1. 首页
  2. 问答
  3. 如何为apache karaf添加SSL连接器?

如何为apache karaf添加SSL连接器?

2016-02-03 51 views
0

虽然搜索这个问题的答案,我偶然发现了http://blog.nanthrax.net/2013/02/multiple-http-connectors-in-apache-karaf/Jetty SSL configuration Apache karaf但这些信息已过时。我在https://www.eclipse.org/jetty/documentation/current/configuring-connectors.html处发现了新文档,这些示例与建议的配置不同。 Apache Karaf 4.0.2似乎使用码头9.如何为apache karaf添加SSL连接器?

我已经在$ {karaf.home} /etc/keystores/keystore.jks有一个密钥库,并且只想在端口14000添加第二个ssl连接器。要做到这一点?

这里是我的org.ops4j.pax.web.cfg:

org.osgi.service.http.port=8181 

org.osgi.service.http.port.secure=8443 
org.osgi.service.http.secure.enabled=true 
org.ops4j.pax.web.ssl.keystore=./etc/keystores/keystore.jks 
org.ops4j.pax.web.ssl.password=seeburger 
org.ops4j.pax.web.ssl.keypassword=seeburger 

org.ops4j.pax.web.config.file=${karaf.home}/etc/jetty.xml

这里是我的jetty.xml:

<Configure id="Server" class="org.eclipse.jetty.server.Server"> 
    <Call name="addConnector"> 
     <Arg> 
      <New class="org.eclipse.jetty.server.ServerConnector"> 
       <Arg name="server"> 
        <Ref refid="Server" /> 
       </Arg> 
       <Arg name="factories"> 
        <Array type="org.eclipse.jetty.server.ConnectionFactory"> 
         <Item> 
          <New class="org.eclipse.jetty.server.SslConnectionFactory"></New> 
         </Item> 
         <Item> 
          <New class="org.eclipse.jetty.server.HttpConnectionFactory"></New> 
         </Item> 
        </Array> 
       </Arg> 
       <Set name="host"> 
        <Property name="jetty.host" default="0.0.0.0" /> 
       </Set> 
       <Set name="port"> 
        <Property name="jetty.port" default="14000" /> 
       </Set> 
       <Set name="idleTimeout"> 
        <Property name="http.timeout" default="30000" /> 
       </Set> 
       <Set name="name">restConnector:14000</Set> 
      </New> 
     </Arg> 
    </Call> 
</Configure>

我必须设置名称这样的要解决的pax-的ArrayIndexOutOfBoundsException 1网络码头-4.2.2.jar在org.ops4j.pax.web.service.jetty.internal.ServerControllerImpl$Stopped.start(ServerControllerImpl.java:503)

String[] split = connector.getName().split(":"); 
if (httpSecurePort == Integer.valueOf(split[1]) 
     .intValue() 
     && address.equalsIgnoreCase(split[0])) { ... }

现在连接器似乎从我在看到启动日志:

2016-02-03 13:39:19,821 | INFO | pool-60-thread-1 | JettyServerImpl     | 128 - org.ops4j.pax.web.pax-web-jetty - 4.2.2 | Pax Web available at [localhost]:[14000] 
2016-02-03 13:39:19,821 | INFO | pool-60-thread-1 | JettyFactoryImpl     | 128 - org.ops4j.pax.web.pax-web-jetty - 4.2.2 | SPDY not available, creating standard ServerConnector for Http 
2016-02-03 13:39:19,822 | INFO | pool-60-thread-1 | JettyServerImpl     | 128 - org.ops4j.pax.web.pax-web-jetty - 4.2.2 | Pax Web available at [0.0.0.0]:[8181] 
2016-02-03 13:39:19,825 | INFO | pool-60-thread-1 | JettyFactoryImpl     | 128 - org.ops4j.pax.web.pax-web-jetty - 4.2.2 | No ALPN class available 
2016-02-03 13:39:19,825 | INFO | pool-60-thread-1 | JettyFactoryImpl     | 128 - org.ops4j.pax.web.pax-web-jetty - 4.2.2 | SPDY not available, creating standard ServerConnector for Https 
2016-02-03 13:39:19,825 | INFO | pool-60-thread-1 | JettyServerImpl     | 128 - org.ops4j.pax.web.pax-web-jetty - 4.2.2 | Pax Web available at [0.0.0.0]:[8443] 
... 
2016-02-03 14:02:03,493 | INFO | pool-54-thread-1 | ContextHandler     | 115 - org.eclipse.jetty.util - 9.2.10.v20150310 | Started HttpServiceContext{httpContext=org.[email protected]33dd06a6} 
2016-02-03 14:02:03,493 | INFO | pool-54-thread-1 | Server       | 115 - org.eclipse.jetty.util - 9.2.10.v20150310 | jetty-9.2.10.v20150310 
2016-02-03 14:02:03,571 | INFO | pool-54-thread-1 | ServerConnector     | 115 - org.eclipse.jetty.util - 9.2.10.v20150310 | Started restConnector:[email protected]{SSL-HTTP/1.1}{0.0.0.0:14000} 
2016-02-03 14:02:03,571 | INFO | pool-54-thread-1 | ServerConnector     | 115 - org.eclipse.jetty.util - 9.2.10.v20150310 | Started [email protected]{HTTP/1.1}{0.0.0.0:8181} 
2016-02-03 14:02:03,602 | INFO | pool-54-thread-1 | ServerConnector     | 115 - org.eclipse.jetty.util - 9.2.10.v20150310 | Started [email protected]{SSL-http/1.1}{0.0.0.0:8443} 
2016-02-03 14:02:03,602 | INFO | pool-54-thread-1 | Server       | 115 - org.eclipse.jetty.util - 9.2.10.v20150310 | Started @14307ms

