堆栈内存溢出
  简体   繁体   English

Tomcat 不提供 SSL

[英]Tomcat Doesn't Serve the SSL

 原文  2021-06-02 13:25:09       java/ apache/ ssl/ server/ tomcat9

问题描述

this is the server.xml file:这是 server.xml 文件:

<Connector port="8443" maxhttpHeaderSize="8192" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" 
           acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keyAlias="server"
           keystoreFile="/etc/apache2/sites-available/ssl/sample.jks" keystorePass="*****" protocol="org.apache.coyote.http11.Http11NioProtocol"
            SSLEnabled="true">
    <SSLHostConfig>
        <Certificate certificateKeystoreFile="/etc/apache2/sites-available/ssl/sample.jks"
                     type="RSA" />
    </SSLHostConfig>
</Connector>

and this is the tomcat config file in apache/sites-enabled这是 apache/sites-enabled 中的 tomcat 配置文件

<VirtualHost *:80>

    ProxyPreserveHost On

    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/

</VirtualHost>

<VirtualHost *:443>

    ProxyPreserveHost On

    ProxyPass / https://localhost:8443/
    ProxyPassReverse / https://localhost:8443/

</VirtualHost>

but my domain on HTTPS protocol show's nothing但是我在 HTTPS 协议上的域什么都没有

and on 80 port, server return's 503 Service Unavailable并且在 80 端口上,服务器返回 503 Service Unavailable

1 个解决方案

解决方案1
 1  2021-06-30 06:27:01

The only connector that you show for your server.xml is for port 8443, but your Apache httpd connects to 8080 - if there's nothing listening on 8080, a 503 answer is reasonable.您为服务器显示的唯一连接器。xml 用于端口 8443,但您的 Apache httpd 连接到 8080 - 如果在 8080 上没有任何监听,则 503 答案是合理的。

The 443 VirtualHost configuration is the shortest that I've ever seen for a VirtualHost that's supposed to serve TLS: You're not using any of the encryption-related directives, eg key/certificate location, allowed algorithms etc. That's a good reason to show nothing - as no TLS connection can be established, not even an error message can be shown. 443 VirtualHost 配置是我见过的应该服务于 TLS 的 VirtualHost 中最短的配置:您没有使用任何与加密相关的指令,例如密钥/证书位置、允许的算法等。这是一个很好的理由什么都不显示 - 因为不能建立 TLS 连接,所以甚至不能显示错误消息。

Recommendation: Start proxying to Tomcat via http, and only when that is running for every aspect, attempt to proxy to tomcat's https.建议:开始通过 http 代理到 Tomcat,并且只有在各个方面都运行时,才尝试代理到 tomcat 的 https。 It will involve:它将涉及:

  • On the tomcat side you'll need a key/certificate for localhost .在 tomcat 方面,您需要localhost的密钥/证书。 As no established CA will provide that, you'll have to go self signed由于没有已建立的 CA 会提供,您必须 go 自签名
  • On the httpd side, you'll need to explicitly trust the self-signed certificate在 httpd 方面,您需要明确信任自签名证书

On top of that: I'd just use the port-80 VirtualHost to unconditionally redirect to https and not even worry about serving any content there.最重要的是:我只是使用 port-80 VirtualHost 无条件地重定向到 https ,甚至不用担心在那里提供任何内容。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Tomcat 7 Web应用程序获取SSL握手_失败,桌面应用程序未获取 - Tomcat 7 Web App gets SSL handshake_failure, desktop application doesn't 无法让 PFX/SSL 在 Tomcat 中工作 - Can't get PFX/SSL to work in Tomcat mvn tomcat:run没有启动Tomcat - mvn tomcat:run doesn't start Tomcat Apache httpd无法提供Tomcat生成的文件 - Apache httpd can't serve files generated by Tomcat Tomcat类路径不变 - Tomcat classpath doesn't change 登录tomcat不起作用 - Logging in tomcat doesn't work Tomcat服务静态文件 - Tomcat Serve Static Files 使用Tomcat来提供目录? - Use Tomcat to serve a directory? 嵌入式 Tomcat 服务于 JSP - Embedded Tomcat to serve JSP Tomcat关于SSL的警告,浏览器找不到站点 - Tomcat warnings about SSL, and browser can't find the site
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM