1. 首頁
  2. 問答
  3. 碼頭:有兩個或多個IP地址,如何添加另一個SSL連接器?

碼頭:有兩個或多個IP地址,如何添加另一個SSL連接器?

2016-10-02 67 views
0

在Windows碼頭:有兩個或多個IP地址,如何添加另一個SSL連接器?

對於HTTP使用碼頭9.4,具有其他IP地址時,我就在碼頭,http.xml複製到etc文件夾和編輯文件,與一切除了IP地址作爲同其他連接器下面的例子(在這種情況下,我的IP地址是1.2.3.4 1.2.3.5和)

<Call name="addConnector"> 
<Arg> 
    <New id="httpConnector" class="org.eclipse.jetty.server.ServerConnector"> 
    <Arg name="server"><Ref refid="Server" /></Arg> 
    <Arg name="acceptors" type="int"><Property name="jetty.http.acceptors" deprecated="http.acceptors" default="-1"/></Arg> 
    <Arg name="selectors" type="int"><Property name="jetty.http.selectors" deprecated="http.selectors" default="-1"/></Arg> 
    <Arg name="factories"> 
     <Array type="org.eclipse.jetty.server.ConnectionFactory"> 
     <Item> 
      <New class="org.eclipse.jetty.server.HttpConnectionFactory"> 
      <Arg name="config"><Ref refid="httpConfig" /></Arg> 
      <Arg name="compliance"><Call class="org.eclipse.jetty.http.HttpCompliance" name="valueOf"><Arg><Property name="jetty.http.compliance" default="RFC7230"/></Arg></Call></Arg> 
      </New> 
     </Item> 
     </Array> 
    </Arg> 
    <Set name="host">1.2.3.4</Set> 
    <Set name="port">80</Set> 
    <Set name="idleTimeout"><Property name="jetty.http.idleTimeout" deprecated="http.timeout" default="30000"/></Set> 
    <Set name="soLingerTime"><Property name="jetty.http.soLingerTime" deprecated="http.soLingerTime" default="-1"/></Set> 
    <Set name="acceptorPriorityDelta"><Property name="jetty.http.acceptorPriorityDelta" deprecated="http.acceptorPriorityDelta" default="0"/></Set> 
    <Set name="acceptQueueSize"><Property name="jetty.http.acceptQueueSize" deprecated="http.acceptQueueSize" default="0"/></Set> 
    </New> 
</Arg> 


<Call name="addConnector"> 
<Arg> 
    <New id="httpConnector" class="org.eclipse.jetty.server.ServerConnector"> 
    <Arg name="server"><Ref refid="Server" /></Arg> 
    <Arg name="acceptors" type="int"><Property name="jetty.http.acceptors" deprecated="http.acceptors" default="-1"/></Arg> 
    <Arg name="selectors" type="int"><Property name="jetty.http.selectors" deprecated="http.selectors" default="-1"/></Arg> 
    <Arg name="factories"> 
     <Array type="org.eclipse.jetty.server.ConnectionFactory"> 
     <Item> 
      <New class="org.eclipse.jetty.server.HttpConnectionFactory"> 
      <Arg name="config"><Ref refid="httpConfig" /></Arg> 
      <Arg name="compliance"><Call class="org.eclipse.jetty.http.HttpCompliance" name="valueOf"><Arg><Property name="jetty.http.compliance" default="RFC7230"/></Arg></Call></Arg> 
      </New> 
     </Item> 
     </Array> 
    </Arg> 
    <Set name="host">1.2.3.5</Set> 
    <Set name="port">80</Set> 
    <Set name="idleTimeout"><Property name="jetty.http.idleTimeout" deprecated="http.timeout" default="30000"/></Set> 
    <Set name="soLingerTime"><Property name="jetty.http.soLingerTime" deprecated="http.soLingerTime" default="-1"/></Set> 
    <Set name="acceptorPriorityDelta"><Property name="jetty.http.acceptorPriorityDelta" deprecated="http.acceptorPriorityDelta" default="0"/></Set> 
    <Set name="acceptQueueSize"><Property name="jetty.http.acceptQueueSize" deprecated="http.acceptQueueSize" default="0"/></Set> 
    </New> 
</Arg>

