如何为Apache karaf添加SSL连接器? [英] How to add a SSL connector for apache karaf?
问题描述
在寻找该问题的答案时,我偶然发现了 Jetty SSL配置Apache karaf ,但此信息已过时.我在 https://www.eclipse.org/上找到了新文档. jetty/documentation/current/configuring-connectors.html 和示例与建议的配置不同. Apache Karaf 4.0.2似乎使用了Jetty 9.
While searching for an answer to this question I stumbled upon http://blog.nanthrax.net/2013/02/multiple-http-connectors-in-apache-karaf/ and Jetty SSL configuration Apache karaf but this information is outdated. I found the new documentation at https://www.eclipse.org/jetty/documentation/current/configuring-connectors.html and the examples differ from proposed configurations. Apache Karaf 4.0.2 seems to use Jetty 9.
我已经在$ {karaf.home}/etc/keystores/keystore.jks中拥有一个密钥库,并且只想在端口14000处添加第二个ssl连接器.如何实现?
I already have a keystore at ${karaf.home}/etc/keystores/keystore.jks and would like just to add a second ssl connector at port 14000. How to do that?
这是我的org.ops4j.pax.web.cfg:
Here's my org.ops4j.pax.web.cfg:
org.osgi.service.http.port=8181
org.osgi.service.http.port.secure=8443
org.osgi.service.http.secure.enabled=true
org.ops4j.pax.web.ssl.keystore=./etc/keystores/keystore.jks
org.ops4j.pax.web.ssl.password=seeburger
org.ops4j.pax.web.ssl.keypassword=seeburger
org.ops4j.pax.web.config.file=${karaf.home}/etc/jetty.xml
这是我的jetty.xml:
Here's my jetty.xml:
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ServerConnector">
<Arg name="server">
<Ref refid="Server" />
</Arg>
<Arg name="factories">
<Array type="org.eclipse.jetty.server.ConnectionFactory">
<Item>
<New class="org.eclipse.jetty.server.SslConnectionFactory"></New>
</Item>
<Item>
<New class="org.eclipse.jetty.server.HttpConnectionFactory"></New>
</Item>
</Array>
</Arg>
<Set name="host">
<Property name="jetty.host" default="0.0.0.0" />
</Set>
<Set name="port">
<Property name="jetty.port" default="14000" />
</Set>
<Set name="idleTimeout">
<Property name="http.timeout" default="30000" />
</Set>
<Set name="name">restConnector:14000</Set>
</New>
</Arg>
</Call>
</Configure>
我必须像这样设置名称,以解决org.ops4j.pax.web.service.jetty.internal.ServerControllerImpl$Stopped.start(ServerControllerImpl.java:503)上pax-web-jetty-4.2.2.jar中的ArrayIndexOutOfBoundsException 1:
I had to set name like this to workaround an ArrayIndexOutOfBoundsException 1 in pax-web-jetty-4.2.2.jar at org.ops4j.pax.web.service.jetty.internal.ServerControllerImpl$Stopped.start(ServerControllerImpl.java:503):
String[] split = connector.getName().split(":");
if (httpSecurePort == Integer.valueOf(split[1])
.intValue()
&& address.equalsIgnoreCase(split[0])) { ... }
现在,连接器似乎从我在日志中看到的开始:
Now the connector seems to start from what I see in the log:
2016-02-03 13:39:19,821 | INFO | pool-60-thread-1 | JettyServerImpl | 128 - org.ops4j.pax.web.pax-web-jetty - 4.2.2 | Pax Web available at [localhost]:[14000]
2016-02-03 13:39:19,821 | INFO | pool-60-thread-1 | JettyFactoryImpl | 128 - org.ops4j.pax.web.pax-web-jetty - 4.2.2 | SPDY not available, creating standard ServerConnector for Http
2016-02-03 13:39:19,822 | INFO | pool-60-thread-1 | JettyServerImpl | 128 - org.ops4j.pax.web.pax-web-jetty - 4.2.2 | Pax Web available at [0.0.0.0]:[8181]
2016-02-03 13:39:19,825 | INFO | pool-60-thread-1 | JettyFactoryImpl | 128 - org.ops4j.pax.web.pax-web-jetty - 4.2.2 | No ALPN class available
2016-02-03 13:39:19,825 | INFO | pool-60-thread-1 | JettyFactoryImpl | 128 - org.ops4j.pax.web.pax-web-jetty - 4.2.2 | SPDY not available, creating standard ServerConnector for Https
2016-02-03 13:39:19,825 | INFO | pool-60-thread-1 | JettyServerImpl | 128 - org.ops4j.pax.web.pax-web-jetty - 4.2.2 | Pax Web available at [0.0.0.0]:[8443]
...
