如何为apache karaf添加SSL连接器?

时间:2016-02-03 11:06:21

标签: ssl apache-karaf jetty-9

在搜索此问题的答案时,我偶然发现了http://blog.nanthrax.net/2013/02/multiple-http-connectors-in-apache-karaf/Jetty SSL configuration Apache karaf,但此信息已过时。我在https://www.eclipse.org/jetty/documentation/current/configuring-connectors.html找到了新文档,示例与提议的配置不同。 Apache Karaf 4.0.2似乎使用了Jetty 9。

我已经在$ {karaf.home} /etc/keystores/keystore.jks上有一个密钥库,并且只想在端口14000添加第二个ssl连接器。怎么做?

这是我的org.ops4j.pax.web.cfg:

org.osgi.service.http.port=8181

org.osgi.service.http.port.secure=8443
org.osgi.service.http.secure.enabled=true
org.ops4j.pax.web.ssl.keystore=./etc/keystores/keystore.jks
org.ops4j.pax.web.ssl.password=seeburger
org.ops4j.pax.web.ssl.keypassword=seeburger

org.ops4j.pax.web.config.file=${karaf.home}/etc/jetty.xml

这是我的jetty.xml:

<Configure id="Server" class="org.eclipse.jetty.server.Server">
    <Call name="addConnector">
        <Arg>
            <New class="org.eclipse.jetty.server.ServerConnector">
                <Arg name="server">
                    <Ref refid="Server" />
                </Arg>
                <Arg name="factories">
                    <Array type="org.eclipse.jetty.server.ConnectionFactory">
                        <Item>
                            <New class="org.eclipse.jetty.server.SslConnectionFactory"></New>
                        </Item>
                        <Item>
                            <New class="org.eclipse.jetty.server.HttpConnectionFactory"></New>
                        </Item>
                    </Array>
                </Arg>
                <Set name="host">
                    <Property name="jetty.host" default="0.0.0.0" />
                </Set>
                <Set name="port">
                    <Property name="jetty.port" default="14000" />
                </Set>
                <Set name="idleTimeout">
                    <Property name="http.timeout" default="30000" />
                </Set>
                <Set name="name">restConnector:14000</Set>
            </New>
        </Arg>
    </Call>
</Configure>

我必须设置这样的名称来解决ArrayIndexOutOfBoundsException 1中pax-web-jetty-4.2.2.jar中的org.ops4j.pax.web.service.jetty.internal.ServerControllerImpl$Stopped.start(ServerControllerImpl.java:503)

String[] split = connector.getName().split(":");
if (httpSecurePort == Integer.valueOf(split[1])
        .intValue()
        && address.equalsIgnoreCase(split[0])) { ... }

现在连接器似乎从我在日志中看到的开始:

2016-02-03 13:39:19,821 | INFO  | pool-60-thread-1 | JettyServerImpl                  | 128 - org.ops4j.pax.web.pax-web-jetty - 4.2.2 | Pax Web available at [localhost]:[14000]
2016-02-03 13:39:19,821 | INFO  | pool-60-thread-1 | JettyFactoryImpl                 | 128 - org.ops4j.pax.web.pax-web-jetty - 4.2.2 | SPDY not available, creating standard ServerConnector for Http
2016-02-03 13:39:19,822 | INFO  | pool-60-thread-1 | JettyServerImpl                  | 128 - org.ops4j.pax.web.pax-web-jetty - 4.2.2 | Pax Web available at [0.0.0.0]:[8181]
2016-02-03 13:39:19,825 | INFO  | pool-60-thread-1 | JettyFactoryImpl                 | 128 - org.ops4j.pax.web.pax-web-jetty - 4.2.2 | No ALPN class available
2016-02-03 13:39:19,825 | INFO  | pool-60-thread-1 | JettyFactoryImpl                 | 128 - org.ops4j.pax.web.pax-web-jetty - 4.2.2 | SPDY not available, creating standard ServerConnector for Https
2016-02-03 13:39:19,825 | INFO  | pool-60-thread-1 | JettyServerImpl                  | 128 - org.ops4j.pax.web.pax-web-jetty - 4.2.2 | Pax Web available at [0.0.0.0]:[8443]
...
2016-02-03 14:02:03,493 | INFO  | pool-54-thread-1 | ContextHandler                   | 115 - org.eclipse.jetty.util - 9.2.10.v20150310 | Started HttpServiceContext{httpContext=org.apache.felix.webconsole.internal.servlet.OsgiManagerHttpContext@33dd06a6}
2016-02-03 14:02:03,493 | INFO  | pool-54-thread-1 | Server                           | 115 - org.eclipse.jetty.util - 9.2.10.v20150310 | jetty-9.2.10.v20150310
2016-02-03 14:02:03,571 | INFO  | pool-54-thread-1 | ServerConnector                  | 115 - org.eclipse.jetty.util - 9.2.10.v20150310 | Started restConnector:14000@1ed3b7fb{SSL-HTTP/1.1}{0.0.0.0:14000}
2016-02-03 14:02:03,571 | INFO  | pool-54-thread-1 | ServerConnector                  | 115 - org.eclipse.jetty.util - 9.2.10.v20150310 | Started default@723f99b6{HTTP/1.1}{0.0.0.0:8181}
2016-02-03 14:02:03,602 | INFO  | pool-54-thread-1 | ServerConnector                  | 115 - org.eclipse.jetty.util - 9.2.10.v20150310 | Started secureDefault@15203cf8{SSL-http/1.1}{0.0.0.0:8443}
2016-02-03 14:02:03,602 | INFO  | pool-54-thread-1 | Server                           | 115 - org.eclipse.jetty.util - 9.2.10.v20150310 | Started @14307ms

