From 85c212f49110abb517976d2a1fa6b5f43f63437c Mon Sep 17 00:00:00 2001 From: Patrik Nordwall Date: Mon, 20 Aug 2012 17:04:20 +0200 Subject: [PATCH] DOC: Describe how to use SSL for remoting, see #2407 --- akka-docs/java/remoting.rst | 37 ++++++++++++++++++++---------------- akka-docs/scala/remoting.rst | 37 ++++++++++++++++++++---------------- 2 files changed, 42 insertions(+), 32 deletions(-) diff --git a/akka-docs/java/remoting.rst b/akka-docs/java/remoting.rst index 99ef6b57e8..7e186c6e05 100644 --- a/akka-docs/java/remoting.rst +++ b/akka-docs/java/remoting.rst @@ -48,6 +48,11 @@ As you can see in the example above there are four things you need to add to get systems have different names. This is because each actor system has its own network subsystem listening for connections and handling messages as not to interfere with other actor systems. +.. _remoting-java-configuration: + +Remote Configuration +^^^^^^^^^^^^^^^^^^^^ + The example above only illustrates the bare minimum of properties you have to add to enable remoting. There are lots of more properties that are related to remoting in Akka. We refer to the following reference file for more information: @@ -345,13 +350,7 @@ This will prevent the client to send these messages to the server: Here is how to turn it on in the config:: - akka { - actor { - remote { - untrusted-mode = on - } - } - } + akka.remote.untrusted-mode = on Secure Cookie Handshake ----------------------- @@ -369,13 +368,19 @@ as the ``require-cookie`` option turned on. Here is an example config:: - akka { - actor { - remote { - netty { - secure-cookie = "090A030E0F0A05010900000A0C0E0C0B03050D05" - require-cookie = on - } - } - } + akka.remote.netty { + secure-cookie = "090A030E0F0A05010900000A0C0E0C0B03050D05" + require-cookie = on } + +SSL +--- + +SSL can be used for the remote transport by activating the ``akka.remote.netty.ssl`` +configuration section. See description of the settings in the :ref:`remoting-java-configuration`. + +.. note:: + + When using SHA1PRNG on Linux it's recommended specify ``-Djava.security.egd=file:/dev/./urandom`` as argument + to the JVM to prevent blocking. It is NOT as secure because it reuses the seed. + diff --git a/akka-docs/scala/remoting.rst b/akka-docs/scala/remoting.rst index b024464151..4c9abd3132 100644 --- a/akka-docs/scala/remoting.rst +++ b/akka-docs/scala/remoting.rst @@ -45,6 +45,11 @@ As you can see in the example above there are four things you need to add to get systems have different names. This is because each actor system has its own network subsystem listening for connections and handling messages as not to interfere with other actor systems. +.. _remoting-scala-configuration: + +Remote Configuration +^^^^^^^^^^^^^^^^^^^^ + The example above only illustrates the bare minimum of properties you have to add to enable remoting. There are lots of more properties that are related to remoting in Akka. We refer to the following reference file for more information: @@ -349,13 +354,7 @@ This will prevent the client to send these messages to the server: Here is how to turn it on in the config:: - akka { - actor { - remote { - untrusted-mode = on - } - } - } + akka.remote.untrusted-mode = on Secure Cookie Handshake ----------------------- @@ -373,13 +372,19 @@ as the ``require-cookie`` option turned on. Here is an example config:: - akka { - actor { - remote { - netty { - secure-cookie = "090A030E0F0A05010900000A0C0E0C0B03050D05" - require-cookie = on - } - } - } + akka.remote.netty { + secure-cookie = "090A030E0F0A05010900000A0C0E0C0B03050D05" + require-cookie = on } + +SSL +--- + +SSL can be used for the remote transport by activating the ``akka.remote.netty.ssl`` +configuration section. See description of the settings in the :ref:`remoting-scala-configuration`. + +.. note:: + + When using SHA1PRNG on Linux it's recommended specify ``-Djava.security.egd=file:/dev/./urandom`` as argument + to the JVM to prevent blocking. It is NOT as secure because it reuses the seed. +