如何从一个端口为 Jetty 提供 https 和 http? [英] How do I serve https and http for Jetty from one port?

问题描述

(我知道这是一个重复的问题，但原发帖者问它的原因是错误的.我并不是暗示我问它的原因正确，但让我们看看.)

(I know it's a duplicate question but the original poster asked it for the wrong reason. I'm not implying that I'm asking it for the right reason, but let's see.)

我们有一个在非标准端口号上运行的网络服务.尽管用户似乎能够记住端口号，但有时他们会错误地键入 http: 而不是 https:.有人问我们是否可以在该端口上提供 HTTP 服务，然后将它们重定向到同一端口上的 HTTPS.这听起来很糟糕......我喜欢它的可用性，但感觉这也许应该是浏览器的工作?

We have a web service which runs on a non-standard port number. Even though users seem to be able to remember the port number, occasionally they type http: instead of https: by mistake. Someone is asking whether we can serve HTTP on that port and then redirect them to HTTPS on the same port. It sounds evil... I like the usability but it feels like maybe it should be the browser's job to do this?

我见过的一种解决方案是在 Jetty 前编写您自己的代理".这个解决方案会起作用，但我认为它不会很好用，因为我不相信我可以编写一个与 Jetty 本身一样高效的代理.另外，即使代理本身是有效的，所有数据仍然需要多走一跳，无论如何这肯定会减慢流量.

The one solution I have seen was "write your own proxy in front of Jetty." This solution would work, but I don't think it would work well as I am not confident that I can write a proxy which is as efficient as Jetty itself. Plus, even if the proxy itself is efficient, all the data would still have to go an additional hop, which is guaranteed to slow down the traffic anyway.

还有比这更好的方法吗?也许 Jetty 本身有一些地方可以楔入协议检测逻辑，这将允许利用它们的速度，同时消除代理可能引入的额外跃点.

Is there a better way than this? Perhaps Jetty itself has some place where the protocol detection logic could be wedged which would allow taking advantage of their speed while also removing the additional hop a proxy would introduce.

推荐答案

更新:参见这个答案有关如何将单个端口重定向到 HTTPS 和 HTTP 侦听器的说明.如果出于某种原因您不使用该解决方案，请参见下文:

Update: See this answer for instructions on how to redirect a single port to both an HTTPS and HTTP listener. If for whatever reason you don't use that solution, see below:

不可能在同一端口上同时传输来自 http 和 https 的流量.Jetty 使用两个完全不同的连接器来绑定到安全和不安全端口.事实上，我遇到的每个 Web 服务器都将这两种协议绑定到两个完全独立的端口.

为了可用性，我建议的一件事是使用默认端口，这对用户完全隐藏了端口.默认情况下，http 使用端口 80，默认情况下 https 使用端口 443.因此，如果您将连接器配置为分别在端口 80 和端口 443 上运行，那么您的用户不必键入端口，您的开发团队也不必必须处理在 HTML、CSS、JavaScript 和其他资源的绝对路径中包含端口号.

One thing I would suggest for usability's sake is to use default ports, which completely hides the port from the user. By default http uses port 80, and by default https uses port 443. So if you configure your connectors to run on port 80 and port 443 respectively, then your users don't have to type a port, and your development team doesn't have to handle including port numbers in absolute paths in HTML, CSS, JavaScript, and other resources.

Jetty 被设计为独立的 Web 服务器，这与 Tomcat 的旧版本不同，Apache 建议后者在 Apache HTTP 服务器之后运行.因此，只要您没有其他 HTTP 服务器在运行，并且不能使用这些端口，您就应该能够将 Jetty 配置为在默认端口上运行而不会出现任何问题.这来自经验.我们正是以这种方式运行 Jetty.

Jetty is designed to be a standalone Web server, unlike older versions of Tomcat, which Apache suggests run behind the Apache HTTP server. Therefore, as long as you have no other HTTP server running, and using those ports so you cannot, you should be able to configure Jetty to run on the default ports without any problem. This comes from experience. We run Jetty precisely in this manner.

