Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 421695

Summary: [sites] Self hosting doesn't work when running Jetty over SSL
Product: [ECD] Orion Reporter: Mark Macdonald <mamacdon>
Component: ServerAssignee: Mark Macdonald <mamacdon>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: P3    
Version: 3.0   
Target Milestone: 5.0 M1   
Hardware: PC   
OS: Windows 7   
Whiteboard:

Description Mark Macdonald CLA 2013-11-13 23:25:13 EST 
When I follow the steps to run the Orion server over SSL [1], accessing an API path (/file, /workspace, etc) through a self hosting site fails.

1. Follow the steps in [1]
2. Login to https://localhost:xxxx (where xxxx is the port you chose for SSL), create a self hosting site, fill in the port number as xxxx.
3. Manually convert the http://localhost paths in your site to https:// (workaround for bug 421674).
4. Start the site, and try to access https://[site]/workspace

I get an error like this:

> javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: unable to find valid certification path to requested target
>   ...
> 	at org.eclipse.orion.internal.server.hosting.RemoteURLProxyServlet.service(RemoteURLProxyServlet.java:167) ~[org.eclipse.orion.server.hosting/:na]
> 	at org.eclipse.orion.internal.server.hosting.HostedSiteServlet.proxyRemoteUrl(HostedSiteServlet.java:352) [org.eclipse.orion.server.hosting/:na]

This could be a configuration problem, but is more likely a flaw in the Site proxy implementation.

[1] http://wiki.eclipse.org/Orion/Server_admin_guide#Configuring_to_run_over_SSL
Comment 1 Mark Macdonald CLA 2013-11-14 12:21:59 EST 
Added a fix. This avoids the problem by handling requests for localhost:xxxx/{whatever} internally within the servlet container, avoiding the need to deal with SSL at all. 

As a bonus, the user no longer has to know the internal scheme and port number the server is listening on when constructing a self hosting site (see bug 421674)

http://git.eclipse.org/c/orion/org.eclipse.orion.server.git/commit/?id=f6d63e8