如何为 apache karaf 添加 SSL 连接器? [英] How to add a SSL connector for apache karaf?
问题描述
在寻找这个问题的答案时,我偶然发现了 http://blog.nanthrax.net/2013/02/multiple-http-connectors-in-apache-karaf/ 和 Jetty SSL 配置 Apache karaf 但此信息已过时.我在 https://www.eclipse.org/找到了新文档jetty/documentation/current/configuring-connectors.html 和示例与建议的配置不同.Apache Karaf 4.0.2 似乎使用 Jetty 9.
While searching for an answer to this question I stumbled upon http://blog.nanthrax.net/2013/02/multiple-http-connectors-in-apache-karaf/ and Jetty SSL configuration Apache karaf but this information is outdated. I found the new documentation at https://www.eclipse.org/jetty/documentation/current/configuring-connectors.html and the examples differ from proposed configurations. Apache Karaf 4.0.2 seems to use Jetty 9.
我已经在 ${karaf.home}/etc/keystores/keystore.jks 有一个密钥库,我只想在 14000 端口添加第二个 ssl 连接器.怎么做?
I already have a keystore at ${karaf.home}/etc/keystores/keystore.jks and would like just to add a second ssl connector at port 14000. How to do that?
这是我的 org.ops4j.pax.web.cfg:
Here's my org.ops4j.pax.web.cfg:
org.osgi.service.http.port=8181
org.osgi.service.http.port.secure=8443
org.osgi.service.http.secure.enabled=true
org.ops4j.pax.web.ssl.keystore=./etc/keystores/keystore.jks
org.ops4j.pax.web.ssl.password=password
org.ops4j.pax.web.ssl.keypassword=password
org.ops4j.pax.web.config.file=${karaf.home}/etc/jetty.xml
这是我的 jetty.xml:
Here's my jetty.xml:
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ServerConnector">
<Arg name="server">
<Ref refid="Server" />
</Arg>
<Arg name="factories">
<Array type="org.eclipse.jetty.server.ConnectionFactory">
<Item>
<New class="org.eclipse.jetty.server.SslConnectionFactory"></New>
</Item>
<Item>
<New class="org.eclipse.jetty.server.HttpConnectionFactory"></New>
</Item>
</Array>
</Arg>
<Set name="host">
<Property name="jetty.host" default="0.0.0.0" />
</Set>
<Set name="port">
<Property name="jetty.port" default="14000" />
</Set>
<Set name="idleTimeout">
<Property name="http.timeout" default="30000" />
</Set>
<Set name="name">restConnector:14000</Set>
</New>
</Arg>
</Call>
</Configure>
我不得不设置这样的名称来解决 org.ops4j.pax.web.service.jetty 的 pax-web-jetty-4.2.2.jar 中的 :ArrayIndexOutOfBoundsException 1.internal.ServerControllerImpl$Stopped.start(ServerControllerImpl.java:503)
I had to set name like this to workaround an ArrayIndexOutOfBoundsException 1 in pax-web-jetty-4.2.2.jar at org.ops4j.pax.web.service.jetty.internal.ServerControllerImpl$Stopped.start(ServerControllerImpl.java:503):
String[] split = connector.getName().split(":");
if (httpSecurePort == Integer.valueOf(split[1])
.intValue()
&& address.equalsIgnoreCase(split[0])) { ... }
现在连接器似乎从我在日志中看到的开始:
Now the connector seems to start from what I see in the log:
2016-02-03 13:39:19,821 | INFO | pool-60-thread-1 | JettyServerImpl | 128 - org.ops4j.pax.web.pax-web-jetty - 4.2.2 | Pax Web available at [localhost]:[14000]
2016-02-03 13:39:19,821 | INFO | pool-60-thread-1 | JettyFactoryImpl | 128 - org.ops4j.pax.web.pax-web-jetty - 4.2.2 | SPDY not available, creating standard ServerConnector for Http
2016-02-03 13:39:19,822 | INFO | pool-60-thread-1 | JettyServerImpl | 128 - org.ops4j.pax.web.pax-web-jetty - 4.2.2 | Pax Web available at [0.0.0.0]:[8181]
2016-02-03 13:39:19,825 | INFO | pool-60-thread-1 | JettyFactoryImpl | 128 - org.ops4j.pax.web.pax-web-jetty - 4.2.2 | No ALPN class available
2016-02-03 13:39:19,825 | INFO | pool-60-thread-1 | JettyFactoryImpl | 128 - org.ops4j.pax.web.pax-web-jetty - 4.2.2 | SPDY not available, creating standard ServerConnector for Https
2016-02-03 13:39:19,825 | INFO | pool-60-thread-1 | JettyServerImpl | 128 - org.ops4j.pax.web.pax-web-jetty - 4.2.2 | Pax Web available at [0.0.0.0]:[8443]
...
