Hi,
I am new to KNIME server. Someone in my office enabled SSL on KNIME server. We are running Linux 6.10. I couldn’t used the httpd or find the httpd.conf.
Any suggestion?
Thanks,
Vincent
Hi,
While I think this is a bad idea, unless you are running KNIME Server behind a reverse proxy, you can find information about the SSL settings here: https://docs.knime.com/2019-12/server_admin_guide/index.html#encrypted-communication. You have to remove or disable the SSL connector in the <tomee-folder>/conf/server.xml file.
Kind regards,
Alexander
1 Like
Thanks Alexander.
I have modified the server.xml and commented out the SSL. When I restart it with port 8080, I managed to connect from my browser using http://host:8080 but the page just keep refreshing. Any idea why and how can to fix this?
Thanks,
Vincent
Hi,
Can you check the redirectPort option in the HTTP connector in server.xml? Maybe you have to remove the redirection to 8443 there.
Kind regards,
Alexander
Thanks Alexander.
I removed the redirection of 8443 but it still refresh the page every 5 seconds. May be I just go back to the SSL setup.
In knime server.xml, we define the connector port as follow:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/knime-dv-server.jks"
certificateKeystorePassword="changeit"
type="RSA" xpoweredBy="false" server="Apache TomEE" />
</SSLHostConfig>
</Connector>
Which allow us to connect from browser https://hostname:8443 but when we connect from Analytics Platform, it does not allow https. We need to connect as
http://hostname:8443. When we test connection, it will give us the error:
login failed for user xxx: unexpected response from server. …
When I check the SSL configuration server.xml file.
The section for port 883 is commented.
<!--
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
Do I need to uncomment this?
I am new to SSL and KNIME. Please bear with me.
Thanks,
Vincent
Hi,
in the original server.xml, there are two 8443 configs, one of which is commented out. The only connector left should be:
<Connector compressibleMimeType="..."
compression="on" connectionTimeout="20000" port="8080" protocol="HTTP/1.1"
server="Apache Tomcat" xpoweredBy="false"/>
Kind regards,
Alexander
Thanks Alexander for your suggestion. I have updated the server.xml as follow:
<Connector compressibleMimeType="text/html,text/xml,text/plain,text/css,text/javascript,application/javascript,application/json,application/vnd.mason+json" compression="on" connectionTimeout="20000" port="8080" protocol="HTTP/1.1" server="Apache Tomcat" xpoweredBy="false"/>
<!--
<Connector SSLEnabled="true" compressibleMimeType="text/html,text/xml,text/plain,text/css,text/javascript,application/javascript,application/json,application/vnd.mason+json" compression="on" maxThreads="150" port="8443" protocol="org.apache.coyote.http11.Http11Nio2Protocol" scheme="https" secure="true" server="Apache Tomcat">
<SSLHostConfig protocols="all,-TLSv1,-SSLv3,-SSLv2Hello">
<Certificate certificateKeystoreFile="conf/knime-server.jks" certificateKeystorePassword="knimeknime" type="RSA"/>
</SSLHostConfig>
</Connector>
-->
I have commented out the SSL part and removed the redirection 8443. I am getting the same error when I try to test connection from Analytics Platform.
Initially, I was working from home and connected to the server via VPN. I am back to the office now and I check my ip address and I am in the same network as the KNIME server.
I just wonder is there anything else that I did wrong.
Really appreciate your suggestions.
Vincent
Hi,
can you show me how you connect to the server in your Analytics Platform? Are you using http://serverhost:8080 with REST enabled? This is the recommended procedure.
Kind regards,
Alexander
Hi Alexander,
Please refer to the attached screenshot.
When I do the test connection, I got this error:
Hopefully, you can shed some light.
Thanks,
Vincent
Hi,
I won’t be able to test it until Monday, but I wanted to ask whether you also tried “Use REST”. This is now the recommended way of connecting to the server.
Kind regards,
Alexander
Hi Alexander,
I used “REST”. I got connected. Can I use “REST” with SSL? Right now, I disabled SSL and using port 8080.
If yes, what is the proper configuration on the server side?
Thanks again for your suggestion.
Vincent Zao
Hi,
If you want to enable SSL again, you have to uncomment the appropriate connector in the server.xml. Of course REST can be used with SSL. It is even recommended because it is more secure!
Kind regards,
Alexander
Thanks Alexander.
One more quick question. Any idea why it works for “REST” but not the other way? Just wonder whether I can get both ways working?
Thanks,
Vincent
Hi,
No, I am not sure. Maybe it only supports https?Is there a reason for you to use both? I think REST provides all functionality and the other option is kind of deprecated.
Kind regards,
Alexander
Thanks Alexander,
There is no particular reason that I need to use both. It is just out of my curiosity. I tried to switch from port 8080 to port 8443.
I commented out the port 8080 and enabled the port 8443 as follow:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/knime-dv-server.jks"
certificateKeystorePassword="changeit"
type="RSA" xpoweredBy="false" server="Apache TomEE" />
</SSLHostConfig>
</Connector>
I can connect via browser but when I define it from Analytics platform. I got the error:
Bad request:
The combination of host and port requests TLS.
Any suggestions?
Thanks,
Vincent Zao
Hi Alexander,
I did more testing on the Analytics Platform side. Here are some of my observations:
- If I enter https://hostname:8443/sea-knime and I am not using “REST”, I will get the message "Server not reachable.
- If I enter https://hostname:8443/sea-knime as server address and select “REST”, I will get the message "No REST endpount found. Please enter the address to KNIME Webportal.
Below is the SSL configuration in server.xml (I have commented out the port 8080):
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/knime-dv-server.jks"
certificateKeystorePassword="changeit"
type="RSA" xpoweredBy="false" server="Apache TomEE" />
</SSLHostConfig>
</Connector>
Really appreciate your help.
Thanks,
Vincent
Hi,
I think with all the changes you have made the configuration may be a bit messed up. Can you restore it by shutting down the server and then removing the server.xml and replacing it by the server.xml.original file in the same folder? Then you can remove the connector for port 8080 to only allow SSL connections. The EJB connection (when REST is not selected) should only support connections via https, I think.
Kind regards,
Alexander
Hi Alexander,
Thanks for the suggestion. In fact, I always make a backup of the current server.xml and make changes to the original one. Regarding your comment:
The EJB connection (when REST is not selected) should only support connections via https.
It won’t allow me to specify https. When I use https, the message is server is not reachable.
Since I got the non-SSL working. Should I start another topic on SSL?
Thanks,
Vincent
Hi,
No, that’s fine if we discuss that here, I think. Can you send me your server.xml so I can try it out myself and to make sure we are on the same page?
Kind regards
Alexander
Hi,
One more thing: when you choose https, the URL has to look like this: https://<host>:8443. You have to specify both https and the correct port 8443.
Kind regards,
Alexander