Java

8080 以外的埠上的 JBoss https 不起作用

  • October 16, 2012

我們有一個伺服器有兩個 JBoss 實例,其中一個在 8080 上執行,另一個在 8081 上執行。我們需要為 8081 伺服器啟用 HTTPS,首先我們嘗試通過生成密鑰庫並編輯在 8080 埠實例上啟用 httpsserver.xml並且它成功工作。但是,當我們為 8081 嘗試相同的操作時,它沒有,請注意,我們先刪除了 8080 伺服器的 https,然後再為 8081 啟用它。

這是server.xml用於 8080 和 8081 的內容。唯一的區別是在嘗試為 8081 埠實例啟用 https 時,埠從 8080 更改為 8081。我做錯了什麼,需要改變什麼?

注意:當我的意思是啟用 8080 時,我的意思是當您訪問 https:// URL:8484 時,您實際上將訪問 8080 埠實例。但是,當為 8081 啟用 ssl 並且我訪問 https:// URL:8484 時,我發現該網頁不可用。

無註釋版本

   <Server>

<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
 <Listener className="org.apache.catalina.core.JasperListener" />

  <Service name="jboss.web">
  <!-- https -->
   <Connector port="8080" address="${jboss.bind.address}"    
        maxThreads="350" maxHttpHeaderSize="8192"
        emptySessionPath="true" protocol="HTTP/1.1"
        enableLookups="false" redirectPort="8443" acceptCount="100"
        connectionTimeout="20000" disableUploadTimeout="true" compression="on" ompressableMimeType="text/html,text/css,text/javascript,application/json,text/xml,text/plain,application/x-javascript,application/javascript"/>

   <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" address="${jboss.bind.address}"
               keystoreFile="${jboss.server.home.dir}/conf/supun1.keystore"
               keystorePass="aaaaaa"
               truststoreFile="${jboss.server.home.dir}/conf/supun1.keystore"
               truststorePass="aaaaaa" />

   <!-- https1 -->

   <Connector port="8009" address="${jboss.bind.address}" protocol="AJP/1.3"
        emptySessionPath="true" enableLookups="false" redirectPort="8443" />

     <Engine name="jboss.web" defaultHost="localhost" jvmRoute="khms1">

        <Realm className="org.jboss.web.tomcat.security.JBossSecurityMgrRealm"
           certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
           allRolesMode="authOnly"
           />
       <Host name="localhost"
          autoDeploy="false" deployOnStartup="false" deployXML="false"
          configClass="org.jboss.web.tomcat.security.config.JBossContextConfig"
          >
           <Valve className="org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn" />

           <Valve className="org.jboss.web.tomcat.service.jca.CachedConnectionValve"
               cachedConnectionManagerObjectName="jboss.jca:service=CachedConnectionManager"
               transactionManagerObjectName="jboss:service=TransactionManager" />

        </Host>

     </Engine>

  </Service>

</Server>

帶評論版

   <Server>

 <!--APR library loader. Documentation at /docs/apr.html -->
 <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
 <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
 <Listener className="org.apache.catalina.core.JasperListener" />

  <!-- Use a custom version of StandardService that allows the
  connectors to be started independent of the normal lifecycle
  start to allow web apps to be deployed before starting the
  connectors.
  -->
  <Service name="jboss.web">

   <!-- A "Connector" represents an endpoint by which requests are received
        and responses are returned. Documentation at :
        Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
        Java AJP  Connector: /docs/config/ajp.html
        APR (HTTP/AJP) Connector: /docs/apr.html
        Define a non-SSL HTTP/1.1 Connector on port 8080
   -->
   <Connector port="8080" address="${jboss.bind.address}"    
        maxThreads="350" maxHttpHeaderSize="8192"
        emptySessionPath="true" protocol="HTTP/1.1"
        enableLookups="false" redirectPort="8443" acceptCount="100"
        connectionTimeout="20000" disableUploadTimeout="true" compression="on" ompressableMimeType="text/html,text/css,text/javascript,application/json,text/xml,text/plain,application/x-javascript,application/javascript"/>

   <!-- Define a SSL HTTP/1.1 Connector on port 8443
        This connector uses the JSSE configuration, when using APR, the 
        connector should be using the OpenSSL style configuration
        described in the APR documentation -->
   <!--
   <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
              maxThreads="150" scheme="https" secure="true"
              keystoreFile="${jboss.server.home.dir}/conf/zara.keystore"  keystorePass="zara2010" 
              clientAuth="false" sslProtocol="TLS" compression="on" />
   -->
   <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" address="${jboss.bind.address}"
               keystoreFile="${jboss.server.home.dir}/conf/supun1.keystore"
               keystorePass="aaaaaa"
               truststoreFile="${jboss.server.home.dir}/conf/supun1.keystore"
               truststorePass="aaaaaa" />


   <!-- Define an AJP 1.3 Connector on port 8009 -->
   <Connector port="8009" address="${jboss.bind.address}" protocol="AJP/1.3"
        emptySessionPath="true" enableLookups="false" redirectPort="8443" />

