Sunday, 4 March 2012

HTTPS redirecting with socat

Long story short : got jboss app (port 8443) that goes off-line for few minutes at night - data migration. For that time I wanted to redirect users to apache (port 443) page with proper info. I've tried two netcat processes with redirecting stdin & stdout, but it was awfully slow. I've found socat as a feature richer netcat alternative.


/etc/init.d/jboss stop

dflt=`cat /proc/sys/net/ipv4/tcp_fin_timeout`
dflr=`cat /proc/sys/net/ipv4/tcp_tw_reuse`

echo ${dflt}
echo ${dflr}

echo 5 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 1 > /proc/sys/net/ipv4/tcp_tw_reuse

for i in {1..9}
    #sleep 1
    (nohup /opt/socat/bin/socat TCP-LISTEN:8443,fork tcp4-connect: > ${sclog} 2>&1)&
    sleep 5
    cnta=`grep -Ei "adres|alrea|use" ${sclog} | wc -l`
    if [ ! -s ${sclog} ] && [ ${cnta} == 0 ];then
        killall /opt/socat/bin/socat
    rm -f ${sclog}

rm -f ${sclog}

echo ${dflt} > /proc/sys/net/ipv4/tcp_fin_timeout
echo ${dflr} > /proc/sys/net/ipv4/tcp_tw_reuse

If you got commercial ssl cert only in keystore format - here's how to convert it to apache comptible format
/opt/java/bin/keytool -importkeystore -srcstoretype JKS -srcstorepass SomePass -srckeystore https.keystore -deststoretype PKCS12 -deststorepass SomePass -destkeystore https.pk12.der
openssl pkcs12 -in https.pk12.der -nodes -out apache.pem

No comments:

Post a comment