这个问题是相关的如何让Jettyredirect到HTTPS和Jetty 9 – redirectHTTP HTTPS,但没有在任何位置应答。
基本上,我们运行我们的应用程序在一些端口,说8085.我们一般使用HTTP来访问这个应用程序。 我们已经升级到现在需要HTTPS。 我们希望用户通过HTTP访问8085的用户通过HTTPSredirect到8085。 即http://host:8085 -> https://host:8085
我知道正常的过程是在不同的端口上运行HTTP和HTTPS,但是我们不打算运行HTTP。
这是我们的一些configuration,它不工作atm。 尝试尽可能的一切后,我无法让服务器响应http://host:8085 。
这是由于只有一个连接器(HTTP或HTTPS)能够一次侦听端口吗?
有没有其他方法可以做到这一点?
谢谢。
<Configure class="org.eclipse.jetty.webapp.WebAppContext"> <Get name="sessionHandler"> <Get name="sessionManager"> <Set name="usingCookies" type="boolean">true</Set> </Get> </Get> <Set name="securityHandler"> <New class="org.eclipse.jetty.security.ConstraintSecurityHandler"> <Call name="addConstraintMapping"> <Arg> <New class="org.eclipse.jetty.security.ConstraintMapping"> <Set name="pathSpec">/*</Set> <Set name="constraint"> <New class="org.eclipse.jetty.util.security.Constraint"> <!-- 2 means CONFIDENTIAL. 1 means INTEGRITY --> <Set name="dataConstraint">2</Set> </New> </Set> </New> </Arg> </Call> </New> </Set> </Configure>
<security-constraint> <web-resource-collection> <web-resource-name>Everything</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
<New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration"> <!-- This says Redirect to https://host:8085 if server returns "NOT SECURE" error --> <Set name="secureScheme">https</Set> <Set name="securePort"><Property name="jetty.secure.port" default="8085" /></Set> <Set name="outputBufferSize"><Property name="jetty.output.buffer.size" default="32768" /></Set> <Set name="requestHeaderSize"><Property name="jetty.request.header.size" default="8192" /></Set> <Set name="responseHeaderSize"><Property name="jetty.response.header.size" default="8192" /></Set> <Set name="sendServerVersion"><Property name="jetty.send.server.version" default="true" /></Set> <Set name="sendDateHeader"><Property name="jetty.send.date.header" default="false" /></Set> <Set name="headerCacheSize">512</Set> <!-- Uncomment to enable handling of X-Forwarded- style headers --> <Call name="addCustomizer"> <Arg><New class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/></Arg> </Call> <Call name="addCustomizer"> <Arg><New class="org.eclipse.jetty.server.SecureRequestCustomizer" /></Arg> </Call> </New> <Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory"> <Set name="KeyStorePath"><Property name="jetty.base" default="/opt/app" />/<Property name="jetty.keystore" default="https/JettyKeyStore"/></Set> <Set name="KeyStorePassword"><Property name="jetty.keystore.password" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/>*******</Set> <Set name="KeyManagerPassword"><Property name="jetty.keymanager.password" default="OBF:1u2u1wml1z7s1z7a1wnl1u2g"/></Set> <Set name="TrustStorePath"><Property name="jetty.base" default="/opt/app" />/<Property name="jetty.truststore" default="https/JettyKeyStore"/></Set> <Set name="TrustStorePassword"><Property name="jetty.truststore.password" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set> <Set name="EndpointIdentificationAlgorithm"></Set> <Set name="ExcludeCipherSuites"> <Array type="String"> <Item>SSL_RSA_WITH_DES_CBC_SHA</Item> <Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item> <Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item> <Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item> <Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item> <Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item> <Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item> </Array> </Set> <!-- =========================================================== --> <!-- Create a TLS specific HttpConfiguration based on the --> <!-- common HttpConfiguration defined in jetty.xml --> <!-- Add a SecureRequestCustomizer to extract certificate and --> <!-- session information --> <!-- =========================================================== --> <New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration"> <Arg><Ref refid="httpConfig"/></Arg> <Call name="addCustomizer"> <Arg><New class="org.eclipse.jetty.server.SecureRequestCustomizer"/></Arg> </Call> </New> </Configure>
<Call id="httpsConnector" name="addConnector"> <Arg> <New class="org.eclipse.jetty.server.ServerConnector"> <Arg name="server"><Ref refid="Server" /></Arg> <Arg name="factories"> <Array type="org.eclipse.jetty.server.ConnectionFactory"> <Item> <New class="org.eclipse.jetty.server.SslConnectionFactory"> <Arg name="next">http/1.1</Arg> <Arg name="sslContextFactory"><Ref refid="sslContextFactory"/></Arg> </New> </Item> <Item> <New class="org.eclipse.jetty.server.HttpConnectionFactory"> <Arg name="config"><Ref refid="sslHttpConfig"/></Arg> </New> </Item> </Array> </Arg> <Set name="host"><Property name="jetty.host" />localhost</Set> <Set name="port"><Property name="https.port" default="8085" /></Set> <Set name="idleTimeout"><Property name="https.timeout" default="30000"/></Set> <Set name="name">standardConnection</Set> </New> </Arg> </Call>
<Call name="addConnector"> <Arg> <New class="org.eclipse.jetty.server.ServerConnector"> <Arg name="server"><Ref refid="Server" /></Arg> <Arg name="factories"> <Array type="org.eclipse.jetty.server.ConnectionFactory"> <Item> <New class="org.eclipse.jetty.server.HttpConnectionFactory"> <Arg name="config"><Ref refid="httpConfig" /></Arg> </New> </Item> </Array> </Arg> <Set name="host"><Property name="jetty.host" />localhost</Set> <Set name="port"><Property name="jetty.port" default="8085" /></Set> <Set name="idleTimeout"><Property name="http.timeout" default="30000"/></Set> <Set name="name">standardConnection</Set> <Set name="confidentialPort">8085</Set> </New> </Arg> </Call>