但是,對於https。當我做同樣的文件SSL-的jetty.xml如下

<Call name="addConnector"> 
<Arg> 
    <New id="sslConnector" class="org.eclipse.jetty.server.ServerConnector"> 
    <Arg name="server"><Ref refid="Server" /></Arg> 
    <Arg name="acceptors" type="int"><Property name="jetty.ssl.acceptors" deprecated="ssl.acceptors" default="-1"/></Arg> 
    <Arg name="selectors" type="int"><Property name="jetty.ssl.selectors" deprecated="ssl.selectors" default="-1"/></Arg> 
    <Arg name="factories"> 
     <Array type="org.eclipse.jetty.server.ConnectionFactory"> 
     <!-- uncomment to support proxy protocol 
     <Item> 
      <New class="org.eclipse.jetty.server.ProxyConnectionFactory"/> 
     </Item>--> 
     </Array> 
    </Arg> 

    <Set name="host">1.2.3.4</Set> 
    <Set name="port">443</Set> 
    <Set name="idleTimeout"><Property name="jetty.ssl.idleTimeout" deprecated="ssl.timeout" default="30000"/></Set> 
    <Set name="soLingerTime"><Property name="jetty.ssl.soLingerTime" deprecated="ssl.soLingerTime" default="-1"/></Set> 
    <Set name="acceptorPriorityDelta"><Property name="jetty.ssl.acceptorPriorityDelta" deprecated="ssl.acceptorPriorityDelta" default="0"/></Set> 
    <Set name="acceptQueueSize"><Property name="jetty.ssl.acceptQueueSize" deprecated="ssl.acceptQueueSize" default="0"/></Set> 
    </New> 
</Arg> 


<Call name="addConnector"> 
<Arg> 
    <New id="sslConnector" class="org.eclipse.jetty.server.ServerConnector"> 
    <Arg name="server"><Ref refid="Server" /></Arg> 
    <Arg name="acceptors" type="int"><Property name="jetty.ssl.acceptors" deprecated="ssl.acceptors" default="-1"/></Arg> 
    <Arg name="selectors" type="int"><Property name="jetty.ssl.selectors" deprecated="ssl.selectors" default="-1"/></Arg> 
    <Arg name="factories"> 
     <Array type="org.eclipse.jetty.server.ConnectionFactory"> 
     <!-- uncomment to support proxy protocol 
     <Item> 
      <New class="org.eclipse.jetty.server.ProxyConnectionFactory"/> 
     </Item>--> 
     </Array> 
    </Arg> 

    <Set name="host">1.2.3.5</Set> 
    <Set name="port">443</Set> 
    <Set name="idleTimeout"><Property name="jetty.ssl.idleTimeout" deprecated="ssl.timeout" default="30000"/></Set> 
    <Set name="soLingerTime"><Property name="jetty.ssl.soLingerTime" deprecated="ssl.soLingerTime" default="-1"/></Set> 
    <Set name="acceptorPriorityDelta"><Property name="jetty.ssl.acceptorPriorityDelta" deprecated="ssl.acceptorPriorityDelta" default="0"/></Set> 
    <Set name="acceptQueueSize"><Property name="jetty.ssl.acceptQueueSize" deprecated="ssl.acceptQueueSize" default="0"/></Set> 
    </New> 
</Arg>

如下得到這個例外。不知道這裏缺少什麼?

Exception in thread "main" java.lang.IllegalStateException: No protocol factory for default protocol: null 
at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:258) 
at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81) 
at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:235) 
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68) 
at org.eclipse.jetty.server.Server.doStart(Server.java:390) 
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68) 
at org.eclipse.jetty.xml.XmlConfiguration$1.run(XmlConfiguration.java:1516) 
at java.security.AccessController.doPrivileged(Native Method) 
at org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration.java:1441)

