How to add SSL Encryption to my http rest server on Spray - scala

I'm building a http rest server on spray that routes Post Requests and I want to make it encrypted with ssl.
This is the example from official spray webstie i used to builed the server and i want to change it to be with ssl :
https://github.com/spray/spray-template/tree/on_spray-can_1.3/src/main/scala/com/example.
I have read here : http://spray.io/documentation/1.2.3/spray-can/http-server/#ssl-support
That i need to add ServerSSLEngineProvider Parameter to Http.Bind (its in the Boot.scala in example git above ) . But i don't know how to build right the ServerSSLEngineProvider and what to give it .
IO(Http) ? Http.Bind(service, interface = "0.0.0.0", port = 81 , ServerSSLEngineProvider = ???)
My question is what i need to put insted of the ??? here so my server will be ssl secured .
Thanks to the helpers.

Related

2-Way-TLS support

Server application is using following code to get the request from client to process. Now I got a requirement to make this call secure using HTTPS (2-way-tls). I need to convert this call to secure call in Perl and implement client authentication for trusted client. I am not sure how can I do that and how to provide certificates.
my $daemonname = "SOAP::Transport::HTTP::Daemon";
$daemon = $daemonname
->new(Scheme => 'http', LocalPort => 8080, Listen => 128)
->dispatch_to('MyCode')
->options({compress_threshold => 10000});
$daemon->handle;

Disable SSL security in akka http client

I have to make https calls to an api that appears to not have validated SSL certificate. I would still like to make calls to the api using the Http().singleRequest method of akka-http.
When I make a call, I however get the following error:
javax.net.ssl.SSLHandshakeException: General SSLEngine problem
When I make a call with curl, I get
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it.
The calls with curl however work if I had the flag --insecure.
In akka-http, I tried the following:
val badSslConfig = AkkaSSLConfig().mapSettings(
s => s.withLoose(
s.loose
.withAcceptAnyCertificate(true)
.withAllowLegacyHelloMessages(Some(true))
.withAllowUnsafeRenegotiation(Some(true))
.withAllowWeakCiphers(true)
.withAllowWeakProtocols(true)
.withDisableHostnameVerification(true)
.withDisableSNI(true)
)
)
val badCtx = Http().createClientHttpsContext(badSslConfig)
Http()
.singleRequest(
HttpRequest(
HttpMethods.POST,
uri = Uri("https://..."),
protocol = HttpProtocols.`HTTP/1.1`
),
connectionContext = badCtx
)
but I still get the same error.
What should I do to fix the issue?
PS: I understand (given the many warnings in akka-http docs) that it is something that I shouldn't do in production but I'd like this workaround to work for now...
I had similar problem some time ago and as far as I remember it had to do with this issue. Workaround for that problem is to have own implementation of SSLContext that will accept just anything. Implementation is pretty straightforward and the example can be found in the last comment of of issue linked above.

accessing host ip and port in play framework scala template?

How to access the server host ip and port in playframework template?
Background
Let say I start play using the command on a server with ip: 192.168.1.10:
./activator "run 12345"
How to make the app/views/index.scala.html when I visit 192.168.1.10/index.html (assumed I have setup the appropriate route)?
<html>
<body>
192.168.1.10:12345
</body>
</html>
Maybe the simplest solution for you is using the HTTP request. Check out play.api.mvc.Http
/**
* The HTTP host (domain, optionally port)
*/
lazy val host: String = headers.get(HeaderNames.HOST).getOrElse("")
In Play! you can get access to the HTTP request by using the Action builder that accepts the function (Request) => Result
def getHostPort = Action { request =>
Ok(s"This page served from ${request.host}")
}
If your server is listening for HTTP on 192.168.1.10:12345 hitting that endpoint will render the string "This page served from 192.168.1.10:12345"
But you can easily modify it to pass request.host to your template

Frisby.js Error: tunneling socket could not be established

I am trying to test an REST API on my local machine using frisby.js . It throws the following error.
Error: tunneling socket could not be established.
The machine address is something like 'https://machine_name:8443'
It seems that you are behind a proxy. Then, to make your frisby test working, you need to apply proxy configuration as follows:
var frisby = require('frisby');
frisby.globalSetup({
request: {
proxy: 'http://xx.xx.xx.xx:yyyy' // Provide proxy info (host, port) here
}
});
frisby.create('Your spec description here')
.get('https://machine_name:8443')
.expectStatus(200)
.toss();
Note also that you are using HTTPS protocol. Then you may find useful my answer in this post in case you have problems with SSL certificates

Redirect http request to https (spray io/scala)

How do I redirect my http requests to https? Though this has been a common question, I don't see any solution for spray io.
I have enabled ssl using Apache CamelSslConfiguration which works just fine.
I have setup port forwarding (iptables) from 80 -> 8081 and 443 -> 8081
Below is my Boot.scala file
object Boot extends App with CamelSslConfiguration with ApiScheduler {
// we need an ActorSystem to host our application in
implicit val system = ActorSystem("on-spray-can")
// create and start our service actor
val service = system.actorOf(Props[ApiServiceActor], "api-service")
implicit val timeout = Timeout(50.seconds)
// start a new HTTP server on port 8080 with our service actor as the handler
IO(Http) ? Http.Bind(service, interface = "0.0.0.0", port = 8081)
}
I finally got this working with help from Spray IO google group.
I have summed up everything at Http to Https Redirect