Page 1 of 1

Problem after updating SSL certificates

Posted: 26 Mar 2020, 15:11
by grookier
Good evening,
a few months ago I enabled HTTPS on smartfoxserver2 following the official documentation http://docs2x.smartfoxserver.com/GettingStarted/cryptography

Everything worked correctly without ever having to intervene.
Today I connected to the admin address and the certificate is unsafe, and my apps no longer work.

I followed the guide again, I gave the same commands to create the new keystore.jks file, I imported it from the admin panel, but the certificate was still insecure by connecting to https://my_domain.it:8443/admin/.

So I restarted the server. Now the panel is no longer accessible in any way, however it seems that smartfoxserver starts correctly from the logs.
console log
https://pastebin.com/K4wr5mET

smartfox.log
https://pastebin.com/qX8qP36d

boot.log
https://pastebin.com/Kra2Mbb7

server.xml

Code: Select all

  <Connector SSLEnabled="true" clientAuth="false" keystoreFile="lib/apache-tomcat/conf/keystore.jks" keystorePass="***********" maxThreads="200" port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true" sslProtocol="TLS"/>



If I try to connect to the admin panel, the connection times out ERR_TIMED_OUT

EDIT
Without making further restarts for 15 minutes, suddenly it worked and the certificate is safe.

What is this slowness due to?

Is there any way to automatically update the keystore.jks file, or do I have to create a script?

Re: Problem after updating SSL certificates

Posted: 26 Mar 2020, 16:53
by Lapo
Hi,
for starters it's not clear why the certificate was no longer valid. Did it expire? If so did you renew it?

As regards the delay you mentioned at the end of the post:
in your smartfox.log file the last log message available is

Code: Select all

SmartFoxServer 2X (2.14.0) READY!

This is actually not the last boot message as a few seconds later you should also see this message:

Code: Select all

BlueBox Service (4.0.0) READY.


This is what it looks like on my laptop:

Code: Select all

17:50:08,687 INFO  [SFSWorker:Sys:1] v2.SmartFoxServer     - SmartFoxServer 2X (2.15.0) READY!
17:50:11,317 INFO  [TomcatRunner] bluebox.BBSessionFilter     - BlueBox Service (4.0.0) READY.

It takes roughly 2-3 extra seconds for Tomcat to boot and initialize the SFS2X-related services.

If you attempt to connect via HTTP before Tomcat is ready you will likely get an error. Maybe on your server Tomcat is booting up very slowly? Check your log files and see how long it takes before the BlueBox message appears.

Thanks

Re: Problem after updating SSL certificates

Posted: 27 Mar 2020, 11:05
by grookier
Hello Lapo,

Yes, the certificates had expired, I automatically update those of the domain with lets'encrypt, but apparently I have to automatically regenerate them and re-import them for smartfox. So yes, I regenerated and improtated them.

This is the delay that I recovered from yesterday's log:

Code: Select all

26 Mar 2020 | 16:17:44,049 | INFO  | SFSWorker:Sys:1 | smartfoxserver.v2.SmartFoxServer |     | SmartFoxServer 2X (2.14.0) READY!
26 Mar 2020 | 16:26:01,136 | INFO  | main | tomcat.bluebox.BBSessionFilter |     | BlueBox Service (4.0.0) READY.

Re: Problem after updating SSL certificates

Posted: 27 Mar 2020, 16:21
by Lapo
Hi,
that looks pretty weird! :shock:
Unless SFS2X is running on a Commodore C64 you should not be seeing 9 minutes between those two events :)

Jokes aside, it seems very strange. Is it possible your server machine was busy doing something else when you booted up SFS2X?
What are the hardware specs of the machine?

Thanks

Re: Problem after updating SSL certificates

Posted: 27 Mar 2020, 18:01
by grookier
These are the server specs, it doesn't seem so bad to me :D :

CPU:
4 vCore
RAM:
8 GiB
Storage:
100 GiB

I have nothing in use besides smartfoxserver, it is a server dedicated only to this.

I also restarted the server during the various tests.

Re: Problem after updating SSL certificates

Posted: 28 Mar 2020, 11:58
by Lapo
Well, there's no indication what CPU is being used.
Since it's a virtualized CPU you're getting a slice of the actual hardware and from the boot times you're getting it looks like a very small slice.

As a comparison I've tried running SFS2X 2.14 on the smallest Amazon EC2 instance, a t3.nano.
This is what it looks like:

Code: Select all

28 Mar 2020 | 11:54:03,033 | INFO  | SFSWorker:Sys:1 | smartfoxserver.v2.SmartFoxServer |     | SmartFoxServer 2X (2.14.0) READY!
28 Mar 2020 | 11:55:00,431 | INFO  | main | tomcat.bluebox.BBSessionFilter |     | BlueBox Service (4.0.0) READY.


Also keep in mind that the boot process is entirely mono-threaded, so multiple cores won't make a difference. Still I find it hard to believe that Tomcat requires 9 minutes to boot on your server.
I would recommend checking with a CPU monitor what happens during the SFS2X boot and if all CPU is used only by its process or if it's contended among other services. If 9 minutes is the best you can get it might be an indication that these kind of virtual servers are pretty bad :(

Hope it helps

Re: Problem after updating SSL certificates

Posted: 28 Mar 2020, 18:18
by grookier
Thanks for the info, I will be monitoring the CPU status at the next reboot.