[英]How do I serve https and http for Jetty from one port?
(我知道這是一個重復的問題,但原始的海報問錯了原因。我並不是說我正在問它是正確的理由,但讓我們看看。)
我們有一個運行在非標准端口號上的Web服務。 盡管用戶似乎能夠記住端口號,但偶爾他們會輸入http:而不是https:。 有人問我們是否可以在該端口上提供HTTP,然后在同一端口上將它們重定向到HTTPS。 這聽起來很邪惡......我喜歡可用性但感覺瀏覽器的工作應該是這樣做的嗎?
我見過的一個解決方案是“在Jetty面前編寫自己的代理”。 這個解決方案可行,但我不認為它會運行良好,因為我不相信我能編寫一個與Jetty本身一樣高效的代理。 此外,即使代理本身有效,所有數據仍然需要額外跳躍,這無論如何都會保證減慢流量。
有比這更好的方法嗎? 也許Jetty本身有一些協議檢測邏輯可以被楔入的地方,這將允許利用它們的速度,同時還移除代理將引入的額外跳。
更新:有關如何將單個端口重定向到HTTPS和HTTP偵聽器的說明,請參閱此答案 。 如果由於某種原因您不使用該解決方案,請參閱以下內容:
無法在同一端口上管理來自http和https的流量。
Jetty使用兩個完全不同的連接器綁定到安全和不安全的端口。
事實上,我遇到的每個Web服務器都將這兩個協議綁定到兩個完全獨立的端口。
我建議可用性的一件事是使用默認端口,它完全隱藏了用戶的端口。 默認情況下,http使用端口80,默認情況下,https使用端口443.因此,如果您將連接器配置為分別在端口80和端口443上運行,那么您的用戶不必鍵入端口,並且您的開發團隊不會必須處理HTML,CSS,JavaScript和其他資源中的絕對路徑中的端口號。
Jetty被設計為獨立的Web服務器,不像舊版本的Tomcat ,Apache建議在Apache HTTP服務器后運行。 因此,只要您沒有其他HTTP服務器正在運行,並且使用這些端口而您不能,您就應該能夠將Jetty配置為在默認端口上運行而不會出現任何問題。 這來自經驗。 我們正是以這種方式運行Jetty。
最后,協議可以綁定到多個端口。 因此,如果您當前在端口8080上為http運行Jetty,在8443上為https運行Jetty,則可以保持這些連接器處於活動狀態,並為端口80和端口443添加另外兩個連接器。這樣可以向您的應用程序部分向后兼容使用端口號,讓你有時間向前走。
<!-- Legacy HTTP connector -->
<Call name="addConnector">
<Arg>
<New class="org.mortbay.jetty.nio.SelectChannelConnector">
<Set name="host"><SystemProperty name="jetty.host" /></Set>
<Set name="port"><SystemProperty name="jetty.port" default="8080"/></Set>
<Set name="maxIdleTime">30000</Set>
<Set name="Acceptors">2</Set>
<Set name="statsOn">false</Set>
<Set name="confidentialPort">8443</Set>
<Set name="lowResourcesConnections">5000</Set>
<Set name="lowResourcesMaxIdleTime">5000</Set>
</New>
</Arg>
</Call>
<!-- Second connector for http on port 80 -->
<Call name="addConnector">
<Arg>
<New class="org.mortbay.jetty.nio.SelectChannelConnector">
<Set name="host"><SystemProperty name="jetty.host" /></Set>
<Set name="port"><SystemProperty name="jetty.port" default="80"/></Set>
<Set name="maxIdleTime">30000</Set>
<Set name="Acceptors">2</Set>
<Set name="statsOn">false</Set>
<Set name="confidentialPort">8443</Set>
<Set name="lowResourcesConnections">5000</Set>
<Set name="lowResourcesMaxIdleTime">5000</Set>
</New>
</Arg>
</Call>
<!-- Legacy SSL Connector for https port 8443 -->
<Call name="addConnector">
<Arg>
<New class="org.mortbay.jetty.security.SslSocketConnector">
<Set name="Port">8443</Set>
<Set name="maxIdleTime">30000</Set>
<Set name="handshakeTimeout">2000</Set>
<Set name="keystore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set>
<Set name="password">xxxxxx</Set>
<Set name="keyPassword">xxxxxx</Set>
<Set name="truststore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set>
<Set name="trustPassword">OBF:xxxxx</Set>
<Set name="handshakeTimeout">2000</Set>
<!-- Set name="ThreadPool">
<New class="org.mortbay.thread.BoundedThreadPool">
<Set name="minThreads">10</Set>
<Set name="maxThreads">250</Set>
</New>
</Set -->
</New>
</Arg>
</Call>
<!-- Default SSL Connector for https port 443 -->
<Call name="addConnector">
<Arg>
<New class="org.mortbay.jetty.security.SslSocketConnector">
<Set name="Port">443</Set>
<Set name="maxIdleTime">30000</Set>
<Set name="handshakeTimeout">2000</Set>
<Set name="keystore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set>
<Set name="password">xxxxxx</Set>
<Set name="keyPassword">xxxxxx</Set>
<Set name="truststore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set>
<Set name="trustPassword">OBF:xxxxx</Set>
<Set name="handshakeTimeout">2000</Set>
<!-- Set name="ThreadPool">
