Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Get error on used SSL on ES #57

Open
FollowMyDev opened this issue Jun 6, 2014 · 6 comments
Open

Get error on used SSL on ES #57

FollowMyDev opened this issue Jun 6, 2014 · 6 comments

Comments

@FollowMyDev
Copy link

Hi all,

I try to install SSL on ES.
Jetty Plugin: 1.1.0-beta
Elasticsearch: 1.1.0

So I followed the steps described here: https://github.com/sonian/elasticsearch-jetty.
When I launched ES, I get this:

D:\TESTS\elasticsearch\bin>elasticsearch.bat
...
[2014-06-06 13:31:39,685][INFO ][org.eclipse.jetty.util.ssl.SslContextFactory] [
myCluster.myHost6D] Enabled Protocols [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLS
v1.2] of [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2]
[2014-06-06 13:31:39,688][INFO ][org.eclipse.jetty.server.AbstractConnector] [my
Cluster.myHost6D] Started [email protected]:9443
...
[2014-06-06 13:31:40,048][INFO ][node ] [myCluster.myHost
6D] started

Then, from my web app (https://localhost:9880/head/index.html) which has SSL integrated and the head plugin, when I try to connect to ES by https://localhost:9443/.

I get these errors:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://localhost:9443/_cluster/health. This can be fixed by moving the resource to the same domain or enabling CORS. health
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://localhost:9443/_nodes/stats?all=true. This can be fixed by moving the resource to the same domain or enabling CORS. stats
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://localhost:9443/_nodes. This can be fixed by moving the resource to the same domain or enabling CORS. _nodes
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://localhost:9443/. This can be fixed by moving the resource to the same domain or enabling CORS.

And in ES i get this error:
[2014-06-06 13:43:36,667][WARN ][org.eclipse.jetty.io.nio ] [myCluster.myHost
6D] javax.net.ssl.SSLException: bad record MAC

Could you help me?
@pmusa
Copy link

pmusa commented Jun 6, 2014

Hi Follow,

I think you should use the user group to ask your questions, and not create
a new issue!!
Answering your question, I could not find the 1.1.0 tag in the github, but
the 1.1.1 tag does not include CORS.

take a look at #48 and
#40

Regards,
Pablo

2014-06-06 10:29 GMT-03:00 FollowMyDev [email protected]:

Hi all,

I try to install SSL on ES:
Jetty Plugin Elasticsearch
1.1.0-beta 1.1.0

So I followed the steps described here:
https://github.com/sonian/elasticsearch-jetty.
When I launched ES, I get this:

D:\TESTS\elasticsearch\bin>elasticsearch.bat
...
[2014-06-06 13:31:39,685][INFO
][org.eclipse.jetty.util.ssl.SslContextFactory] [
myCluster.myHost6D] Enabled Protocols [SSLv2Hello, SSLv3, TLSv1, TLSv1.1,
TLS
v1.2] of [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2]
[2014-06-06 13:31:39,688][INFO
][org.eclipse.jetty.server.AbstractConnector] [my
Cluster.myHost6D] Started [email protected]:9443
...
[2014-06-06 13:31:40,048][INFO ][node ] [myCluster.myHost
6D] started

Then, from my web app (https://localhost:9880/head/index.html) which has
SSL integrated and the head plugin, when I try to connect to ES by
https://localhost:9443/.

I get these errors:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the
remote resource at https://localhost:9443/_cluster/health. This can be
fixed by moving the resource to the same domain or enabling CORS. health
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the
remote resource at https://localhost:9443/_nodes/stats?all=true. This can
be fixed by moving the resource to the same domain or enabling CORS. stats
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the
remote resource at https://localhost:9443/_nodes. This can be fixed by
moving the resource to the same domain or enabling CORS. _nodes
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the
remote resource at https://localhost:9443/. This can be fixed by moving
the resource to the same domain or enabling CORS.

And in ES i get this error:
[2014-06-06 13:43:36,667][WARN ][org.eclipse.jetty.io.nio ]
[myCluster.myHost
6D] javax.net.ssl.SSLException: bad record MAC

Could you help me?


Reply to this email directly or view it on GitHub
#57.

@FollowMyDev
Copy link
Author

Thanks for your response.
I wanted to use the user group, but I don't have access at work..sorry.

But, how can I get your fix? Do I have to download the last version (https://github.com/sonian/elasticsearch-jetty/releases/tag/1.1.1)?

@pmusa
Copy link

pmusa commented Jun 6, 2014

As I have seen in github, only the master has the changes and I don`t think
there is a package yet.

While the project was abandoned I released some versions with CORS and ES
API updates. However the project is active again, and I have not been
maintaining anything. So, you will only find v1.0! I am not so sure about
the compatibility, but you can try.
http://www.emergi.net/elasticsearch/plugins.html
You can also generate the package based on the master yourself.

Anyway, you can test using simple requests avoiding CORS by now.

OBS: stackoverflow, google groups, etc. should never be closed at work ;)

Cheers,
Pablo

2014-06-06 11:06 GMT-03:00 FollowMyDev [email protected]:

Thanks for your response.
I wanted to use the user group, but I don't have access at work..sorry.

But, how can I get your fix? Do I have to download the last version (
https://github.com/sonian/elasticsearch-jetty/releases/tag/1.1.1)?


Reply to this email directly or view it on GitHub
#57 (comment)
.

@FollowMyDev
Copy link
Author

Yes thanks you.
I have generate the package based on the master with the following things:
resp.addHeader("Access-Control-Max-Age", "1728000");
resp.addHeader("Access-Control-Allow-Origin", "*");
resp.addHeader("Access-Control-Allow-Methods", "OPTIONS, HEAD, GET, POST, PUT, DELETE");
resp.addHeader("Access-Control-Allow-Headers", "X-Requested-With, Content-Type, Content-Length, Accept");

I get the same error...

After downloaded the jetty plugin and installed it in your ES.
How do you state that the plugin (SSL section) works?

Cheers,
Alain

@pmusa
Copy link

pmusa commented Jun 6, 2014

Running a simple https request should be enough.
I usually use curl. If you enable -v there is a lot of good information.

Regards,
Pablo

2014-06-06 12:10 GMT-03:00 FollowMyDev [email protected]:

Yes thanks you.
I have generate the package based on the master with the following things:
resp.addHeader("Access-Control-Max-Age", "1728000");
resp.addHeader("Access-Control-Allow-Origin", "*");
resp.addHeader("Access-Control-Allow-Methods", "OPTIONS, HEAD, GET, POST,
PUT, DELETE");
resp.addHeader("Access-Control-Allow-Headers", "X-Requested-With,
Content-Type, Content-Length, Accept");

I get the same error...

After downloaded the jetty plugin and installed it in your ES.
How do you state that the plugin (SSL section) works?

Cheers,
Alain


Reply to this email directly or view it on GitHub
#57 (comment)
.

@FollowMyDev
Copy link
Author

Thanks a lots.

I have a last question,
From the JettyHttpServerRestChannel class, in the sendResponse method, how can I have access to the elasticsearch.yml file?
How can I add my own property?

Regards,
Alain

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pmusa @FollowMyDev