configFactory.build(yml);
armeriaSettings.setSsl(null);
final ServerBuilder serverBuilder = Server.builder()
.service("/foo", (ctx, req) -> HttpResponse.of(200));
serverBuilder.tlsSelfSigned();
ArmeriaConfigurationUtil.configureServer(serverBuilder, armeriaSettings);
final Server server = serverBuilder.build();
assertThat(server.defaultHostname()).isEqualTo("host.name.com");
assertThat(server.config().maxNumConnections()).isEqualTo(5000);
assertThat(server.config().isDateHeaderEnabled()).isFalse();
assertThat(server.config().isServerHeaderEnabled()).isTrue();
assertThat(server.config().defaultVirtualHost().maxRequestLength()).isEqualTo(10485761);
assertThat(server.config().ports()).hasSize(3);
assertThat(server.config().ports()).containsExactly(
new ServerPort(8080, SessionProtocol.HTTP),
new ServerPort(new InetSocketAddress("127.0.0.1", 8081), SessionProtocol.HTTPS),
new ServerPort(8443, SessionProtocol.HTTPS, SessionProtocol.PROXY)
);
assertThat(server.config().http1MaxChunkSize()).isEqualTo(4000);
assertThat(server.config().http1MaxInitialLineLength()).isEqualTo(4096);
assertThat(server.config().http1MaxInitialLineLength()).isEqualTo(4096);
assertThat(server.config().http2InitialConnectionWindowSize()).isEqualTo(1024 * 1024 * 2);
assertThat(server.config().http2InitialStreamWindowSize()).isEqualTo(1024 * 1024 * 2);
assertThat(server.config().http2MaxFrameSize()).isEqualTo(16385);
assertThat(server.config().http2MaxHeaderListSize()).isEqualTo(8193);
assertThat(server.config().proxyProtocolMaxTlvSize()).isEqualTo(65320);
}
Example 2
| Source File: MockWebServerExtension.java From armeria with Apache License 2.0 | 5 votes |
|
@Override
protected final void configure(ServerBuilder sb) throws Exception {
sb.http(0);
sb.https(0);
sb.tlsSelfSigned();
sb.serviceUnder("/", new MockWebService());
configureServer(sb);
}
Example 3
| Source File: ManagedTomcatServiceTest.java From armeria with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(ServerBuilder sb) throws Exception {
sb.http(0);
sb.https(0);
sb.tlsSelfSigned();
sb.serviceUnder(
"/jsp/",
TomcatService.builder(webAppRoot())
.serviceName(SERVICE_NAME)
.configurator(s -> Collections.addAll(tomcatServices, s.findServices()))
.build()
.decorate(LoggingService.newDecorator()));
sb.serviceUnder(
"/jar/",
TomcatService.builder(AppRootFinder.find(Future.class))
.serviceName("TomcatServiceTest-JAR")
.build()
.decorate(LoggingService.newDecorator()));
sb.serviceUnder(
"/jar_altroot/",
TomcatService.builder(AppRootFinder.find(Future.class), "/io/netty/util/concurrent")
.serviceName("TomcatServiceTest-JAR-AltRoot")
.build()
.decorate(LoggingService.newDecorator()));
}
Example 4
| Source File: JettyServiceTest.java From armeria with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(ServerBuilder sb) throws Exception {
sb.http(0);
sb.https(0);
sb.tlsSelfSigned();
sb.serviceUnder(
"/jsp/",
JettyService.builder()
.handler(newWebAppContext())
.configurator(s -> jettyBeans.addAll(s.getBeans()))
.build()
.decorate(LoggingService.newDecorator()));
sb.serviceUnder(
"/default/",
JettyService.builder()
.handler(new DefaultHandler())
.build());
final ResourceHandler resourceHandler = new ResourceHandler();
resourceHandler.setResourceBase(webAppRoot().getPath());
sb.serviceUnder(
"/resources/",
JettyService.builder()
.handler(resourceHandler)
.build());
}
Example 5
| Source File: JettyServiceStartupTest.java From armeria with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(ServerBuilder sb) throws Exception {
sb.http(0);
sb.https(0);
sb.tlsSelfSigned();
sb.serviceUnder(
"/jsp/",
JettyService.builder()
.handler(newWebAppContext())
.configurator(s -> jettyBeans.addAll(s.getBeans()))
.build()
.decorate(LoggingService.newDecorator()));
sb.serviceUnder(
"/default/",
JettyService.builder()
.handler(new DefaultHandler())
.build());
final ResourceHandler resourceHandler = new ResourceHandler();
resourceHandler.setResourceBase(WebAppContainerTest.webAppRoot().getPath());
