How to configure akkacluster using SSL support

1k views Asked by At

I am looking for cluster setup using akka for my play framework projects. I want to know how can i support plugable SSL transport support. I was looking at http://doc.akka.io/docs/akka/snapshot/scala/remoting.html and tired some configuration.

Here is my sample configuration:

  akka {

  loglevel = ERROR

  actor.provider = "akka.cluster.ClusterActorRefProvider"

  remote {
    enabled-transports = ["akka.remote.netty.tcp"]
    enabled-transports = [akka.remote.netty.ssl]
    netty.ssl.tcp {
      hostname = "127.0.0.1"
      enable-ssl = true
    }
        netty.ssl.security {
      key-store = "mykeystore"
      trust-store = "mytruststore"
      key-store-password = "changeme"
      key-password = "changeme"
      trust-store-password = "changeme"
      protocol = "TLSv1"
      random-number-generator = "AES128CounterSecureRNG"
      enabled-algorithms = [TLS_RSA_WITH_AES_128_CBC_SHA]
    }
  }

  cluster {    
    auto-down = on
    akka.cluster.auto-down-unreachable-after = 5s

  }

}

I start server like this :

activator -Dnode.id=1 -Dhttp.port=9000 -Dakka.remote.netty.tcp.port=2551 -Dakka.cluster.seed-nodes.0="akka.ssl.tcp://[email protected]:2551" run

I am not sure what more i am missing. I can't see my events when my member is UP

I referred the implementation from : https://github.com/zarinfam/play-akka-cluster-pub-sub

Please suggest.

1

There are 1 answers

0
Sohan On BEST ANSWER

I had used folloing configuration.Also generated proper certificates following : http://docs.oracle.com/cd/E19528-01/819-4733/6n6s6u1gl/index.html Also note that : You need to set up the keystore and truststore, define the SSL/TLS version to be used and set the enabled algorithms. These settings correspond directly to the JSSE configuration, which are documented here : http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html

Here is my configuration:

 akka {
  log-dead-letters = on
  loglevel = INFO
  actor.provider = "akka.cluster.ClusterActorRefProvider"
  remote {
    #enabled-transports = ["akka.remote.netty.tcp"]
    enabled-transports = [akka.remote.netty.ssl]    
    log-remote-lifecycle-events =on
    netty.tcp { 
      hostname = "core06"
      enable-ssl = true 
    }
    netty.ssl = ${akka.remote.netty.tcp}
     netty.ssl = {
  # Enable SSL/TLS encryption.
  # This must be enabled on both the client and server to work.
  enable-ssl = true
  security {
  # This is the Java Key Store used by the server connection
   key-store = "keystore.jks"

   # This password is used for decrypting the key store
   key-store-password = "changeit"

   # This password is used for decrypting the key
   key-password = "changeit"

   # This is the Java Key Store used by the client connection
   trust-store = "cacerts.jks"

   # This password is used for decrypting the trust store
   trust-store-password = "changeit"

   # Protocol to use for SSL encryption, choose from:
        # Java 6 & 7:
        #   'SSLv3', 'TLSv1'
        # Java 7:
        #   'TLSv1.1', 'TLSv1.2'        
   protocol = "TLSv1"

           # Example: ["TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA"]
        # You need to install the JCE Unlimited Strength Jurisdiction Policy
        # Files to use AES 256.
        # More info here:
        # http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunJCEProvider       
   enabled-algorithms = ["TLS_RSA_WITH_AES_128_CBC_SHA"]

   random-number-generator = "AES128CounterSecureRNG"
        }
    }
 }

  cluster {      
  seed-nodes = [
  "akka.ssl.tcp://application@core06:2551",
  "akka.ssl.tcp://application@core06:2552"
  ]
    #auto-down = on
    auto-down-unreachable-after = 5s
  }

}

Hope this helps anyone in future.

Cheers!