我使用的是来自第三方的SSL证书 - 我使用以下命令
创建了一个.p12密钥库openssl pkcs12 -export -CAfile Geotrust_EV_Intermediate_Bundle.crt -in www_domainName_in.crt -inkey domainName.in.key -out wtkeystore1.p12 -name CompanyName -passout pass:SomePassWord
我已经推荐了Akka HTTPS支持文档,并按照
编码public HttpsConnectionContext useHttps(ActorSystem system) {
HttpsConnectionContext https = null;
try {
final char[] password = properties.keystorePassword().toCharArray();
final KeyStore ks = KeyStore.getInstance("PKCS12");
final InputStream keystore = WDService.class.getClassLoader().getResourceAsStream("wtkeystore.p12");
if (keystore == null) {
throw new RuntimeException("Keystore required!");
}
ks.load(keystore, password);
final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
keyManagerFactory.init(ks, password);
final TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);
final SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagerFactory.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());
final AkkaSSLConfig sslConfig = AkkaSSLConfig.get(system);
https = ConnectionContext.https(sslContext);
} catch (NoSuchAlgorithmException | KeyManagementException e) {
system.log().error(e.getCause() + " while configuring HTTPS.", e);
} catch (CertificateException | KeyStoreException | UnrecoverableKeyException | IOException e) {
system.log().error(e.getCause() + " while ", e);
}
return https;
}
我的主要文件代码如下
final Http http = Http.get(system);
log.info("Starting on " + properties.url() + ":" + properties.port());
final ConnectHttp host = ConnectHttp.toHost(properties.url(), properties.port());
Http.get(system).bindAndHandle(appRoute().flow(system, materializer), host, materializer);
log.info("Started on " + properties.url() + ":" + properties.port());
if (properties.useSSL()) {
HttpsConnectionContext https = useHttps(system);
http.setDefaultServerHttpContext(https);
Http.get(system).bindAndHandle(appRoute().flow(system, materializer),
ConnectHttp.toHost(properties.urlSSL(), properties.portSSL()), materializer);
log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}
现在我能够绑定到Akka Http,并且根本没有报告错误,但我的https请求在服务器上被拒绝(并且它甚至没有达到akka / http - 所以在akka系统中没有错误日志)和{ {3}}工作正常。
问题:
我错过了上面的任何一步吗?
我只使用SSLContext - 是的,还是我还要使用SSLConfig?如果是 - 那么我如何使用SSLConfig,因为似乎没有给出适当的文件
更新了代码1: 建议:
if (properties.useSSL()) {
HttpsConnectionContext https = useHttps(system);
ConnectHttp connect = ConnectHttp.toHostHttps(properties.urlSSL(), properties.portSSL())
.withCustomHttpsContext(https);
Http.get(system).bindAndHandle(appRoute().flow(system, materializer), connect, materializer);
log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}
并确保防火墙/网络对端口443开放,但是 netstat仍然显示状态为“已建立'然后我telnet到它,这个端口连接然后关闭
当我调试时,我将SSLConfig和其他对象作为None,除了SSLContext对象。这是正常吗? http://domainName.in
答案 0 :(得分:1)
尝试类似的东西:
if (properties.useSSL()) {
ConnectHttp connect =
ConnectHttp.toHostHttps(properties.urlSSL(), properties.portSSL())
.withCustomHttpsContext(useHttps(system));
Http.get(system).bindAndHandle(appRoute().flow(system, materializer),
connect, materializer);
log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}
答案 1 :(得分:0)
最后!它解决了......
我正在制作2个新的Http.get(系统)对象,而不是一个单个对象 所以我的更新代码如下
final Http http = Http.get(system); // Created Once Only
log.info("Starting on " + properties.url() + ":" + properties.port());
final ConnectHttp host = ConnectHttp.toHost(properties.url(), properties.port());
http.bindAndHandle(appRoute().flow(system, materializer), host, materializer);
log.info("Started on " + properties.url() + ":" + properties.port());
if (properties.useSSL()) {
HttpsConnectionContext https = useHttps(system);
ConnectHttp connect = ConnectHttp.toHostHttps(properties.urlSSL(), properties.portSSL())
.withCustomHttpsContext(https);
http.bindAndHandle(appRoute().flow(system, materializer), connect, materializer);
log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}
也是Thanx to jrudolph帮助代码...我还必须打开防火墙端口443并使域指向服务器的IP地址
根据Akka Http Docs使用SSLContext是可以的......如果您按照文档显示使用SSLContext,则无需使用SSLConfig - 我目前正在使用Akka v2.4.7。