HTTP Port Configuration

Do not use the Web Administration Console to change the HTTP port. While the Web Administration Console's Pax Web Runtime offers this configuration option, it has proven to be unreliable and may crash the system

Multiple Local DDF Nodes

1. Make port number edits to files in the DDF install folder. Line numbers are referenced for 2.1.X releases.

File to Edit	Line Number	Original Value	Example of New Value
bin/karaf.bat	99	5005	i.e. 5006
etc/org.apache.karaf.management.cfg	27	1099	i.e. 1199
" "	32	44444	i.e. 44445
etc/org.ops4j.pax.web.cfg	9	8181	i.e. 8281
" "	22	8993	i.e. 8994

Be sure to note the port number that replaced "8181" and enter that in the Web Console under the Configuration tab for the Platform Global Configuration -> DDF Port entry. Also edit the sitename so that there are no duplicates on your local machine.

Keep in mind that only root can access ports<1024 on Unix systems. For suggested ways to run DDF with ports < 1024 see How do I use port 80 as a non-root user?

Enabling SSL for Services

Do not use the Web Administration Console to SSL enable the DDF services. While the Web Administration Console's Pax Web Runtime offers this configuration option, it has proven to be unreliable and may crash the system.

Edit the provided configuration file <DDF_INSTALL_DIR>/etc/org.ops4j.pax.web.cfg with the settings for the desired configuration.

Pax Web Configuration Settings

Property	Sample Value	Description
`org.osgi.service.http.enabled`	`false`	Set this to false to disable HTTP without SSL
`org.osgi.service.http.secure.enabled`	`true`	Set this to true to SSL enable the DDF services
`org.osgi.service.http.port.secure`	`8993`	Set this to the HTTPS port number. (Verify this port does not conflict with any other secure ports being used in the network. For example, JBoss and other application servers use port 8443 by default)
`org.ops4j.pax.web.ssl.keystore.type`	`jks`	Set this to the type of keystore (most likely `jks`)
`org.ops4j.pax.web.ssl.keystore`	`/opt/ddf/keystore.jks`	Set this to the fully-qualified path to the SSL keystore file
`org.ops4j.pax.web.ssl.keypassword`	`password1`	Set this to the password for the user's private key
`org.ops4j.pax.web.ssl.password`	`password2`	Set this to the password for overall keystore integrity checking

Here is an example .cfg file:

######################
# HTTP settings
######################

# Disable HTTP
org.osgi.service.http.enabled=false

# HTTP port number
org.osgi.service.http.port=8181


######################
# HTTPS settings
######################

# Enable HTTPS
org.osgi.service.http.secure.enabled=true

# HTTPS port number
# (Verify this port does not conflict with any other secure ports being used in the
# network. For example, JBoss and other application servers use port 8443 by default)

org.osgi.service.http.port.secure=8993

# Fully-qualified path to the SSL keystore
org.ops4j.pax.web.ssl.keystore=/opt/ddf/keystore.jks

# SSL Keystore Type
org.ops4j.pax.web.ssl.keystore.type=jks

# Keystore Integrity Password
org.ops4j.pax.web.ssl.password=abc123

# Keystore Password
org.ops4j.pax.web.ssl.keypassword=abc123

All .cfg files follow a strict formatting structure in that every entry is a key=value pair. There should be no whitespace before the key, around the equals sign (=), or after the value. Otherwise, the key or value may be misinterpreted.

Also take care if .cfg files originated on an operating system other than the operating system DDF is currently running on. Hidden characters, e.g., ^M, can be added during the file transfer between the operating systems. This occurs often when a DDF zip install file from a Unix operating system is transferred to a Windows operating system and installed.

Optional: Disable HTTP for the DDF services and only use HTTPS by setting the org.osgi.service.http.enabled property to false. After this, all DDF clients need to pass the appropriate certificates.

Reference

Configuring a Java Keystore for Secure Communications

Additional Pax-Web SSL configuration info: http://team.ops4j.org/wiki/display/paxweb/SSL+Configuration

Browser not supported