但是,如果我尝试在我的浏览器我得到ERR_CONNECTION_CLOSED打开https://localhost:14000/及以下异常被抛出:

2016-02-03 15:46:00,509 | DEBUG | qtp427346077-223 | HttpConnection     | 79 - org.eclipse.jetty.util - 9.2.10.v20150310 | 
javax.net.ssl.SSLHandshakeException: no cipher suites in common 
     at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1431)[:1.8.0_60] 
... 
Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common 
     at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)[:1.8.0_60]

我怀念在码头配置的东西吗?

来源

2016-02-03 Danny Lo

回答

0

经过几个小时的尝试不同的配置和调试eclipse调试器加log:set DEBUG卡拉夫我终于来到了正确的配置。那就是:

<Configure id="Server" class="org.eclipse.jetty.server.Server"> 
    <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory"> 
    <Set name="KeyStorePath"><Property name="jetty.home" default="." />/etc/keystores/keystore.jks</Set> 
    <Set name="KeyStorePassword">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set> 
    <Set name="KeyManagerPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set> 
    <Set name="TrustStorePath"><Property name="jetty.home" default="." />/etc/keystores/keystore.jks</Set> 
    <Set name="TrustStorePassword">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set> 
    </New> 
    <Call name="addConnector"> 
    <Arg> 
     <New class="org.eclipse.jetty.server.ServerConnector"> 
     <Arg name="server"> 
      <Ref refid="Server" /> 
     </Arg> 
     <Arg name="factories"> 
      <Array type="org.eclipse.jetty.server.ConnectionFactory"> 
      <Item> 
       <New class="org.eclipse.jetty.server.SslConnectionFactory"> 
       <Arg name="next">http/1.1</Arg> 
       <Arg name="sslContextFactory"><Ref refid="sslContextFactory"/></Arg> 
       </New> 
      </Item> 
      <Item> 
       <New class="org.eclipse.jetty.server.HttpConnectionFactory"></New> 
      </Item> 
      </Array> 
     </Arg> 
     <Set name="host"> 
      <Property name="jetty.host" default="0.0.0.0" /> 
     </Set> 
     <Set name="port"> 
      <Property name="jetty.port" default="14000" /> 
     </Set> 
     <Set name="idleTimeout"> 
      <Property name="http.timeout" default="30000" /> 
     </Set> 
     <Set name="name">restConnector:14000</Set> 
     </New> 
    </Arg> 
    </Call> 
</Configure>

的关键点是:

  • 选择一个连接器名称用冒号要解决PAXWEB-907
  • SslContextFactory一个实例应与密钥库性质SslConnectionFactory
    • 被创建和引用
  • 需要声明SslConnectionFactoryHttpConnectionFactory,因此按照此顺序声明它们非常重要。

来源

2016-02-03 19:58:21

+0

作为替代PAXWEB-907问题,都升级到4.0.4 Karaf包含此修复程序。 –

+0

现在我必须坚持Karaf 4.0.2。 –

0

我最近不得不面对同样的情况,我很容易通过。我创建了自己的jks自签名,然后通过cfg文件只配置了Pax Web。

  1. 创建JKS

    密钥工具-genkeypair -keyalg RSA -validity 2048 \ -alias dontesta-karaf \ -dname“CN = karaf.dontesta.it,OU = R & d实验室,邻= Antonio Musarra的博客,C = IT,L =罗马,S =意大利“\ -keypass changeit -storepass changeit \ -keystore dontesta-karaf-server.jks \ -ext SAN = DNS:www.dontesta.it, DNS:services.dontesta。它

  2. 配置CFG大同的Web

    javax.servlet.context.tempdir = /Users/amusarra/Progetti/Karaf/runtime/apache-karaf-4.0.8/data/pax-web-jsp 组织.ops4j.pax.web.config.file = /Users/amusarra/Progetti/Karaf/runtime/apache-karaf-4.0.8/etc/jetty.xml org.osgi.service.http.port = 8181

    org.osgi.service.http.secure.enabled = true org.ops4j.pax.web.ssl.keystore = $ {karaf.etc} /keystore/dontesta-karaf-server.jks org.ops4j.pax。 web.ssl.password = changeit org.ops4j.pax.web.ssl.k eypassword =的changeit

欲了解更多信息,你可以看到在https://www.dontesta.it/blog/2017/03/02/come-abilitare-https-apache-karaf-pax-web/

来源

2017-03-02 23:18:15

相关问题

 相关问题