2016-02-03 14:02:03,493 | INFO | pool-54-thread-1 | ContextHandler | 115 - org.eclipse.jetty.util - 9.2.10.v20150310 | Started HttpServiceContext{httpContext=org.apache.felix.webconsole.internal.servlet.OsgiManagerHttpContext@33dd06a6}
2016-02-03 14:02:03,493 | INFO | pool-54-thread-1 | Server | 115 - org.eclipse.jetty.util - 9.2.10.v20150310 | jetty-9.2.10.v20150310
2016-02-03 14:02:03,571 | INFO | pool-54-thread-1 | ServerConnector | 115 - org.eclipse.jetty.util - 9.2.10.v20150310 | Started restConnector:14000@1ed3b7fb{SSL-HTTP/1.1}{0.0.0.0:14000}
2016-02-03 14:02:03,571 | INFO | pool-54-thread-1 | ServerConnector | 115 - org.eclipse.jetty.util - 9.2.10.v20150310 | Started default@723f99b6{HTTP/1.1}{0.0.0.0:8181}
2016-02-03 14:02:03,602 | INFO | pool-54-thread-1 | ServerConnector | 115 - org.eclipse.jetty.util - 9.2.10.v20150310 | Started secureDefault@15203cf8{SSL-http/1.1}{0.0.0.0:8443}
2016-02-03 14:02:03,602 | INFO | pool-54-thread-1 | Server | 115 - org.eclipse.jetty.util - 9.2.10.v20150310 | Started @14307ms
但是,如果我尝试在浏览器中打开 https://localhost:14000/,则会显示ERR_CONNECTION_CLOSED并引发以下异常:
But if I try to open https://localhost:14000/ in my browser I get ERR_CONNECTION_CLOSED and the following exception is thrown:
2016-02-03 15:46:00,509 | DEBUG | qtp427346077-223 | HttpConnection | 79 - org.eclipse.jetty.util - 9.2.10.v20150310 |
javax.net.ssl.SSLHandshakeException: no cipher suites in common
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1431)[:1.8.0_60]
...
Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)[:1.8.0_60]
我是否想念码头配置中的某些东西?
Do I miss something in the jetty configuration?
推荐答案
我最近不得不面对我轻松通过的情况.我创建了自己的自签名jks,然后通过cfg文件仅配置了Pax Web.
I recently had to face the same situation that I passed pretty easily. I created my own jks self-signed and then configured only Pax Web via cfg files.
-
创建JKS
Create JKS
keytool -genkeypair -keyalg RSA -validity 2048 \ -alias dontesta-karaf \ -dname"cn = karaf.dontesta.it,ou = R& D Labs,o = Antonio Musarra的博客,C = IT,L =罗马,S =意大利" -keypass changeit -storepass changeit \ -keystore dontesta-karaf-server.jks \ -ext SAN = DNS:www.dontesta.it,DNS:services.dontesta.it
keytool -genkeypair -keyalg RSA -validity 2048 \ -alias dontesta-karaf \ -dname "cn=karaf.dontesta.it, ou=R&D Labs, o=Antonio Musarra's Blog, C=IT, L=Rome, S=Italy" \ -keypass changeit -storepass changeit \ -keystore dontesta-karaf-server.jks \ -ext SAN=DNS:www.dontesta.it,DNS:services.dontesta.it
配置CFG Pax Web
Configure CFG Pax Web
javax.servlet.context.tempdir =/用户/amusarra/Progetti/Karaf/运行时/apache-karaf-4.0.8/data/pax-web-jsp org.ops4j.pax.web.config.file =/Users/amusarra/Progetti/Karaf/runtime/apache-karaf-4.0.8/etc/jetty.xml org.osgi.service.http.port = 8181
javax.servlet.context.tempdir = /Users/amusarra/Progetti/Karaf/runtime/apache-karaf-4.0.8/data/pax-web-jsp org.ops4j.pax.web.config.file = /Users/amusarra/Progetti/Karaf/runtime/apache-karaf-4.0.8/etc/jetty.xml org.osgi.service.http.port = 8181
org.osgi.service.http.secure.enabled = true org.ops4j.pax.web.ssl.keystore = $ {karaf.etc}/keystore/dontesta-karaf-server.jks org.ops4j.pax.web.ssl.password = changeit org.ops4j.pax.web.ssl.keypassword = changeit
org.osgi.service.http.secure.enabled=true org.ops4j.pax.web.ssl.keystore=${karaf.etc}/keystore/dontesta-karaf-server.jks org.ops4j.pax.web.ssl.password=changeit org.ops4j.pax.web.ssl.keypassword=changeit
有关更多信息,请访问 https://www.dontesta.it/blog/2017/03/02/come-abilitare-https-apache-karaf-pax-web/
For more info can you see at https://www.dontesta.it/blog/2017/03/02/come-abilitare-https-apache-karaf-pax-web/
这篇关于如何为Apache karaf添加SSL连接器?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