2016-02-03 14:02:03,493 | INFO | pool-54-thread-1 | ContextHandler | 115 - org.eclipse.jetty.util - 9.2.10.v20150310 | Started HttpServiceContext{httpContext=org.apache.felix.webconsole.internal.servlet.OsgiManagerHttpContext@33dd06a6}
2016-02-03 14:02:03,493 | INFO | pool-54-thread-1 | Server | 115 - org.eclipse.jetty.util - 9.2.10.v20150310 | jetty-9.2.10.v20150310
2016-02-03 14:02:03,571 | INFO | pool-54-thread-1 | ServerConnector | 115 - org.eclipse.jetty.util - 9.2.10.v20150310 | Started restConnector:14000@1ed3b7fb{SSL-HTTP/1.1}{0.0.0.0:14000}
2016-02-03 14:02:03,571 | INFO | pool-54-thread-1 | ServerConnector | 115 - org.eclipse.jetty.util - 9.2.10.v20150310 | Started default@723f99b6{HTTP/1.1}{0.0.0.0:8181}
2016-02-03 14:02:03,602 | INFO | pool-54-thread-1 | ServerConnector | 115 - org.eclipse.jetty.util - 9.2.10.v20150310 | Started secureDefault@15203cf8{SSL-http/1.1}{0.0.0.0:8443}
2016-02-03 14:02:03,602 | INFO | pool-54-thread-1 | Server | 115 - org.eclipse.jetty.util - 9.2.10.v20150310 | Started @14307ms
但是如果我尝试在浏览器中打开 https://localhost:14000/我得到 ERR_CONNECTION_CLOSED 并抛出以下异常:
But if I try to open https://localhost:14000/ in my browser I get ERR_CONNECTION_CLOSED and the following exception is thrown:
2016-02-03 15:46:00,509 | DEBUG | qtp427346077-223 | HttpConnection | 79 - org.eclipse.jetty.util - 9.2.10.v20150310 |
javax.net.ssl.SSLHandshakeException: no cipher suites in common
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1431)[:1.8.0_60]
...
Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)[:1.8.0_60]
我是否遗漏了码头配置中的某些内容?
Do I miss something in the jetty configuration?
推荐答案
在尝试不同的配置并使用 Eclipse 调试器和 karaf 中的 log:set DEBUG 调试数小时后,我终于找到了正确的配置.这是:
After hours of trying out different configurations and debugging with eclipse debugger plus log:set DEBUG in karaf I finally came to the right configuration. Here it is:
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
<Set name="KeyStorePath"><Property name="jetty.home" default="." />/etc/keystores/keystore.jks</Set>
<Set name="KeyStorePassword">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
<Set name="KeyManagerPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set>
<Set name="TrustStorePath"><Property name="jetty.home" default="." />/etc/keystores/keystore.jks</Set>
<Set name="TrustStorePassword">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
</New>
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ServerConnector">
<Arg name="server">
<Ref refid="Server" />
</Arg>
<Arg name="factories">
<Array type="org.eclipse.jetty.server.ConnectionFactory">
<Item>
<New class="org.eclipse.jetty.server.SslConnectionFactory">
<Arg name="next">http/1.1</Arg>
<Arg name="sslContextFactory"><Ref refid="sslContextFactory"/></Arg>
</New>
</Item>
<Item>
<New class="org.eclipse.jetty.server.HttpConnectionFactory"></New>
</Item>
</Array>
</Arg>
<Set name="host">
<Property name="jetty.host" default="0.0.0.0" />
</Set>
<Set name="port">
<Property name="jetty.port" default="14000" />
</Set>
<Set name="idleTimeout">
<Property name="http.timeout" default="30000" />
</Set>
<Set name="name">restConnector:14000</Set>
</New>
</Arg>
</Call>
</Configure>
关键点是:
- 选择一个带冒号的连接器名称来解决PAXWEB-907
SslContextFactory的实例应使用密钥库属性创建并在SslConnectionFactory 中引用- 需要同时声明
SslConnectionFactory和HttpConnectionFactory,因此按此顺序正确声明它们很重要.
- Pick a connector name with a colon to workaround PAXWEB-907
- An instance of
SslContextFactoryshould be created with keystore properties and referenced inSslConnectionFactory - It is needed to declare both
SslConnectionFactoryandHttpConnectionFactorywhereby it is important to declare them right in this order.
这篇关于如何为 apache karaf 添加 SSL 连接器?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
