I’m working on an ansible playbook for Openfire, including configuring the truststore / keystore, proxying through Apache, etc. At some point, though, https://my-host:7443/http-bind/ stopped responding the way it was (can’t remember what it said, ‘Bad Method’ I think in a browser) Now, I get:
HTTP ERROR 404
Problem accessing /httpd-bind. Reason:
Not Found
Powered by Jetty://
I have no idea where Jetty is configured, where I could get any logs, what or how it changed to no longer be able to do the only purpose it exists for, etc. Can anyone get me pointed in the right direction?
you need to do method POST to the bosh web application, method GET does not work.
I’m not trying to “do” anything… just verify that the application is there and working. Previously, I would get a “Bad Method”. But now Jetty is telling me it doesn’t know what /http-bind/ is.
Actually, that response might be indicating that you haven’t provided a valid BOSH session id (sid) in your request, thus the session was “not found” (404). If you would simply like to verify that the BOSH endpoint is up and running, try dropping the http-bind/ path, like this:
https://my-host:7443/
You should expect to see something like this:
Openfire HTTP Binding Service
Also, based on the sample error message you provided, you might have had a typo in your original request:
HTTP ERROR 404
Problem accessing /httpd-bind. Reason:
Not Found
The error indicates the URI was “/httpd-bind”, rather than the expected “/http-bind/”.
If I got to https://my-host:7443/ I do see Openfire Binding Service
If I go to https://my-host:7443/http-bind the trailing slash is added on.
Just a couple of days ago, https://my-host:7443/http-bind/ would give me a “Bad Method”, and binding worked. I was able to use Apache to proxy https://my-host/bosh to https://my-host:7443/http-bind/ and it worked… web clients could connect.
Now, https://my-host/bosh gives me an error 13 permission denied in Apache I need to find out why httpd doesn’t “have permission” to https://my-host:7443/http-bind/
Something has changed, and I haven’t the faintest idea what. I really need to find the logs or the config that control logs for Jetty to figure out what it’s unhappy about. I’m guessing it might be a certificate-related issue… I have real, signed certs for a couple of hosts, but on others like a local VM, I have a self-signed certificate. I put that cert in truststore as well as keystore, and maybe Java or Jetty is unhappy about that? Server Settings, Server Certificates says my self-signed cert is “Pending Verification” and that “One or more certificates are missing”. How do I get Openfire / Java / Jetty to just blindly trust my certificate without trying to “verify” it? I’m pretty sure all of this works just fine on a host using a real, signed cert with the root and intermediate CAs in truststore.
Do you have a requirement for the proxy from apache to openfire be SSL protected? If not, just proxy to the non-https openfire bosh port. I’m sure the NSA would prefer this setup as well
Because I get the exact same thing on port 7070… “Not Found”
The only differences between a working setup and one that doesn’t work are A) self-signed vs. “real” certificates; and B) the working one I set up manually, vs. the non-working one was stood up via ansible. It is possible that I wound up touching something that has some tangential link to the guts of this service, but I just can’t see it… at no point am I breaking open WARs to fiddle with the insides. And, for what it’s worth, both working and non-working are complaining about “Pending Verification”. What “verification” does Openfire want? If I put a certificate in the keystore, and the certificate that signed it in the truststore… what more is needed?