<New class="org.mortbay.thread.BoundedThreadPool">
<Set name="minThreads">10</Set>
<Set name="maxThreads">250</Set>
</New>
</Set -->
</New>
</Arg>
</Call>
對於第2和第4個連接器,唯一真正的區別是端口號。 簡而言之,您可以為每個連接器/協議配置多個端口,但不能為同一端口配置多個協議/連接器。
更新 :截至Jetty-9.4.15.v20190215支持端口統一內置於Jetty; 看到這個答案 。
這是可能的,我們已經做到了。 這里的代碼適用於Jetty 8; 我沒有測試過Jetty 9,但這個答案有類似Jetty 9的代碼。
順便說一下,這被稱為端口統一 ,並且使用Grizzly顯然在Glassfish中得到了長期支持。
基本思想是生成org.eclipse.jetty.server.Connector的實現,它可以提前查看客戶端請求的第一個字節。 幸運的是,HTTP和HTTPS都讓客戶端開始通信。 對於HTTPS(通常為TLS / SSL),第一個字節為0x16 (TLS),或>= 0x80 (SSLv2)。 對於HTTP,第一個字節將是舊的可打印的7位ASCII。 現在,根據第一個字節, Connector將生成SSL連接或普通連接。
在這里的代碼中,我們利用Jetty的SslSelectChannelConnector本身擴展SelectChannelConnector ,並具有newPlainConnection()方法(調用其超類來生成非SSL連接)以及newConnection()方法(以生成SSL連接newConnection()這一newConnection() )。 所以我們的新Connector可以在觀察客戶端的第一個字節后擴展SslSelectChannelConnector並委托給其中一個方法。
不幸的是,我們需要在第一個字節可用之前創建一個AsyncConnection實例。 甚至可以在第一個字節可用之前調用該實例的某些方法。 因此,我們創建一個LazyConnection implements AsyncConnection ,它可以在以后確定它將委托給哪種連接,或者甚至在它知道之前返回一些方法的合理默認響應。
基於NIO,我們的Connector將使用SocketChannel 。 幸運的是,我們可以擴展SocketChannel來創建一個ReadAheadSocketChannelWrapper ,它委托給“真正的” SocketChannel但可以檢查和存儲客戶端消息的第一個字節。
一個非常hacky位。 我們的Connector必須覆蓋的方法之一是customize(Endpoint,Request) 。 如果我們最終得到一個基於SSL的Endpoint我們就可以傳遞給我們的超類; 否則超類將拋出ClassCastException ,但只有在傳遞給它的超類並在Request上設置方案之后。 所以我們傳遞給超類,但是當我們看到異常時撤消設置方案。
我們還重寫了isConfidential()和isIntegral()以確保我們的servlet可以正確使用HttpServletRequest.isSecure()來確定是否使用了HTTP或HTTPS。
嘗試從客戶端讀取第一個字節可能會拋出IOException ,但我們可能必須在不期望IOException的地方嘗試,在這種情況下,我們保留異常並稍后拋出它。
擴展SocketChannel在Java> = 7和Java 6中看起來不同。在后一種情況下,只需注釋掉Java 6 SocketChannel沒有的方法。
public class PortUnificationSelectChannelConnector extends SslSelectChannelConnector {
public PortUnificationSelectChannelConnector() {
super();
}
public PortUnificationSelectChannelConnector(SslContextFactory sslContextFactory) {
super(sslContextFactory);
}
@Override
protected SelectChannelEndPoint newEndPoint(SocketChannel channel, SelectSet selectSet, SelectionKey key) throws IOException {
return super.newEndPoint(new ReadAheadSocketChannelWrapper(channel, 1), selectSet, key);
}
@Override
protected AsyncConnection newConnection(SocketChannel channel, AsyncEndPoint endPoint) {
return new LazyConnection((ReadAheadSocketChannelWrapper)channel, endPoint);
}
@Override
public void customize(EndPoint endpoint, Request request) throws IOException {
String scheme = request.getScheme();
try {
super.customize(endpoint, request);
} catch (ClassCastException e) {
request.setScheme(scheme);
}
}
@Override
public boolean isConfidential(Request request) {
if (request.getAttribute("javax.servlet.request.cipher_suite") != null) return true;
else return isForwarded() && request.getScheme().equalsIgnoreCase(HttpSchemes.HTTPS);
}
@Override
public boolean isIntegral(Request request) {
return isConfidential(request);
}
class LazyConnection implements AsyncConnection {
private final ReadAheadSocketChannelWrapper channel;
private final AsyncEndPoint endPoint;
private final long timestamp;
private AsyncConnection connection;
public LazyConnection(ReadAheadSocketChannelWrapper channel, AsyncEndPoint endPoint) {
this.channel = channel;
this.endPoint = endPoint;
this.timestamp = System.currentTimeMillis();
this.connection = determineNewConnection(channel, endPoint, false);
}
public Connection handle() throws IOException {
if (connection == null) {
connection = determineNewConnection(channel, endPoint, false);
channel.throwPendingException();
}
if (connection != null) return connection.handle();
else return this;
}
public long getTimeStamp() {
return timestamp;
}
public void onInputShutdown() throws IOException {
if (connection == null) connection = determineNewConnection(channel, endPoint, true);
connection.onInputShutdown();
}
public boolean isIdle() {
if (connection == null) connection = determineNewConnection(channel, endPoint, false);
if (connection != null) return connection.isIdle();
else return false;
}
public boolean isSuspended() {
if (connection == null) connection = determineNewConnection(channel, endPoint, false);
if (connection != null) return connection.isSuspended();
else return false;
}
public void onClose() {
if (connection == null) connection = determineNewConnection(channel, endPoint, true);
connection.onClose();
}
public void onIdleExpired(long l) {
if (connection == null) connection = determineNewConnection(channel, endPoint, true);
connection.onIdleExpired(l);
}
AsyncConnection determineNewConnection(ReadAheadSocketChannelWrapper channel, AsyncEndPoint endPoint, boolean force) {
byte[] bytes = channel.getBytes();
if ((bytes == null || bytes.length == 0) && !force) return null;
if (looksLikeSsl(bytes)) {
return PortUnificationSelectChannelConnector.super.newConnection(channel, endPoint);
} else {
return PortUnificationSelectChannelConnector.super.newPlainConnection(channel, endPoint);
}
}
// TLS first byte is 0x16
// SSLv2 first byte is >= 0x80
// HTTP is guaranteed many bytes of ASCII
private boolean looksLikeSsl(byte[] bytes) {
if (bytes == null || bytes.length == 0) return false; // force HTTP
byte b = bytes[0];
return b >= 0x7F || (b < 0x20 && b != '\n' && b != '\r' && b != '\t');
}
}
static class ReadAheadSocketChannelWrapper extends SocketChannel {
private final SocketChannel channel;
private final ByteBuffer start;
private byte[] bytes;
private IOException pendingException;
private int leftToRead;
public ReadAheadSocketChannelWrapper(SocketChannel channel, int readAheadLength) throws IOException {
super(channel.provider());
this.channel = channel;
start = ByteBuffer.allocate(readAheadLength);
leftToRead = readAheadLength;
readAhead();
}
public synchronized void readAhead() throws IOException {
if (leftToRead > 0) {
int n = channel.read(start);
if (n == -1) {
leftToRead = -1;
} else {
leftToRead -= n;
}
if (leftToRead <= 0) {
start.flip();
bytes = new byte[start.remaining()];
start.get(bytes);
start.rewind();
}
}
}
public byte[] getBytes() {
if (pendingException == null) {
try {
readAhead();
} catch (IOException e) {
pendingException = e;
}
}
return bytes;
}
public void throwPendingException() throws IOException {
if (pendingException != null) {
IOException e = pendingException;
pendingException = null;
throw e;
}
}
private int readFromStart(ByteBuffer dst) throws IOException {
int sr = start.remaining();
int dr = dst.remaining();
if (dr == 0) return 0;
int n = Math.min(dr, sr);
dst.put(bytes, start.position(), n);
start.position(start.position() + n);
return n;
}
public synchronized int read(ByteBuffer dst) throws IOException {
throwPendingException();
readAhead();
if (leftToRead > 0) return 0;
int sr = start.remaining();
if (sr > 0) {
int n = readFromStart(dst);
if (n < sr) return n;
}
return sr + channel.read(dst);
}
public synchronized long read(ByteBuffer[] dsts, int offset, int length) throws IOException {
throwPendingException();
if (offset + length > dsts.length || length < 0 || offset < 0) {
