堆栈内存溢出
  简体   繁体   English

我如何配置码头以侦听多个端口上的ssl连接:一个带有commonAuth,一个没有

[英]How do I configure jetty to listen on multiple ports for ssl connections: one with mutualAuth, one without

 原文  2017-09-19 00:55:51       ssl/ jetty/ mutual-authentication

问题描述

I'm fairly new to jetty, but I've dug through a lot of pages trying to find the answer to this one. 我对码头还很陌生,但是我已经浏览了很多页面,试图找到答案。

I'd like to have a single jetty instance running a single webapp. 我想让一个码头实例运行一个webapp。 I need it to listen for SSL connections on two ports one that uses mutual ssl, and one that uses normal ssl (I'll be using a different auth method with that one). 我需要它来监听两个端口上的SSL连接,一个使用双向ssl,另一个使用普通的ssl(我将使用与该端口不同的auth方法)。

The closest I found to an answer was this - but it is concerned with regular old http connections - and I think it may be out of date given its age. 我发现一个答案最接近的是这个 -但它关注的是普通的旧的HTTP连接-我想这可能是出于考虑到其年龄日期。

I'm pretty sure this will involve tweaks to jetty-ssl.xml, jetty-ssl-context.xml, and jetty-https.xml . 我很确定这将涉及对jetty-ssl.xml,jetty-ssl-context.xml和jetty-https.xml的调整。 . . but have not been able to put the puzzle pieces together that is both plausible, and doesn't result in a stack trace (let alone doing what I want). 但无法将看起来合理的拼图拼凑在一起,并且不会导致堆栈跟踪(更不用说做我想要的事情了)。

My best guess is that I need to create a second context factory that requires mutual auth (similar to the existing sslContextFactory), and then add another call to addIfAbsentConnectionFactory to wire it in. But while I seem to have the ability to restrict a context factory to require mutual auth - and don't see how I tie the context factories to operate on the separate ports. 我最好的猜测是,我需要创建第二个需要相互身份验证的上下文工厂(类似于现有的sslContextFactory),然后向addIfAbsentConnectionFactory添加另一个调用以将其连接。但是,尽管我似乎有能力限制上下文工厂需要相互身份验证-并且看不到如何将上下文工厂绑定在单独的端口上进行操作。

1 个解决方案

解决方案1
 1  2017-09-19 18:35:58

I think I've figured it out - hopefully this will save someone else a lot of frustration. 我想我已经解决了-希望这可以为其他人节省很多挫败感。 Here is what I did: 这是我所做的:

  • Create a second context factory to require mutual auth. 创建第二个上下文工厂以要求相互认证。 It did seem that I needed to do this in a separate file from the first one (jetty-ssl-context.xml) or jetty would complain, so I created jetty-ssl-context-mtls.xml and added a reference to the new file in the https.mod file. 看来我确实需要在与第一个文件不同的文件中进行此操作(jetty-ssl-context.xml),否则Jetty会抱怨,所以我创建了jetty-ssl-context-mtls.xml并添加了对新文件的引用https.mod文件中的文件。
  • Create a second connector to point to the second port (jetty-ssl.xml). 创建第二个连接器以指向第二个端口(jetty-ssl.xml)。
  • Configure the second connector to use the second context factory. 配置第二个连接器以使用第二个上下文工厂。 Similarly to what I did with ssl-context, I needed to do this in a separate file from the first one (jetty-https.xml) or jetty would complain, so I created jetty-https-mtls.xml and added a reference to the new file in the https.mod file. 与我对ssl-context所做的类似,我需要在与第一个文件(jetty-https.xml)分开的文件中进行此操作,否则jetty会抱怨,因此我创建了jetty-https-mtls.xml并添加了对https.mod文件中的新文件。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 一个盒子,多个端口,多个域,一个SSL证书 - One box, multiple ports, multiple domains, ONE SSL cert 如何配置 NginX:一个域有 SSL,另一个没有 - How to configure NginX: one domain with SSL, another without 如何为 nginx 上的不同端口使用一张 ssl 证书 - How to use one ssl certificate for different ports on nginx 在Jetty上配置SSL - Configure SSL on Jetty 在Heroku中配置Jetty SSL - configure jetty ssl in heroku SSL如何使用对称和非对称加密? 如何在一台主机上管理多个站点的认证? - How does SSL use symmetric and asymmetric encryption? And how do I manage certificated for multiple sites on one host? 如何在 mongoDB 服务器上配置 SSL? - How do I configure SSL on mongoDB server? 如何在IIS 7中为SSL配置站点? - How do I configure a site in IIS 7 for SSL? 如何为 SSL 配置 PyMySQL 连接? - How do I configure PyMySQL connect for SSL? 如何配置多个Ubuntu Python安装以避免App Engine的SSL错误? - How do I configure multiple Ubuntu Python installations to avoid App Engine's SSL error?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM