在寻找这个问题的答案时,我偶然发现了http://blog.nanthrax.net/2013/02/multiple-http-connectors-in-apache-karaf/和 Jetty SSL configuration Apache karaf但这个信息已经过时了。我在 https://www.eclipse.org/jetty/documentation/current/configuring-connectors.html 找到了新文档并且示例与建议的配置不同。 Apache Karaf 4.0.2 似乎使用 Jetty 9。
我已经在 ${karaf.home}/etc/keystores/keystore.jks 上有一个 keystore ,并且只想在端口 14000 处添加第二个 ssl 连接器。如何做到这一点?
这是我的 org.ops4j.pax.web.cfg:
org.osgi.service.http.port=8181
org.osgi.service.http.port.secure=8443
org.osgi.service.http.secure.enabled=true
org.ops4j.pax.web.ssl.keystore=./etc/keystores/keystore.jks
org.ops4j.pax.web.ssl.password=password
org.ops4j.pax.web.ssl.keypassword=password
org.ops4j.pax.web.config.file=${karaf.home}/etc/jetty.xml
这是我的 jetty.xml:
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ServerConnector">
<Arg name="server">
<Ref refid="Server" />
</Arg>
<Arg name="factories">
<Array type="org.eclipse.jetty.server.ConnectionFactory">
<Item>
<New class="org.eclipse.jetty.server.SslConnectionFactory"></New>
</Item>
<Item>
<New class="org.eclipse.jetty.server.HttpConnectionFactory"></New>
</Item>
</Array>
</Arg>
<Set name="host">
<Property name="jetty.host" default="0.0.0.0" />
</Set>
<Set name="port">
<Property name="jetty.port" default="14000" />
</Set>
<Set name="idleTimeout">
<Property name="http.timeout" default="30000" />
</Set>
<Set name="name">restConnector:14000</Set>
</New>
</Arg>
</Call>
</Configure>
我必须设置这样的名称才能解决 org.ops4j.pax.web.service.jetty 的 pax-web-jetty-4.2.2.jar 中的 :ArrayIndexOutOfBoundsException 1。 Internal.ServerControllerImpl$Stopped.start(ServerControllerImpl.java:503)
String[] split = connector.getName().split(":");
if (httpSecurePort == Integer.valueOf(split[1])
.intValue()
&& address.equalsIgnoreCase(split[0])) { ... }
现在连接器似乎从我在日志中看到的内容开始:
2016-02-03 13:39:19,821 | INFO | pool-60-thread-1 | JettyServerImpl | 128 - org.ops4j.pax.web.pax-web-jetty - 4.2.2 | Pax Web available at [localhost]:[14000]
2016-02-03 13:39:19,821 | INFO | pool-60-thread-1 | JettyFactoryImpl | 128 - org.ops4j.pax.web.pax-web-jetty - 4.2.2 | SPDY not available, creating standard ServerConnector for Http
2016-02-03 13:39:19,822 | INFO | pool-60-thread-1 | JettyServerImpl | 128 - org.ops4j.pax.web.pax-web-jetty - 4.2.2 | Pax Web available at [0.0.0.0]:[8181]
2016-02-03 13:39:19,825 | INFO | pool-60-thread-1 | JettyFactoryImpl | 128 - org.ops4j.pax.web.pax-web-jetty - 4.2.2 | No ALPN class available
2016-02-03 13:39:19,825 | INFO | pool-60-thread-1 | JettyFactoryImpl | 128 - org.ops4j.pax.web.pax-web-jetty - 4.2.2 | SPDY not available, creating standard ServerConnector for Https
2016-02-03 13:39:19,825 | INFO | pool-60-thread-1 | JettyServerImpl | 128 - org.ops4j.pax.web.pax-web-jetty - 4.2.2 | Pax Web available at [0.0.0.0]:[8443]
...
2016-02-03 14:02:03,493 | INFO | pool-54-thread-1 | ContextHandler | 115 - org.eclipse.jetty.util - 9.2.10.v20150310 | Started HttpServiceContext{httpContext=org.apache.felix.webconsole.internal.servlet.OsgiManagerHttpContext@33dd06a6}
2016-02-03 14:02:03,493 | INFO | pool-54-thread-1 | Server | 115 - org.eclipse.jetty.util - 9.2.10.v20150310 | jetty-9.2.10.v20150310
2016-02-03 14:02:03,571 | INFO | pool-54-thread-1 | ServerConnector | 115 - org.eclipse.jetty.util - 9.2.10.v20150310 | Started restConnector:14000@1ed3b7fb{SSL-HTTP/1.1}{0.0.0.0:14000}
2016-02-03 14:02:03,571 | INFO | pool-54-thread-1 | ServerConnector | 115 - org.eclipse.jetty.util - 9.2.10.v20150310 | Started default@723f99b6{HTTP/1.1}{0.0.0.0:8181}
2016-02-03 14:02:03,602 | INFO | pool-54-thread-1 | ServerConnector | 115 - org.eclipse.jetty.util - 9.2.10.v20150310 | Started secureDefault@15203cf8{SSL-http/1.1}{0.0.0.0:8443}
2016-02-03 14:02:03,602 | INFO | pool-54-thread-1 | Server | 115 - org.eclipse.jetty.util - 9.2.10.v20150310 | Started @14307ms
但是,如果我尝试在浏览器中打开 https://localhost:14000/,我会收到 ERR_CONNECTION_CLOSED 并抛出以下异常:
2016-02-03 15:46:00,509 | DEBUG | qtp427346077-223 | HttpConnection | 79 - org.eclipse.jetty.util - 9.2.10.v20150310 |
javax.net.ssl.SSLHandshakeException: no cipher suites in common
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1431)[:1.8.0_60]
...
Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)[:1.8.0_60]
我错过了码头配置中的某些内容吗?
最佳答案
经过几个小时尝试不同的配置并使用 eclipse 调试器和 karaf 中的 log:set DEBUG 进行调试,我终于找到了正确的配置。这是:
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
<Set name="KeyStorePath"><Property name="jetty.home" default="." />/etc/keystores/keystore.jks</Set>
<Set name="KeyStorePassword">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
<Set name="KeyManagerPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set>
<Set name="TrustStorePath"><Property name="jetty.home" default="." />/etc/keystores/keystore.jks</Set>
<Set name="TrustStorePassword">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
</New>
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ServerConnector">
<Arg name="server">
<Ref refid="Server" />
</Arg>
<Arg name="factories">
<Array type="org.eclipse.jetty.server.ConnectionFactory">
<Item>
<New class="org.eclipse.jetty.server.SslConnectionFactory">
<Arg name="next">http/1.1</Arg>
<Arg name="sslContextFactory"><Ref refid="sslContextFactory"/></Arg>
</New>
</Item>
<Item>
<New class="org.eclipse.jetty.server.HttpConnectionFactory"></New>
</Item>
</Array>
</Arg>
<Set name="host">
<Property name="jetty.host" default="0.0.0.0" />
</Set>
<Set name="port">
<Property name="jetty.port" default="14000" />
</Set>
<Set name="idleTimeout">
<Property name="http.timeout" default="30000" />
</Set>
<Set name="name">restConnector:14000</Set>
</New>
</Arg>
</Call>
</Configure>
关键点是:
- 选择一个带有冒号的连接器名称来解决问题 PAXWEB-907
- 应使用 keystore 属性创建
SslContextFactory实例,并在SslConnectionFactory中引用 - 需要声明
SslConnectionFactory和HttpConnectionFactory,因此按此顺序正确声明它们非常重要。
关于ssl - 如何为 apache karaf 添加 SSL 连接器?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/35175322/