Jboss ServiceBindingManager和server.xml:端口和证书

时间:2018-02-02 11:32:49

标签: jboss

使用引用/conf/jboss-service.xml中“sample-bindings.xml”配置的ServiceBindingManager:

   <mbean code="org.jboss.services.binding.ServiceBindingManager"
     name="jboss.system:service=ServiceBindingManager">
     <attribute name="ServerName">myserver</attribute>
     <attribute name="StoreURL">${jboss.home.url}/docs/examples/binding-manager/sample-bindings.xml</attribute>
     <attribute name="StoreFactoryClassName">
       org.jboss.services.binding.XMLServicesStoreFactory
     </attribute>
   </mbean>

1)启用ServiceBindingManager是否意味着“server.xml”端口被sample-bindings.xml定义的端口覆盖?

<!-- A "Connector" represents an endpoint by which requests are received
     and responses are returned. Documentation at :
     Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
     Java AJP  Connector: /docs/config/ajp.html
     APR (HTTP/AJP) Connector: /docs/apr.html
     Define a non-SSL HTTP/1.1 Connector on port 8080
-->
<Connector port="8080" address="${jboss.bind.address}"
     maxThreads="250" maxHttpHeaderSize="8192"
     emptySessionPath="true" protocol="HTTP/1.1"
     compression="on"
     compressionMinSize="2048"
     noCompressionUserAgents="gozilla, traviata"
     compressableMimeType="text/html,text/xml,text/javascript,application/x-javascript,text/css,text/plain"
     enableLookups="false" redirectPort="8443" acceptCount="100"
     connectionTimeout="20000" disableUploadTimeout="true" server="server1" />

<!-- Define a SSL HTTP/1.1 Connector on port 8443
     This connector uses the JSSE configuration, when using APR, the
     connector should be using the OpenSSL style configuration
     described in the APR documentation -->

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
           maxThreads="250" scheme="https" secure="true"
           maxHttpHeaderSize="8192"
           emptySessionPath="true"
           address="${jboss.bind.address}"
           keystoreFile="${jboss.server.home.dir}/conf/server.keystore"
           keystorePass="xx"
           truststoreFile="${jboss.server.home.dir}/conf/server.keystore"
           truststorePass="xx"
           clientAuth="false" sslProtocol="TLS" server="server1" />

2)如果server.xml端口不再相关,如何仍然使用TLS服务器证书?

1 个答案:

答案 0 :(得分:0)

经过一些谷歌搜索,它看起来像sample-bindings.xml ports 将覆盖server.xml端口相关的设置,主要用于在同一台服务器/机器上运行多个JBoss实例。在SSL scertificate上,如果看起来不再找到密钥库 - 你可以在run.conf的JAVA_OPTS部分中添加它们作为程序参数(我假设你使用的是旧版本的JBoss)或者你可以添加它们用于启动JBoss的命令行或脚本,例如:

/home/jboss/jboss-eap-5.1/jboss-as/bin/./run.sh -Djavax.net.ssl.keyStore=server.keystore -Djavax.net.ssl.trustStore=server.keystore -Djavax.net.ssl.trustStorePassword=xx -Djavax.net.ssl.keyStorePassword=xx > /dev/null 2>&1 &

请注意,您需要正确的文件路径。

我们在许多Jboss实例上使用相同的keystore / truststore程序参数。

相关问题
最新问题