sb.serviceUnder(
"/resources/",
JettyService.builder()
.handler(resourceHandler)
.build());
}
Example 6
| Source File: UnmanagedJettyServiceTest.java From armeria with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(ServerBuilder sb) throws Exception {
sb.http(0);
sb.https(0);
sb.tlsSelfSigned();
jetty = new Server(0);
jetty.setHandler(JettyServiceTest.newWebAppContext());
jetty.start();
sb.serviceUnder(
"/jsp/",
JettyService.of(jetty).decorate(LoggingService.newDecorator()));
}
Example 7
| Source File: HealthCheckedEndpointGroupIntegrationTest.java From armeria with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(ServerBuilder sb) throws Exception {
sb.http(0);
sb.https(0);
sb.tlsSelfSigned();
sb.service(HEALTH_CHECK_PATH, HealthCheckService.builder().longPolling(0).build());
}
Example 8
| Source File: CentralDogma.java From centraldogma with Apache License 2.0 | 4 votes |
|
private Server startServer(ProjectManager pm, CommandExecutor executor,
PrometheusMeterRegistry meterRegistry, @Nullable SessionManager sessionManager) {
final ServerBuilder sb = Server.builder();
sb.verboseResponses(true);
cfg.ports().forEach(sb::port);
if (cfg.ports().stream().anyMatch(ServerPort::hasTls)) {
try {
final TlsConfig tlsConfig = cfg.tls();
if (tlsConfig != null) {
sb.tls(tlsConfig.keyCertChainFile(), tlsConfig.keyFile(), tlsConfig.keyPassword());
} else {
logger.warn(
"Missing TLS configuration. Generating a self-signed certificate for TLS support.");
sb.tlsSelfSigned();
}
} catch (Exception e) {
Exceptions.throwUnsafely(e);
}
}
sb.clientAddressSources(cfg.clientAddressSourceList());
sb.clientAddressTrustedProxyFilter(cfg.trustedProxyAddressPredicate());
cfg.numWorkers().ifPresent(
numWorkers -> sb.workerGroup(EventLoopGroups.newEventLoopGroup(numWorkers), true));
cfg.maxNumConnections().ifPresent(sb::maxNumConnections);
cfg.idleTimeoutMillis().ifPresent(sb::idleTimeoutMillis);
cfg.requestTimeoutMillis().ifPresent(sb::requestTimeoutMillis);
cfg.maxFrameLength().ifPresent(sb::maxRequestLength);
cfg.gracefulShutdownTimeout().ifPresent(
t -> sb.gracefulShutdownTimeoutMillis(t.quietPeriodMillis(), t.timeoutMillis()));
final MetadataService mds = new MetadataService(pm, executor);
final WatchService watchService = new WatchService(meterRegistry);
final AuthProvider authProvider = createAuthProvider(executor, sessionManager, mds);
configureThriftService(sb, pm, executor, watchService, mds);
sb.service("/title", webAppTitleFile(cfg.webAppTitle(), SystemInfo.hostname()).asService());
sb.service(HEALTH_CHECK_PATH, HealthCheckService.of());
// TODO(hyangtack): This service is temporarily added to support redirection from '/docs' to '/docs/'.
// It would be removed if this kind of redirection is handled by Armeria.
sb.service("/docs", new AbstractHttpService() {
@Override
protected HttpResponse doGet(ServiceRequestContext ctx, HttpRequest req)
throws Exception {
return HttpResponse.of(
ResponseHeaders.of(HttpStatus.TEMPORARY_REDIRECT, HttpHeaderNames.LOCATION, "/docs/"));
}
});
sb.serviceUnder("/docs/",
DocService.builder()
.exampleHttpHeaders(CentralDogmaService.class,
HttpHeaders.of(HttpHeaderNames.AUTHORIZATION,
"Bearer " + CsrfToken.ANONYMOUS))
.build());
configureHttpApi(sb, pm, executor, watchService, mds, authProvider, sessionManager);
configureMetrics(sb, meterRegistry);
// Configure access log format.
final String accessLogFormat = cfg.accessLogFormat();
if (isNullOrEmpty(accessLogFormat)) {
sb.accessLogWriter(AccessLogWriter.disabled(), true);
} else if ("common".equals(accessLogFormat)) {
sb.accessLogWriter(AccessLogWriter.common(), true);
} else if ("combined".equals(accessLogFormat)) {
sb.accessLogWriter(AccessLogWriter.combined(), true);
} else {
sb.accessLogFormat(accessLogFormat);
}
final Server s = sb.build();
s.start().join();
return s;
}
Example 9
| Source File: ArmeriaConfigurationUtil.java From armeria with Apache License 2.0 | 4 votes |
|
/**
* Adds SSL/TLS context to the specified {@link ServerBuilder}.
*/
private static void configureTls(ServerBuilder sb, ArmeriaSettings.Ssl ssl,
@Nullable Supplier<KeyStore> keyStoreSupplier,
@Nullable Supplier<KeyStore> trustStoreSupplier) {
if (!ssl.isEnabled()) {
return;
}
try {
if (keyStoreSupplier == null && trustStoreSupplier == null &&
ssl.getKeyStore() == null && ssl.getTrustStore() == null) {
logger.warn("Configuring TLS with a self-signed certificate " +
"because no key or trust store was specified");
sb.tlsSelfSigned();
return;
}
final KeyManagerFactory keyManagerFactory = getKeyManagerFactory(ssl, keyStoreSupplier);
final TrustManagerFactory trustManagerFactory = getTrustManagerFactory(ssl, trustStoreSupplier);
sb.tls(keyManagerFactory);
sb.tlsCustomizer(sslContextBuilder -> {
sslContextBuilder.trustManager(trustManagerFactory);
final SslProvider sslProvider = ssl.getProvider();
if (sslProvider != null) {
sslContextBuilder.sslProvider(sslProvider);
}
final List<String> enabledProtocols = ssl.getEnabledProtocols();
if (enabledProtocols != null) {
sslContextBuilder.protocols(enabledProtocols.toArray(EMPTY_PROTOCOL_NAMES));
}
final List<String> ciphers = ssl.getCiphers();
if (ciphers != null) {
sslContextBuilder.ciphers(ImmutableList.copyOf(ciphers),
SupportedCipherSuiteFilter.INSTANCE);
}
final ClientAuth clientAuth = ssl.getClientAuth();
if (clientAuth != null) {
sslContextBuilder.clientAuth(clientAuth);
}
});
} catch (Exception e) {
throw new IllegalStateException("Failed to configure TLS: " + e, e);
}
}
Example 10
| Source File: ArmeriaConfigurationUtil.java From armeria with Apache License 2.0 | 4 votes |
|
/**
* Adds SSL/TLS context to the specified {@link ServerBuilder}.
*/
public static void configureTls(ServerBuilder sb, Ssl ssl,
@Nullable Supplier<KeyStore> keyStoreSupplier,
@Nullable Supplier<KeyStore> trustStoreSupplier) {
if (!ssl.isEnabled()) {
return;
}
try {
if (keyStoreSupplier == null && trustStoreSupplier == null &&
ssl.getKeyStore() == null && ssl.getTrustStore() == null) {
logger.warn("Configuring TLS with a self-signed certificate " +
"because no key or trust store was specified");
sb.tlsSelfSigned();
return;
}
final KeyManagerFactory keyManagerFactory = getKeyManagerFactory(ssl, keyStoreSupplier);
final TrustManagerFactory trustManagerFactory = getTrustManagerFactory(ssl, trustStoreSupplier);
sb.tls(keyManagerFactory);
sb.tlsCustomizer(sslContextBuilder -> {
sslContextBuilder.trustManager(trustManagerFactory);
final SslProvider sslProvider = ssl.getProvider();
if (sslProvider != null) {
sslContextBuilder.sslProvider(sslProvider);
}
final List<String> enabledProtocols = ssl.getEnabledProtocols();
if (enabledProtocols != null) {
sslContextBuilder.protocols(enabledProtocols.toArray(EMPTY_PROTOCOL_NAMES));
}
final List<String> ciphers = ssl.getCiphers();
if (ciphers != null) {
sslContextBuilder.ciphers(ImmutableList.copyOf(ciphers),
SupportedCipherSuiteFilter.INSTANCE);
}
final ClientAuth clientAuth = ssl.getClientAuth();
if (clientAuth != null) {
sslContextBuilder.clientAuth(clientAuth);
}
});
} catch (Exception e) {
throw new IllegalStateException("Failed to configure TLS: " + e, e);
}
}
Example 11
| Source File: GrpcClientTest.java From armeria with Apache License 2.0 | 4 votes |
|
@Override
protected void configure(ServerBuilder sb) {
sb.workerGroup(EventLoopGroups.newEventLoopGroup(1), true);
sb.maxRequestLength(MAX_MESSAGE_SIZE);
sb.idleTimeoutMillis(0);
sb.http(0);
sb.https(0);
sb.tlsSelfSigned();
final ServerServiceDefinition interceptService =
ServerInterceptors.intercept(
new TestServiceImpl(Executors.newSingleThreadScheduledExecutor()),
new ServerInterceptor() {
@Override
public <REQ, RESP> Listener<REQ> interceptCall(
ServerCall<REQ, RESP> call,
Metadata requestHeaders,
ServerCallHandler<REQ, RESP> next) {
final HttpHeadersBuilder fromClient = HttpHeaders.builder();
MetadataUtil.fillHeaders(requestHeaders, fromClient);
CLIENT_HEADERS_CAPTURE.set(fromClient.build());
return next.startCall(
new SimpleForwardingServerCall<REQ, RESP>(call) {
@Override
public void close(Status status, Metadata trailers) {
trailers.merge(requestHeaders);
super.close(status, trailers);
}
}, requestHeaders);
}
});
sb.serviceUnder("/",
GrpcService.builder()
.addService(interceptService)
.setMaxInboundMessageSizeBytes(MAX_MESSAGE_SIZE)
.setMaxOutboundMessageSizeBytes(MAX_MESSAGE_SIZE)
.useClientTimeoutHeader(false)
.build()
.decorate((client, ctx, req) -> {
final HttpResponse res = client.serve(ctx, req);
return new FilteredHttpResponse(res) {
private boolean headersReceived;
@Override
protected HttpObject filter(HttpObject obj) {
if (obj instanceof HttpHeaders) {
if (!headersReceived) {
headersReceived = true;
} else {
SERVER_TRAILERS_CAPTURE.set((HttpHeaders) obj);
}
}
return obj;
}
};
}));
}