     <Engine name="jboss.web" defaultHost="localhost" jvmRoute="khms1">

        <!-- The JAAS based authentication and authorization realm implementation
        that is compatible with the jboss 3.2.x realm implementation.
        - certificatePrincipal : the class name of the
        org.jboss.security.auth.certs.CertificatePrincipal impl
        used for mapping X509[] cert chains to a Princpal.
        - allRolesMode : how to handle an auth-constraint with a role-name=*,
        one of strict, authOnly, strictAuthOnly
          + strict = Use the strict servlet spec interpretation which requires
          that the user have one of the web-app/security-role/role-name
          + authOnly = Allow any authenticated user
          + strictAuthOnly = Allow any authenticated user only if there are no
          web-app/security-roles
        -->
        <Realm className="org.jboss.web.tomcat.security.JBossSecurityMgrRealm"
           certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
           allRolesMode="authOnly"
           />
        <!-- A subclass of JBossSecurityMgrRealm that uses the authentication
        behavior of JBossSecurityMgrRealm, but overrides the authorization
        checks to use JACC permissions with the current java.security.Policy
        to determine authorized access.
        - allRolesMode : how to handle an auth-constraint with a role-name=*,
        one of strict, authOnly, strictAuthOnly
          + strict = Use the strict servlet spec interpretation which requires
          that the user have one of the web-app/security-role/role-name
          + authOnly = Allow any authenticated user
          + strictAuthOnly = Allow any authenticated user only if there are no
          web-app/security-roles
        <Realm className="org.jboss.web.tomcat.security.JaccAuthorizationRealm"
           certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
           allRolesMode="authOnly"
           />
        -->

       <Host name="localhost"
          autoDeploy="false" deployOnStartup="false" deployXML="false"
          configClass="org.jboss.web.tomcat.security.config.JBossContextConfig"
          >

           <!-- Uncomment to enable request dumper. This Valve "logs interesting 
                contents from the specified Request (before processing) and the 
                corresponding Response (after processing). It is especially useful 
                in debugging problems related to headers and cookies."
           -->

<!--
           <Valve className="org.apache.catalina.valves.RequestDumperValve" />
   -->        

           <!-- Access logger -->
           <!--
           <Valve className="org.apache.catalina.valves.AccessLogValve"
               prefix="localhost_access_log." suffix=".log"
               pattern="common" directory="${jboss.server.log.dir}" 
               resolveHosts="false" />
           -->

           <!-- Uncomment to enable single sign-on across web apps
               deployed to this host. Does not provide SSO across a cluster.     

               If this valve is used, do not use the JBoss ClusteredSingleSignOn 
               valve shown below. 

               A new configuration attribute is available beginning with
               release 4.0.4:

               cookieDomain  configures the domain to which the SSO cookie
                             will be scoped (i.e. the set of hosts to
                             which the cookie will be presented).  By default
                             the cookie is scoped to "/", meaning the host
                             that presented it.  Set cookieDomain to a
                             wider domain (e.g. "xyz.com") to allow an SSO
                             to span more than one hostname.
            -->
           <!--
           <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
           -->

           <!-- Uncomment to enable single sign-on across web apps
              deployed to this host AND to all other hosts in the cluster.

              If this valve is used, do not use the standard Tomcat SingleSignOn
              valve shown above.

              Valve uses a JBossCache instance to support SSO credential 
              caching and replication across the cluster.  The JBossCache 
              instance must be configured separately.  By default, the valve 
              shares a JBossCache with the service that supports HttpSession 
              replication.  See the "jboss-web-cluster-service.xml" file in the 
              server/all/deploy directory for cache configuration details.

              Besides the attributes supported by the standard Tomcat
              SingleSignOn valve (see the Tomcat docs), this version also 
              supports the following attributes:

              cookieDomain   see above

              treeCacheName  JMX ObjectName of the JBossCache MBean used to 
                             support credential caching and replication across
                             the cluster. If not set, the default value is 
                             "jboss.cache:service=TomcatClusteringCache", the 
                             standard ObjectName of the JBossCache MBean used 
                             to support session replication.
           -->

           <Valve className="org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn" />


           <!-- Check for unclosed connections and transaction terminated checks
                in servlets/jsps.

                Important: The dependency on the CachedConnectionManager
                in META-INF/jboss-service.xml must be uncommented, too
           -->
           <Valve className="org.jboss.web.tomcat.service.jca.CachedConnectionValve"
               cachedConnectionManagerObjectName="jboss.jca:service=CachedConnectionManager"
               transactionManagerObjectName="jboss:service=TransactionManager" />

        </Host>

     </Engine>

  </Service>

</Server>

這些伺服器是否在同一台機器上?我認為問題在於,如果您在同一台機器上執行伺服器,您只需將 8080 埠更改為 8081,但 JBoss 伺服器打開的埠不止這個埠。我的假設是第二台伺服器無法打開其他一些埠並且啟動不正確。更改伺服器埠時,建議使用埠綁定集,這將更改所有埠。

應該使用這個起始參數:

-Djboss.service.binding.set=ports-01

但是你不會有 8081 埠而是 8180 並且所有埠都將增加 100。

引用自:https://serverfault.com/questions/438867