來源

2016-10-02 Tommy Lord

回答

0

我決不是一個碼頭專家;不過,我最近還面臨着同樣的問題,你似乎有。我可以提供我已經採取的措施來消除協議問題,但我預計這隻會讓您進入下一階段的問題(密鑰庫/證書)。您的例外「默認協議無協議工廠:空」表示您的新連接器不引用ContextFactory,而後者又應指定協議。因此,如果沒有指定協議,則將其分配爲空值。雖然,我不明白爲什麼您複製的原始SSL連接器不會導致相同的問題,因爲它似乎沒有引用sslContextFactory id。

在父服務器配置中,您應該看到一個SslContextFactory。如果它在那裏,複製/過去,唯一地更改它的id,並確保協議設置得當。我的Jetty類對於我的應用程序來說是獨一無二的,但是您應該能夠根據Eclipse.org爲Jetty類進行一些較小的更改,並解決協議問題,然後繼續下一步。

在服務器配置,您sslContextFactory應類似於此:

<New id="secondarySSLContextFactory" class="com.myapp.appserver.jetty.server.connector.ssl.RuntimeSslContextFactory"> 
    <Set name="renegotiationAllowed">true</Set> 
    <Set name="needClientAuth">false</Set> 
    <Set name="wantClientAuth">false</Set> 
    <Set name="protocol">TLS</Set> 
    <Set name="secureRandomAlgorithm">SHA1PRNG</Set> 
    <Set name="excludeProtocols"> 
     <Array type="java.lang.String"> 
      <!-- Excluded to mitigate POODLE attack --> 
      <Item>SSLv3</Item> 
     </Array> 
    </Set> 
</New>

然後再新修改的連接器將類似於:

<Call name="addConnector"> 
<Arg> 
    <New id="sslConnector" class="org.eclipse.jetty.server.ServerConnector"> 
    <Arg name="server"><Ref refid="Server" /></Arg> 
    <Arg name="acceptors" type="int"><Property name="jetty.ssl.acceptors" deprecated="ssl.acceptors" default="-1"/></Arg> 
    <Arg name="selectors" type="int"><Property name="jetty.ssl.selectors" deprecated="ssl.selectors" default="-1"/></Arg> 
    <Arg name="factories"> 
     <Array type="org.eclipse.jetty.server.ConnectionFactory"> 
     <!-- uncomment to support proxy protocol 
     <Item> 
      <New class="org.eclipse.jetty.server.ProxyConnectionFactory"/> 
     </Item>--> 
     <!-- REFERENCE TO CONTEXT FACTORY ID --> 
     <Item> 
      <New class="org.eclipse.jetty.server.SslConnectionFactory"> 
      <Arg name="next">http/1.1</Arg> 
      <Arg name="sslContextFactory"> 
       <Ref refid="secondarySSLContextFactory"/> 
      </Arg> 
      </New> 
     </Item> 
     </Array> 
    </Arg> 

    <Set name="host">1.2.3.5</Set> 
    <Set name="port">443</Set> 
    <Set name="idleTimeout"><Property name="jetty.ssl.idleTimeout" deprecated="ssl.timeout" default="30000"/></Set> 
    <Set name="soLingerTime"><Property name="jetty.ssl.soLingerTime" deprecated="ssl.soLingerTime" default="-1"/></Set> 
    <Set name="acceptorPriorityDelta"><Property name="jetty.ssl.acceptorPriorityDelta" deprecated="ssl.acceptorPriorityDelta" default="0"/></Set> 
    <Set name="acceptQueueSize"><Property name="jetty.ssl.acceptQueueSize" deprecated="ssl.acceptQueueSize" default="0"/></Set> 
    </New> 
</Arg>

此外,如果您希望使用備用IP的替代SSL證書,則必須構建新的密鑰庫。以上secondarySSLContextFactory是設置新的密鑰存儲路徑和密碼的位置。有很多參考資料可以幫助解決這個問題。但是,除了創建和分配新的證書+鏈/密鑰庫之外,我幾乎沒有任何幫助服務器使用它的有用經驗,但新連接器會做出響應。我在Jetty 9中找不到任何幫助。我希望我提供的幫助有所幫助。

來源

2017-03-01 23:42:19 Radarjr

相關問題

 相關問題