如何从一个端口为Jetty提供https和http？ [英] How do I serve https and http for Jetty from one port?

问题描述

（我知道这是一个重复的问题，但是原始海报问错了原因。我并不是说我要求正确的原因，但让我们看看。）

(I know it's a duplicate question but the original poster asked it for the wrong reason. I'm not implying that I'm asking it for the right reason, but let's see.)

我们有一个运行在非标准端口号上的Web服务。即使用户似乎能够记住端口号，但偶尔也会输入http：而不是https：。有人问我们是否可以在该端口上提供HTTP，然后在同一端口上将它们重定向到HTTPS。这听起来很邪恶......我喜欢可用性但感觉浏览器的工作应该是这样吗？

We have a web service which runs on a non-standard port number. Even though users seem to be able to remember the port number, occasionally they type http: instead of https: by mistake. Someone is asking whether we can serve HTTP on that port and then redirect them to HTTPS on the same port. It sounds evil... I like the usability but it feels like maybe it should be the browser's job to do this?

我看到的一个解决方案是写你的在Jetty面前拥有自己的代理人。这个解决方案可行，但我不认为它会运行良好，因为我不相信我能编写一个与Jetty本身一样高效的代理。另外，即使代理本身效率很高，所有数据仍然需要额外跳转，这无论如何都会保证减慢流量。

The one solution I have seen was "write your own proxy in front of Jetty." This solution would work, but I don't think it would work well as I am not confident that I can write a proxy which is as efficient as Jetty itself. Plus, even if the proxy itself is efficient, all the data would still have to go an additional hop, which is guaranteed to slow down the traffic anyway.

是否有比这更好的方法？也许Jetty本身有一些可以楔入协议检测逻辑的地方，它可以利用它们的速度，同时还可以删除代理引入的额外跳数。

Is there a better way than this? Perhaps Jetty itself has some place where the protocol detection logic could be wedged which would allow taking advantage of their speed while also removing the additional hop a proxy would introduce.

推荐答案

更新：有关如何将单个端口重定向到的说明，请参阅此答案 HTTPS和HTTP侦听器。如果由于某种原因您不使用该解决方案，请参阅以下内容：

Update: See this answer for instructions on how to redirect a single port to both an HTTPS and HTTP listener. If for whatever reason you don't use that solution, see below:

无法管理来自http和https的流量在同一个港口。 Jetty使用两个完全不同的连接器绑定到安全和不安全的端口。事实上，我遇到的每个Web服务器都将两个协议绑定到两个完全独立的端口。

我建议可用性的一件事是使用默认端口，完全隐藏用户的端口。默认情况下，http使用端口80，默认情况下https使用端口443.因此，如果您将连接器配置为分别在端口80和端口443上运行，那么您的用户不必键入端口，并且您的开发团队不会必须处理HTML，CSS，JavaScript和其他资源中绝对路径中的端口号。

One thing I would suggest for usability's sake is to use default ports, which completely hides the port from the user. By default http uses port 80, and by default https uses port 443. So if you configure your connectors to run on port 80 and port 443 respectively, then your users don't have to type a port, and your development team doesn't have to handle including port numbers in absolute paths in HTML, CSS, JavaScript, and other resources.

Jetty设计为独立的Web服务器，不像旧的Tomcat的版本，Apache建议在Apache HTTP服务器后面运行。因此，只要您没有运行其他HTTP服务器，并且使用这些端口而不能，您就应该能够将Jetty配置为在默认端口上运行而不会出现任何问题。 这来自经验。我们以这种方式精确地运行Jetty。

Jetty is designed to be a standalone Web server, unlike older versions of Tomcat, which Apache suggests run behind the Apache HTTP server. Therefore, as long as you have no other HTTP server running, and using those ports so you cannot, you should be able to configure Jetty to run on the default ports without any problem. This comes from experience. We run Jetty precisely in this manner.

最后，协议可以绑定到多个端口。因此，如果您当前在端口8080上为http运行Jetty，在8443上为https运行Jetty，则可以将这些连接器保持活动状态，并为端口80和端口443添加另外两个连接器。这样可以使应用程序仍然向后兼容使用端口号，让你有时间向前走。

Finally, a protocol can be bound to more than one port. Thus, if you're currently running Jetty on ports 8080 for http and 8443 for https, you can leave those connectors active and add two more connectors for port 80 and port 443. This enabled backwards compatibility for the part of your app that is still using the port numbers and gives you time to walk this forward.

<!-- Legacy HTTP connector -->
<Call name="addConnector">
  <Arg>
      <New class="org.mortbay.jetty.nio.SelectChannelConnector">
        <Set name="host"><SystemProperty name="jetty.host" /></Set>
        <Set name="port"><SystemProperty name="jetty.port" default="8080"/></Set>
        <Set name="maxIdleTime">30000</Set>
        <Set name="Acceptors">2</Set>
        <Set name="statsOn">false</Set>
        <Set name="confidentialPort">8443</Set>
        <Set name="lowResourcesConnections">5000</Set>
        <Set name="lowResourcesMaxIdleTime">5000</Set>
      </New>
  </Arg>
</Call>
<!-- Second connector for http on port 80 -->
<Call name="addConnector">
  <Arg>
      <New class="org.mortbay.jetty.nio.SelectChannelConnector">
        <Set name="host"><SystemProperty name="jetty.host" /></Set>
        <Set name="port"><SystemProperty name="jetty.port" default="80"/></Set>
        <Set name="maxIdleTime">30000</Set>
        <Set name="Acceptors">2</Set>
        <Set name="statsOn">false</Set>
        <Set name="confidentialPort">8443</Set>
        <Set name="lowResourcesConnections">5000</Set>
        <Set name="lowResourcesMaxIdleTime">5000</Set>
      </New>
  </Arg>
</Call>

<!-- Legacy SSL Connector for https port 8443 -->
<Call name="addConnector">
 <Arg>
  <New class="org.mortbay.jetty.security.SslSocketConnector">
    <Set name="Port">8443</Set>
    <Set name="maxIdleTime">30000</Set>
    <Set name="handshakeTimeout">2000</Set>
    <Set name="keystore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set>
    <Set name="password">xxxxxx</Set>
    <Set name="keyPassword">xxxxxx</Set>
    <Set name="truststore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set>
    <Set name="trustPassword">OBF:xxxxx</Set>
    <Set name="handshakeTimeout">2000</Set>
    <!-- Set name="ThreadPool">
      <New class="org.mortbay.thread.BoundedThreadPool">
        <Set name="minThreads">10</Set>
        <Set name="maxThreads">250</Set>
     </New>
    </Set -->
  </New>
 </Arg>
</Call>



<!-- Default SSL Connector for https port 443 -->
<Call name="addConnector">
 <Arg>
  <New class="org.mortbay.jetty.security.SslSocketConnector">
    <Set name="Port">443</Set>
    <Set name="maxIdleTime">30000</Set>
    <Set name="handshakeTimeout">2000</Set>
    <Set name="keystore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set>
    <Set name="password">xxxxxx</Set>
    <Set name="keyPassword">xxxxxx</Set>
    <Set name="truststore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set>
    <Set name="trustPassword">OBF:xxxxx</Set>
    <Set name="handshakeTimeout">2000</Set>
    <!-- Set name="ThreadPool">
      <New class="org.mortbay.thread.BoundedThreadPool">
        <Set name="minThreads">10</Set>
        <Set name="maxThreads">250</Set>
     </New>
    </Set -->
  </New>
 </Arg>
</Call>

对于第2和第4个连接器，唯一真正的区别是端口号。简而言之，您可以为每个连接器/协议配置多个端口，但不能为同一端口配置多个协议/连接器。

For the 2nd and 4th connectors, the only real differences are the port numbers. In short, you can configure multiple ports per connector/protocol, but you cannot configure multiple protocols/connectors for the same port.

这篇关于如何从一个端口为Jetty提供https和http？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！