我正在使用 WildFly25,并使用默认设置运行它。
服务器控制台
WildFly Full 25.0.0.Final (WildFly Core 17.0.1.Final) started in 3938ms - Started 308 of 547 services (338 services are lazy, passive or on-demand)
Http management interface listening on http://127.0.0.1:9990/management
Admin console listening on http://127.0.0.1:9990
我想更新配置,以便它在 https 上使用 SSL/TLS 运行。
所以我关注了 WildFly文档使用 WildFly CLI 进行配置(建议使用 CLI 而不是手动编辑 XML,因为出现错误的可能性较小)。
配置
通过 CLI 连接:
/home/jboss/wildfly/wildfly-25.0.0.Final/bin ./jboss-cli.sh
connect
我有一个密钥库 ( mykeystore.jks
)。因此我将密钥库添加到 WildFly 配置中:
/subsystem=elytron/key-store=httpsKS:add(path=/home/jboss/wildfly/wildfly-25.0.0.Final/standalone/configuration/mykeystore.jks,credential-reference={clear-text=password},type=JKS)
/subsystem=elytron/key-manager=httpsKM:add(key-store=httpsKS,credential-reference={clear-text=password})
/subsystem=elytron/server-ssl-context=httpsSSC:add(key-manager=httpsKM,protocols=["TLSv1.2"])
当我检查时security-realm
:
/subsystem=undertow/server=default-server/https-listener=https:read-attribute(name=security-realm)
{
"outcome" => "success",
"result" => undefined
}
这可见于独立文件:
<tls>
<key-stores>
<key-store name="applicationKS">
<credential-reference clear-text="password"/>
<implementation type="JKS"/>
<file path="application.keystore" relative-to="jboss.server.config.dir"/>
</key-store>
<key-store name="httpsKS">
<credential-reference clear-text="password"/>
<implementation type="JKS"/>
<file path="/home/jboss/wildfly/wildfly-25.0.0.Final/standalone/configuration/mykeystore.jks"/>
</key-store>
</key-stores>
<key-managers>
<key-manager name="applicationKM" key-store="applicationKS" generate-self-signed-certificate-host="localhost">
<credential-reference clear-text="password"/>
</key-manager>
<key-manager name="httpsKM" key-store="httpsKS">
<credential-reference clear-text="password"/>
</key-manager>
</key-managers>
<server-ssl-contexts>
<server-ssl-context name="applicationSSC" key-manager="applicationKM"/>
<server-ssl-context name="httpsSSC" protocols="TLSv1.2" key-manager="httpsKM"/>
</server-ssl-contexts>
</tls>
<security-realm>
但是我在 xml 中没有看到任何内容:
<security-realms>
<identity-realm name="local" identity="$local"/>
<properties-realm name="ApplicationRealm">
<users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/>
<groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
</properties-realm>
<properties-realm name="ManagementRealm">
<users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm"/>
<groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
</properties-realm>
</security-realms>
按照原样security-realm
(undefined
在进行任何更改之前和之后),我运行以下命令(来自 WildFly文档),但它没有影响。 (这看起来好像它将设置security-realm
为undefined
,所以它不应该对已经的产生任何影响undefined
security-realm
)。
batch
/subsystem=undertow/server=default-server/https-listener=https:undefine-attribute(name=security-realm)
/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=ssl-context,value=httpsSSC)
run-batch
reload
问题
我错过了什么?按照 WildFly 文档操作后,我期望获得以下内容(即服务器在https
和 端口上监听管理控制台9993
):
服务器控制台
WildFly Full 25.0.0.Final (WildFly Core 17.0.1.Final) started in 3938ms - Started 308 of 547 services (338 services are lazy, passive or on-demand)
Http management interface listening on https://127.0.0.1:9993/management
Admin console listening on https://127.0.0.1:9993
更多信息
[standalone@localhost:9990 /] /core-service=management/management-interface=http-interface:write-attribute(name=secure-socket-binding, value=management-https)
{
"outcome" => "failed",
"failure-description" => "WFLYSRV0259: If attribute secure-socket-binding is defined ssl-context must also be defined",
"rolled-back" => true
}
答案1
当我运行它时它开始工作:
/core-service=management/management-interface=http-interface:write-attribute(name=ssl-context,value=httpsSSC)
reload
/core-service=management/management-interface=http-interface:write-attribute(name=secure-socket-binding, value=management-https)
reload
控制台输出:
09:25:59,234 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0062: Http management interface listening on http://127.0.0.1:9990/management and https://127.0.0.1:9993/management
09:25:59,234 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0053: Admin console listening on http://127.0.0.1:9990 and https://127.0.0.1:9993