How to set up akkacluster with SSL support
I am looking for a cluster setup using akka for my framework projects. I want to know how I can maintain smooth support for SSL transport. I was looking at http://doc.akka.io/docs/akka/snapshot/scala/remoting.html and got tired of some settings.
Here's my example configuration:
akka {
loglevel = ERROR
actor.provider = "akka.cluster.ClusterActorRefProvider"
remote {
enabled-transports = ["akka.remote.netty.tcp"]
enabled-transports = [akka.remote.netty.ssl]
netty.ssl.tcp {
hostname = "127.0.0.1"
enable-ssl = true
}
netty.ssl.security {
key-store = "mykeystore"
trust-store = "mytruststore"
key-store-password = "changeme"
key-password = "changeme"
trust-store-password = "changeme"
protocol = "TLSv1"
random-number-generator = "AES128CounterSecureRNG"
enabled-algorithms = [TLS_RSA_WITH_AES_128_CBC_SHA]
}
}
cluster {
auto-down = on
akka.cluster.auto-down-unreachable-after = 5s
}
}
I start the server like this:
activator -Dnode.id = 1 -Dhttp.port = 9000 -Dakka.remote.netty.tcp.port = 2551 -Dakka.cluster.seed-nodes.0 = "akka.ssl.tcp: // application @ 127.0.0.1 : 2551 "run
I'm not sure what I am missing anymore. I don't see my events when my dick is UP
I mentioned the implementation: https://github.com/zarinfam/play-akka-cluster-pub-sub
Please suggest.
source to share
I used the following configuration. Corresponding certificates have also been generated: http://docs.oracle.com/cd/E19528-01/819-4733/6n6s6u1gl/index.html Also note: you need to set up a keystore and trust store, determine the SSL / TLS version, to be used and set the allowed algorithms. These settings correspond directly to the JSSE configuration, which are described here: http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html
Here is my config:
akka {
log-dead-letters = on
loglevel = INFO
actor.provider = "akka.cluster.ClusterActorRefProvider"
remote {
#enabled-transports = ["akka.remote.netty.tcp"]
enabled-transports = [akka.remote.netty.ssl]
log-remote-lifecycle-events =on
netty.tcp {
hostname = "core06"
enable-ssl = true
}
netty.ssl = ${akka.remote.netty.tcp}
netty.ssl = {
# Enable SSL/TLS encryption.
# This must be enabled on both the client and server to work.
enable-ssl = true
security {
# This is the Java Key Store used by the server connection
key-store = "keystore.jks"
# This password is used for decrypting the key store
key-store-password = "changeit"
# This password is used for decrypting the key
key-password = "changeit"
# This is the Java Key Store used by the client connection
trust-store = "cacerts.jks"
# This password is used for decrypting the trust store
trust-store-password = "changeit"
# Protocol to use for SSL encryption, choose from:
# Java 6 & 7:
# 'SSLv3', 'TLSv1'
# Java 7:
# 'TLSv1.1', 'TLSv1.2'
protocol = "TLSv1"
# Example: ["TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA"]
# You need to install the JCE Unlimited Strength Jurisdiction Policy
# Files to use AES 256.
# More info here:
# http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunJCEProvider
enabled-algorithms = ["TLS_RSA_WITH_AES_128_CBC_SHA"]
random-number-generator = "AES128CounterSecureRNG"
}
}
}
cluster {
seed-nodes = [
"akka.ssl.tcp://application@core06:2551",
"akka.ssl.tcp://application@core06:2552"
]
#auto-down = on
auto-down-unreachable-after = 5s
}
}
Hope this helps anyone in the future.
Hooray!
source to share