最后，一个协议可以绑定到多个端口.因此，如果您当前在 http 的 8080 端口和 https 的 8443 端口上运行 Jetty，您可以让这些连接器保持活动状态，并为端口 80 和端口 443 添加另外两个连接器.这为您的应用程序部分仍处于向后兼容性使用端口号，让您有时间继续前进.

Finally, a protocol can be bound to more than one port. Thus, if you're currently running Jetty on ports 8080 for http and 8443 for https, you can leave those connectors active and add two more connectors for port 80 and port 443. This enabled backwards compatibility for the part of your app that is still using the port numbers and gives you time to walk this forward.

<!-- Legacy HTTP connector -->
<Call name="addConnector">
  <Arg>
      <New class="org.mortbay.jetty.nio.SelectChannelConnector">
        <Set name="host"><SystemProperty name="jetty.host" /></Set>
        <Set name="port"><SystemProperty name="jetty.port" default="8080"/></Set>
        <Set name="maxIdleTime">30000</Set>
        <Set name="Acceptors">2</Set>
        <Set name="statsOn">false</Set>
        <Set name="confidentialPort">8443</Set>
        <Set name="lowResourcesConnections">5000</Set>
        <Set name="lowResourcesMaxIdleTime">5000</Set>
      </New>
  </Arg>
</Call>
<!-- Second connector for http on port 80 -->
<Call name="addConnector">
  <Arg>
      <New class="org.mortbay.jetty.nio.SelectChannelConnector">
        <Set name="host"><SystemProperty name="jetty.host" /></Set>
        <Set name="port"><SystemProperty name="jetty.port" default="80"/></Set>
        <Set name="maxIdleTime">30000</Set>
        <Set name="Acceptors">2</Set>
        <Set name="statsOn">false</Set>
        <Set name="confidentialPort">8443</Set>
        <Set name="lowResourcesConnections">5000</Set>
        <Set name="lowResourcesMaxIdleTime">5000</Set>
      </New>
  </Arg>
</Call>

<!-- Legacy SSL Connector for https port 8443 -->
<Call name="addConnector">
 <Arg>
  <New class="org.mortbay.jetty.security.SslSocketConnector">
    <Set name="Port">8443</Set>
    <Set name="maxIdleTime">30000</Set>
    <Set name="handshakeTimeout">2000</Set>
    <Set name="keystore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set>
    <Set name="password">xxxxxx</Set>
    <Set name="keyPassword">xxxxxx</Set>
    <Set name="truststore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set>
    <Set name="trustPassword">OBF:xxxxx</Set>
    <Set name="handshakeTimeout">2000</Set>
    <!-- Set name="ThreadPool">
      <New class="org.mortbay.thread.BoundedThreadPool">
        <Set name="minThreads">10</Set>
        <Set name="maxThreads">250</Set>
     </New>
    </Set -->
  </New>
 </Arg>
</Call>



<!-- Default SSL Connector for https port 443 -->
<Call name="addConnector">
 <Arg>
  <New class="org.mortbay.jetty.security.SslSocketConnector">
    <Set name="Port">443</Set>
    <Set name="maxIdleTime">30000</Set>
    <Set name="handshakeTimeout">2000</Set>
    <Set name="keystore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set>
    <Set name="password">xxxxxx</Set>
    <Set name="keyPassword">xxxxxx</Set>
    <Set name="truststore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set>
    <Set name="trustPassword">OBF:xxxxx</Set>
    <Set name="handshakeTimeout">2000</Set>
    <!-- Set name="ThreadPool">
      <New class="org.mortbay.thread.BoundedThreadPool">
        <Set name="minThreads">10</Set>
        <Set name="maxThreads">250</Set>
     </New>
    </Set -->
  </New>
 </Arg>
</Call>

对于第 2 个和第 4 个连接器，唯一真正的区别是端口号.简而言之，您可以为每个连接器/协议配置多个端口，但不能为同一个端口配置多个协议/连接器.

For the 2nd and 4th connectors, the only real differences are the port numbers. In short, you can configure multiple ports per connector/protocol, but you cannot configure multiple protocols/connectors for the same port.

这篇关于如何从一个端口为 Jetty 提供 https 和 http?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！