如何让 Jetty 在同一端口上将 http 重定向到 https?

如何让 Jetty 在同一端口上将 http 重定向到 https?

这个问题与如何让 Jetty 将 http 重定向到 httpsJetty 9-将 http 重定向到 https但两个地方均未给出答案。

基本上,我们在某个端口上运行我们的应用程序,比如 8085。我们通常使用 HTTP 来访问此应用程序。我们现在已经升级到需要 HTTPS。我们希望使用 HTTP 访问 8085 的用户被重定向到使用 HTTPS 的 8085。即http://host:8085 -> https://host:8085

我知道正常流程是在不同的端口上运行 HTTP 和 HTTPS,但我们根本不会运行 HTTP。

以下是我们目前无法正常工作的一些配置。我尝试了所有方法后,服务器仍然无法响应http://host:8085

这是因为一次只有一个连接器(HTTP 或 HTTPS)能够监听端口吗?

还有其他方法可以做到这一点吗?

谢谢。

<Configure class="org.eclipse.jetty.webapp.WebAppContext"> <Get name="sessionHandler"> <Get name="sessionManager"> <Set name="usingCookies" type="boolean">true</Set> </Get> </Get> <Set name="securityHandler"> <New class="org.eclipse.jetty.security.ConstraintSecurityHandler"> <Call name="addConstraintMapping"> <Arg> <New class="org.eclipse.jetty.security.ConstraintMapping"> <Set name="pathSpec">/*</Set> <Set name="constraint"> <New class="org.eclipse.jetty.util.security.Constraint"> <!-- 2 means CONFIDENTIAL. 1 means INTEGRITY --> <Set name="dataConstraint">2</Set> </New> </Set> </New> </Arg> </Call> </New> </Set> </Configure>

<security-constraint> <web-resource-collection> <web-resource-name>Everything</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>

  <New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
      <!-- This says Redirect to https://host:8085 if server returns "NOT SECURE" error -->
      <Set name="secureScheme">https</Set>
      <Set name="securePort"><Property name="jetty.secure.port" default="8085" /></Set>

      <Set name="outputBufferSize"><Property name="jetty.output.buffer.size" default="32768" /></Set>
      <Set name="requestHeaderSize"><Property name="jetty.request.header.size" default="8192" /></Set>
      <Set name="responseHeaderSize"><Property name="jetty.response.header.size" default="8192" /></Set>
      <Set name="sendServerVersion"><Property name="jetty.send.server.version" default="true" /></Set>
      <Set name="sendDateHeader"><Property name="jetty.send.date.header" default="false" /></Set>
      <Set name="headerCacheSize">512</Set>
      <!-- Uncomment to enable handling of X-Forwarded- style headers -->
      <Call name="addCustomizer">
        <Arg><New class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/></Arg>
      </Call>
      <Call name="addCustomizer">
    <Arg><New class="org.eclipse.jetty.server.SecureRequestCustomizer" /></Arg>
      </Call>
    </New>


<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
  <Set name="KeyStorePath"><Property name="jetty.base" default="/opt/app" />/<Property name="jetty.keystore" default="https/JettyKeyStore"/></Set>
  <Set name="KeyStorePassword"><Property name="jetty.keystore.password" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/>*******</Set>
  <Set name="KeyManagerPassword"><Property name="jetty.keymanager.password" default="OBF:1u2u1wml1z7s1z7a1wnl1u2g"/></Set>
  <Set name="TrustStorePath"><Property name="jetty.base" default="/opt/app" />/<Property name="jetty.truststore" default="https/JettyKeyStore"/></Set>
  <Set name="TrustStorePassword"><Property name="jetty.truststore.password" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set>
  <Set name="EndpointIdentificationAlgorithm"></Set>
  <Set name="ExcludeCipherSuites">
    <Array type="String">
      <Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
      <Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
      <Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
      <Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
      <Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
      <Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
      <Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
    </Array>
  </Set>

  <!-- =========================================================== -->
  <!-- Create a TLS specific HttpConfiguration based on the        -->
  <!-- common HttpConfiguration defined in jetty.xml               -->
  <!-- Add a SecureRequestCustomizer to extract certificate and    -->
  <!-- session information                                         -->
  <!-- =========================================================== -->
  <New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
    <Arg><Ref refid="httpConfig"/></Arg>
    <Call name="addCustomizer">
      <Arg><New class="org.eclipse.jetty.server.SecureRequestCustomizer"/></Arg>
    </Call>
  </New>

</Configure>

<Call id="httpsConnector" name="addConnector"> <Arg> <New class="org.eclipse.jetty.server.ServerConnector"> <Arg name="server"><Ref refid="Server" /></Arg> <Arg name="factories"> <Array type="org.eclipse.jetty.server.ConnectionFactory"> <Item> <New class="org.eclipse.jetty.server.SslConnectionFactory"> <Arg name="next">http/1.1</Arg> <Arg name="sslContextFactory"><Ref refid="sslContextFactory"/></Arg> </New> </Item> <Item> <New class="org.eclipse.jetty.server.HttpConnectionFactory"> <Arg name="config"><Ref refid="sslHttpConfig"/></Arg> </New> </Item> </Array> </Arg> <Set name="host"><Property name="jetty.host" />localhost</Set> <Set name="port"><Property name="https.port" default="8085" /></Set> <Set name="idleTimeout"><Property name="https.timeout" default="30000"/></Set> <Set name="name">standardConnection</Set> </New> </Arg> </Call>

<Call name="addConnector"> <Arg> <New class="org.eclipse.jetty.server.ServerConnector"> <Arg name="server"><Ref refid="Server" /></Arg> <Arg name="factories"> <Array type="org.eclipse.jetty.server.ConnectionFactory"> <Item> <New class="org.eclipse.jetty.server.HttpConnectionFactory"> <Arg name="config"><Ref refid="httpConfig" /></Arg> </New> </Item> </Array> </Arg> <Set name="host"><Property name="jetty.host" />localhost</Set> <Set name="port"><Property name="jetty.port" default="8085" /></Set> <Set name="idleTimeout"><Property name="http.timeout" default="30000"/></Set> <Set name="name">standardConnection</Set> <Set name="confidentialPort">8085</Set> </New> </Arg> </Call>

相关内容