这个问题与如何让 Jetty 将 http 重定向到 https和Jetty 9-将 http 重定向到 https但两个地方均未给出答案。
基本上,我们在某个端口上运行我们的应用程序,比如 8085。我们通常使用 HTTP 来访问此应用程序。我们现在已经升级到需要 HTTPS。我们希望使用 HTTP 访问 8085 的用户被重定向到使用 HTTPS 的 8085。即http://host:8085 -> https://host:8085
我知道正常流程是在不同的端口上运行 HTTP 和 HTTPS,但我们根本不会运行 HTTP。
以下是我们目前无法正常工作的一些配置。我尝试了所有方法后,服务器仍然无法响应http://host:8085。
这是因为一次只有一个连接器(HTTP 或 HTTPS)能够监听端口吗?
还有其他方法可以做到这一点吗?
谢谢。
<Configure class="org.eclipse.jetty.webapp.WebAppContext"> <Get name="sessionHandler"> <Get name="sessionManager"> <Set name="usingCookies" type="boolean">true</Set> </Get> </Get> <Set name="securityHandler"> <New class="org.eclipse.jetty.security.ConstraintSecurityHandler"> <Call name="addConstraintMapping"> <Arg> <New class="org.eclipse.jetty.security.ConstraintMapping"> <Set name="pathSpec">/*</Set> <Set name="constraint"> <New class="org.eclipse.jetty.util.security.Constraint"> <!-- 2 means CONFIDENTIAL. 1 means INTEGRITY --> <Set name="dataConstraint">2</Set> </New> </Set> </New> </Arg> </Call> </New> </Set> </Configure>
<security-constraint> <web-resource-collection> <web-resource-name>Everything</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
<New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
<!-- This says Redirect to https://host:8085 if server returns "NOT SECURE" error -->
<Set name="secureScheme">https</Set>
<Set name="securePort"><Property name="jetty.secure.port" default="8085" /></Set>
<Set name="outputBufferSize"><Property name="jetty.output.buffer.size" default="32768" /></Set>
<Set name="requestHeaderSize"><Property name="jetty.request.header.size" default="8192" /></Set>
<Set name="responseHeaderSize"><Property name="jetty.response.header.size" default="8192" /></Set>
<Set name="sendServerVersion"><Property name="jetty.send.server.version" default="true" /></Set>
<Set name="sendDateHeader"><Property name="jetty.send.date.header" default="false" /></Set>
<Set name="headerCacheSize">512</Set>
<!-- Uncomment to enable handling of X-Forwarded- style headers -->
<Call name="addCustomizer">
<Arg><New class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/></Arg>
</Call>
<Call name="addCustomizer">
<Arg><New class="org.eclipse.jetty.server.SecureRequestCustomizer" /></Arg>
</Call>
</New>
<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
<Set name="KeyStorePath"><Property name="jetty.base" default="/opt/app" />/<Property name="jetty.keystore" default="https/JettyKeyStore"/></Set>
<Set name="KeyStorePassword"><Property name="jetty.keystore.password" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/>*******</Set>
<Set name="KeyManagerPassword"><Property name="jetty.keymanager.password" default="OBF:1u2u1wml1z7s1z7a1wnl1u2g"/></Set>
<Set name="TrustStorePath"><Property name="jetty.base" default="/opt/app" />/<Property name="jetty.truststore" default="https/JettyKeyStore"/></Set>
<Set name="TrustStorePassword"><Property name="jetty.truststore.password" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set>
<Set name="EndpointIdentificationAlgorithm"></Set>
<Set name="ExcludeCipherSuites">
<Array type="String">
<Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
<Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
<Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
</Array>
</Set>
<!-- =========================================================== -->
<!-- Create a TLS specific HttpConfiguration based on the -->
<!-- common HttpConfiguration defined in jetty.xml -->
<!-- Add a SecureRequestCustomizer to extract certificate and -->
<!-- session information -->
<!-- =========================================================== -->
<New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
<Arg><Ref refid="httpConfig"/></Arg>
<Call name="addCustomizer">
<Arg><New class="org.eclipse.jetty.server.SecureRequestCustomizer"/></Arg>
</Call>
</New>
</Configure>
<Call id="httpsConnector" name="addConnector"> <Arg> <New class="org.eclipse.jetty.server.ServerConnector"> <Arg name="server"><Ref refid="Server" /></Arg> <Arg name="factories"> <Array type="org.eclipse.jetty.server.ConnectionFactory"> <Item> <New class="org.eclipse.jetty.server.SslConnectionFactory"> <Arg name="next">http/1.1</Arg> <Arg name="sslContextFactory"><Ref refid="sslContextFactory"/></Arg> </New> </Item> <Item> <New class="org.eclipse.jetty.server.HttpConnectionFactory"> <Arg name="config"><Ref refid="sslHttpConfig"/></Arg> </New> </Item> </Array> </Arg> <Set name="host"><Property name="jetty.host" />localhost</Set> <Set name="port"><Property name="https.port" default="8085" /></Set> <Set name="idleTimeout"><Property name="https.timeout" default="30000"/></Set> <Set name="name">standardConnection</Set> </New> </Arg> </Call>
<Call name="addConnector"> <Arg> <New class="org.eclipse.jetty.server.ServerConnector"> <Arg name="server"><Ref refid="Server" /></Arg> <Arg name="factories"> <Array type="org.eclipse.jetty.server.ConnectionFactory"> <Item> <New class="org.eclipse.jetty.server.HttpConnectionFactory"> <Arg name="config"><Ref refid="httpConfig" /></Arg> </New> </Item> </Array> </Arg> <Set name="host"><Property name="jetty.host" />localhost</Set> <Set name="port"><Property name="jetty.port" default="8085" /></Set> <Set name="idleTimeout"><Property name="http.timeout" default="30000"/></Set> <Set name="name">standardConnection</Set> <Set name="confidentialPort">8085</Set> </New> </Arg> </Call>