但如果我尝试在浏览器中打开https://localhost:14000/,我会收到ERR_CONNECTION_CLOSED并抛出以下异常:

2016-02-03 15:46:00,509 | DEBUG | qtp427346077-223 | HttpConnection                   | 79 - org.eclipse.jetty.util - 9.2.10.v20150310 |
javax.net.ssl.SSLHandshakeException: no cipher suites in common
        at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1431)[:1.8.0_60]
...
Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)[:1.8.0_60]

我是否会错过码头配置中的某些内容?

2 个答案:

答案 0 :(得分:0)

在karaf中尝试使用eclipse调试器和log:set DEBUG进行不同的配置和调试后,我终于找到了正确的配置。这是:

<Configure id="Server" class="org.eclipse.jetty.server.Server">
  <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
    <Set name="KeyStorePath"><Property name="jetty.home" default="." />/etc/keystores/keystore.jks</Set>
    <Set name="KeyStorePassword">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
    <Set name="KeyManagerPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set>
    <Set name="TrustStorePath"><Property name="jetty.home" default="." />/etc/keystores/keystore.jks</Set>
    <Set name="TrustStorePassword">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
  </New>
  <Call name="addConnector">
    <Arg>
      <New class="org.eclipse.jetty.server.ServerConnector">
        <Arg name="server">
          <Ref refid="Server" />
        </Arg>
        <Arg name="factories">
          <Array type="org.eclipse.jetty.server.ConnectionFactory">
            <Item>
              <New class="org.eclipse.jetty.server.SslConnectionFactory">
                <Arg name="next">http/1.1</Arg>
                <Arg name="sslContextFactory"><Ref refid="sslContextFactory"/></Arg>
              </New>
            </Item>
            <Item>
              <New class="org.eclipse.jetty.server.HttpConnectionFactory"></New>
            </Item>
          </Array>
        </Arg>
        <Set name="host">
          <Property name="jetty.host" default="0.0.0.0" />
        </Set>
        <Set name="port">
          <Property name="jetty.port" default="14000" />
        </Set>
        <Set name="idleTimeout">
          <Property name="http.timeout" default="30000" />
        </Set>
        <Set name="name">restConnector:14000</Set>
      </New>
    </Arg>
  </Call>
</Configure>

关键点是:

  • 选择带冒号的连接器名称以解决方法PAXWEB-907
  • 应使用密钥库属性创建SslContextFactory的实例,并在SslConnectionFactory
    • 中引用
  • 需要声明SslConnectionFactoryHttpConnectionFactory,因此按此顺序声明它们非常重要。

答案 1 :(得分:0)

我最近不得不面对我很容易通过的相同情况。我创建了自己的jks自签名,然后通过cfg文件只配置了Pax Web。

  1. 创建JKS

    keytool -genkeypair -keyalg RSA -validity 2048 \  -alias dontesta-karaf \  -dname&#34; cn = karaf.dontesta.it,ou = R&amp; D Labs,o = Antonio Musarra的博客,C = IT,L =罗马,S =意大利&#34; \  -keypass changeit -storepass changeit \  -keystore dontesta-karaf-server.jks \  -ext SAN = DNS:www.dontesta.it,DNS:services.dontesta.it

  2. 配置CFG Pax Web

    javax.servlet.context.tempdir = /Users/amusarra/Progetti/Karaf/runtime/apache-karaf-4.0.8/data/pax-web-jsp org.ops4j.pax.web.config.file = /Users/amusarra/Progetti/Karaf/runtime/apache-karaf-4.0.8/etc/jetty.xml org.osgi.service.http.port = 8181

    org.osgi.service.http.secure.enabled =真 org.ops4j.pax.web.ssl.keystore = $ {} karaf.etc /keystore/dontesta-karaf-server.jks org.ops4j.pax.web.ssl.password =的changeit org.ops4j.pax.web.ssl.keypassword =的changeit

    3. 有关详细信息,请参阅https://www.dontesta.it/blog/2017/03/02/come-abilitare-https-apache-karaf-pax-web/

相关问题
最新问题