如何配置播放!2.4.2 HTTPS 密钥库? [英] How to configure Play! 2.4.2 HTTPS keystore?
问题描述
我是 Play 框架的新手,只是尝试在 Java 8 上第一次使用 2.4.2 启用 HTTPS.我可以让它使用默认密钥库,但不能使用我自己的密钥库.我在 build.sbt 中配置了 working 默认密钥库:
I'm new to the Play Framework and just trying to get HTTPS going for the first time with 2.4.2 on Java 8. I can get it working with the default keystore but not with my own keystore. I configured the working default keystore in build.sbt:
javaOptions ++= Seq(
"-Dhttps.port=9443"
)
然后用于配置您自己的密钥库的官方文档有点过于抽象给我.它提到在 application.conf 中配置它,但没有说明如何,或在命令行上但没有使用 Java 示例.谷歌搜索揭示了一些 Scala 示例,但我无法哄骗它们,因为它们使用了诸如 devSettings 之类的东西,这些东西似乎在 Java 世界中没有遇到过,或者至少我对 Play 和 Scala 的了解不够,无法获得抓住他们.
Then the official documentation for configuring your own keystore gets a bit too abstract for me. It mentions configuring it in application.conf but doesn't say how, or on the command line but not with a Java example. Googling reveals some Scala examples but I cannot cajole them as they use things like devSettings that don't seem to come across to the Java world, or at least I do not understand Play and Scala enough to get a grip on them.
据我所知,我似乎在 build.sbt 中使用了自己独特的配置:
So as far as I know I seem to be using my own unique configuration in build.sbt:
javaOptions ++= Seq(
"-Dhttps.port=9443",
"-Dhttps.keyStore.path=keystore.jks",
"-Dhttps.keyStore.password=password")
它构建并运行正常:
p.c.s.NettyServer - Listening for HTTPS on port /0:0:0:0:0:0:0:0:9443
play.api.Play - Application started (Dev)
但是在第一次 https://访问时,我在执行器 UI 中得到了无穷无尽的堆栈跟踪:
But on the first https:// access I get an endless stack trace in the Actuator UI:
play.core.server.NettyServer$PlayPipelineFactory - cannot load SSL context
java.lang.reflect.InvocationTargetException: null
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[na:1.8.0_45]
...
play.core.server.netty.PlayDefaultUpstreamHandler - Exception caught in Netty
java.lang.IllegalArgumentException: empty text
at org.jboss.netty.handler.codec.http.HttpVersion.<init>(HttpVersion.java:89) ~[netty-3.10.3.Final.jar:na]
...
我的第一个想法是我没有正确配置它,但我还没有找到 Play 2.4 的权威指南.我开始认真地质疑我的谷歌搜索能力.我发现很多关于前端代理和避免在 Play 中终止 SSL 的引用,但我没有开发公共网站,并且发现这种方法太过分了.
My first thought is that I'm not configuring it correctly but I haven't managed to find a definitive guide for Play 2.4. I'm seriously starting to question my Googling powers. I find lots of references to front-end proxies and avoiding SSL termination in Play but I'm not developing a public website and find this approach overkill.
我不知道这是否是一个红鲱鱼,但 Netty 项目很久以前放弃了 org.jboss.netty,现在使用 io.netty.我在堆栈跟踪中看到了 org.jboss.netty,而 Play 2.4.2 似乎正在使用 Netty 3.10.3.Final,它已经很老了.我碰巧熟悉 Netty 并且在生产中使用了 4.x,而 5.x 目前处于 Alpha 阶段.为什么 Play 在这里停留在过去?我应该担心吗?
I don't know if it's a red herring but the Netty project dropped the org.jboss.netty a long time ago and now uses io.netty. I see org.jboss.netty all over the stack trace and Play 2.4.2 seems to be using Netty 3.10.3.Final which is very old. I happen to be familiar with Netty and have used 4.x in production while 5.x is currently in Alpha. Why is Play stuck in the past here? Should I be worried?
我发现了几个似乎密切相关的问题,例如 Play 2.2.x 中的一个错误 和 AHC 中的一个错误(Play 使用的),但是在我使用的 Play 2.4.2 之前,两者似乎都得到了很好的修复.尽管如此,我还是尝试了一些修复,例如升级 async-http-client 依赖项,从 async-http-client 中排除 org.jboss.netty 传递依赖项并升级到 Netty 3.10.4.Final.
I found several issues which seem closely related such as a bug in Play 2.2.x and a bug in AHC (which Play uses), but both appear to have been fixed well before Play 2.4.2 that I'm using. Nevertheless I tried fixes such as upgrading the async-http-client dependency, excluding the org.jboss.netty transitive dependency from async-http-client and upgrading to Netty 3.10.4.Final.
所以现在我被卡住了,但我觉得我只是缺少一个入门指南.也许所有这些依赖问题和相关的错误都只是浪费时间?
So now I'm stuck but I feel like I'm just missing a getting started guide. Maybe all these dependency issues and related bugs are just a waste of time?
推荐答案
所以在发布问题 5 分钟后我想通了...我的配置键错误和密钥库路径 需要绝对或相对于项目根目录(即添加 conf/如果它在您的 conf 文件夹中):
So 5 minutes after posting the question I figured it out... My configuration keys were wrong and the keystore path needed to be either absolute or relative to the project root (i.e. add conf/ if it's in your conf folder):
javaOptions ++= Seq(
"-Dhttps.port=9443",
"-Dhttps.keyStore=conf/keystore.jks",
"-Dhttps.keyStorePassword=password")
我对键的错误是使用点根据文档:
My mistake with the keys was to use dots per the documentation:
https.keyStore.path
https.keyStore.password
代替:
https.keyStore
https.keyStorePassword
我不确定如何从 dot.notation 到 camelCase 甚至我在这里配置的内容.这些参数更像是标准的 JVM 参数 javax.net.ssl.keyStore 和 javax.net.ssl.keyStorePassword,但又不完全是.我觉得我在这里错过了一个技巧.如果 Play 报告它找不到密钥库而不是 NPE,那也很好,但是由于我似乎正在配置 JVM,除非有另一种方法来配置这些东西,否则 Play 对此无能为力.. 有体面的文档!
I'm not sure how one gets from dot.notation to camelCase or even what exactly I'm configuring here. These parameters are more like the standard JVM arguments javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword, yet not quite. I feel like I'm missing a trick here. It would also be nice if Play would report that it couldn't find the keystore rather than an NPE, but since I seem to be configuring the JVM maybe there's nothing Play can do about it unless there is another way to configure this stuff... with decent documentation!
这篇关于如何配置播放!2.4.2 HTTPS 密钥库?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
