我们正在用Java创建一个反向代理应用程序,该应用程序将请求转发到下游系统并获得响应并将其发送回UI。
为此,我们开始使用Apache HttpClient库。当我们进行如下配置时,Http客户端执行将完美工作。它正在处理所有请求(GET,POST,PUT,DELETE)。它是用通用方法制成的。
HttpRequest request = null;
if (request.getHeader(HttpHeaders.CONTENT_LENGTH) != null
|| request.getHeader(HttpHeaders.TRANSFER_ENCODING) != null) {
HttpEntityEnclosingRequest proxyRequest = new BasicHttpEntityEnclosingRequest(method, requestUri);
proxyRequest.setEntity(new InputStreamEntity(servletRequest.getInputStream(), getContentLength(servletRequest)));
} else {
proxyRequest = new BasicHttpRequest(method, requestUri);
}
request = proxyRequest;
HttpResponse response = httpClient.execute(new HttpHost("http://custdomain.com", 8443, "https"),request);
但是当我尝试仅使用不带端口号的url时,我无法连接到下游系统。
HttpResponse response = httpClient.execute(new HttpHost("http://custdomain.com",-1, "https"),request);
建议。
Edit1:连接至8443端口时,我获得连接重置异常
2018-08-03 17:22:28.961 DEBUG 7920 --- [nio-9003-exec-1] org.apache.http.headers : http-outgoing-0 >> CONNECT quotesystem.com:8443 HTTP/1.1
2018-08-03 17:22:28.966 DEBUG 7920 --- [nio-9003-exec-1] org.apache.http.headers : http-outgoing-0 >> Host: quotesystem.com:8443
2018-08-03 17:22:28.971 DEBUG 7920 --- [nio-9003-exec-1] org.apache.http.headers : http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.3 (Java/1.8.0_131)
2018-08-03 17:22:28.976 DEBUG 7920 --- [nio-9003-exec-1] org.apache.http.wire : http-outgoing-0 >> "CONNECT quotesystem.com:8443 HTTP/1.1[\r][\n]"
2018-08-03 17:22:28.981 DEBUG 7920 --- [nio-9003-exec-1] org.apache.http.wire : http-outgoing-0 >> "Host: quotesystem.com:8443[\r][\n]"
2018-08-03 17:22:28.986 DEBUG 7920 --- [nio-9003-exec-1] org.apache.http.wire : http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.5.3 (Java/1.8.0_131)[\r][\n]"
2018-08-03 17:22:28.988 DEBUG 7920 --- [nio-9003-exec-1] org.apache.http.wire : http-outgoing-0 >> "[\r][\n]"
2018-08-03 17:22:29.018 DEBUG 7920 --- [nio-9003-exec-1] org.apache.http.wire : http-outgoing-0 << "HTTP/1.1 200 Connection Established[\r][\n]"
2018-08-03 17:22:29.023 DEBUG 7920 --- [nio-9003-exec-1] org.apache.http.wire : http-outgoing-0 << "Proxy-Agent: Zscaler/6.0[\r][\n]"
2018-08-03 17:22:29.026 DEBUG 7920 --- [nio-9003-exec-1] org.apache.http.wire : http-outgoing-0 << "[\r][\n]"
2018-08-03 17:22:29.081 DEBUG 7920 --- [nio-9003-exec-1] org.apache.http.headers : http-outgoing-0 << HTTP/1.1 200 Connection Established
2018-08-03 17:22:29.086 DEBUG 7920 --- [nio-9003-exec-1] org.apache.http.headers : http-outgoing-0 << Proxy-Agent: Zscaler/6.0
2018-08-03 17:22:29.123 DEBUG 7920 --- [nio-9003-exec-1] o.a.http.impl.execchain.MainClientExec : Tunnel to target created.
2018-08-03 17:22:35.686 DEBUG 7920 --- [nio-9003-exec-1] o.a.h.c.ssl.SSLConnectionSocketFactory : Enabled protocols: [TLSv1, TLSv1.1, TLSv1.2]
2018-08-03 17:22:35.689 DEBUG 7920 --- [nio-9003-exec-1] o.a.h.c.ssl.SSLConnectionSocketFactory : Enabled cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256]
2018-08-03 17:22:35.694 DEBUG 7920 --- [nio-9003-exec-1] o.a.h.c.ssl.SSLConnectionSocketFactory : Starting handshake
2018-08-03 17:23:11.553 DEBUG 7920 --- [nio-9003-exec-1] h.i.c.DefaultManagedHttpClientConnection : http-outgoing-0: Shutdown connection
2018-08-03 17:23:11.569 DEBUG 7920 --- [nio-9003-exec-1] o.a.http.impl.execchain.MainClientExec : Connection discarded
2018-08-03 17:23:11.584 DEBUG 7920 --- [nio-9003-exec-1] h.i.c.PoolingHttpClientConnectionManager : Connection released: [id: 0][route: {tls}->http://127.0.0.1:9874->https://quotesystem.com:8443][total kept alive: 0; route allocated: 0 of 2; total allocated: 0 of 100]
2018-08-03 17:23:11.619 INFO 7920 --- [nio-9003-exec-1] o.apache.http.impl.execchain.RetryExec : I/O exception (java.net.SocketException) caught when processing request to {tls}->http://127.0.0.1:9874->https://quotesystem.com:8443: Connection reset
2018-08-03 17:23:11.849 DEBUG 7920 --- [nio-9003-exec-1] o.apache.http.impl.execchain.RetryExec : Connection reset
java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:210) ~[na:1.8.0_131]
at java.net.SocketInputStream.read(SocketInputStream.java:141) ~[na:1.8.0_131]
at sun.security.ssl.InputRecord.readFully(InputRecord.java:465) ~[na:1.8.0_131]
at sun.security.ssl.InputRecord.read(InputRecord.java:503) ~[na:1.8.0_131]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973) ~[na:1.8.0_131]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) ~[na:1.8.0_131]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) ~[na:1.8.0_131]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) ~[na:1.8.0_131]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.upgrade(DefaultHttpClientConnectionOperator.java:193) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.upgrade(PoolingHttpClientConnectionManager.java:375) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:416) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111) [httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) [httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:118) [httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56) [httpclient-4.5.3.jar:4.5.3]
答案 0 :(得分:2)
通过启用TLSv1.2解决了此问题
答案 1 :(得分:1)
据我了解,您的系统可以通过https
端口上的8443
连接到。使用new HttpHost("http://custdomain.com", 8443, "https")
创建对其的请求时,您明确提到要连接到8443
端口。但是,当您使用new HttpHost("http://custdomain.com", -1, "https")
时,您将让Apache HttpClient决定使用which port it should connect-如您所见,Apache HttpClient连接到默认方案(在您的情况下为https
)端口。在Apache HttpClient 4.x中,此端口使用SchemePortResolver
实例解析。 Default implementation of it返回https方案的硬编码值-它是443
端口,这就是为什么您无法连接的原因。
我想除非您是root用户,否则您不能在443
端口上运行downsystem-因此,您应该明确请求该端口。如果要离开Apache Http Client来构造它,则可以编写自己的SchemePortResolver
实现,并使用setSchemePortResolver
方法将其设置为HttpClientBuilder
。