throw new IndexOutOfBoundsException();
}
readAhead();
if (leftToRead > 0) return 0;
int sr = start.remaining();
int newOffset = offset;
if (sr > 0) {
int accum = 0;
for (; newOffset < offset + length; newOffset++) {
accum += readFromStart(dsts[newOffset]);
if (accum == sr) break;
}
if (accum < sr) return accum;
}
return sr + channel.read(dsts, newOffset, length - newOffset + offset);
}
public int hashCode() {
return channel.hashCode();
}
public boolean equals(Object obj) {
return channel.equals(obj);
}
public String toString() {
return channel.toString();
}
public Socket socket() {
return channel.socket();
}
public boolean isConnected() {
return channel.isConnected();
}
public boolean isConnectionPending() {
return channel.isConnectionPending();
}
public boolean connect(SocketAddress remote) throws IOException {
return channel.connect(remote);
}
public boolean finishConnect() throws IOException {
return channel.finishConnect();
}
public int write(ByteBuffer src) throws IOException {
return channel.write(src);
}
public long write(ByteBuffer[] srcs, int offset, int length) throws IOException {
return channel.write(srcs, offset, length);
}
@Override
protected void implCloseSelectableChannel() throws IOException {
channel.close();
}
@Override
protected void implConfigureBlocking(boolean block) throws IOException {
channel.configureBlocking(block);
}
// public SocketAddress getLocalAddress() throws IOException {
// return channel.getLocalAddress();
// }
//
// public <T> T getOption(java.net.SocketOption<T> name) throws IOException {
// return channel.getOption(name);
// }
//
// public Set<java.net.SocketOption<?>> supportedOptions() {
// return channel.supportedOptions();
// }
//
// public SocketChannel bind(SocketAddress local) throws IOException {
// return channel.bind(local);
// }
//
// public SocketAddress getRemoteAddress() throws IOException {
// return channel.getRemoteAddress();
// }
//
// public <T> SocketChannel setOption(java.net.SocketOption<T> name, T value) throws IOException {
// return channel.setOption(name, value);
// }
//
// public SocketChannel shutdownInput() throws IOException {
// return channel.shutdownInput();
// }
//
// public SocketChannel shutdownOutput() throws IOException {
// return channel.shutdownOutput();
// }
}
}
基於答案“是的我們可以”我構建了適用於當前碼頭9.3.11的代碼,我想有些人會感興趣。
import java.io.IOException;
import java.net.InetSocketAddress;
import java.nio.ByteBuffer;
import java.nio.channels.ReadPendingException;
import java.nio.channels.WritePendingException;
import org.eclipse.jetty.util.Callback;
import org.eclipse.jetty.io.Connection;
import org.eclipse.jetty.io.EndPoint;
public class MyReadAheadEndpoint implements EndPoint {
/** real endpoint we are wrapping */ private final EndPoint endPoint;
/** buffer used to read start bytes */ private final ByteBuffer start ;
/** how many N start bytes to read */ private int leftToRead;
/** first N bytes */ private final byte[] bytes ;
/** buffered exception to throw next */ private IOException pendingException = null;
@Override public InetSocketAddress getLocalAddress () { return endPoint.getLocalAddress(); }
@Override public InetSocketAddress getRemoteAddress () { return endPoint.getRemoteAddress(); }
@Override public boolean isOpen () { return endPoint.isOpen(); }
@Override public long getCreatedTimeStamp () { return endPoint.getCreatedTimeStamp(); }
@Override public boolean isOutputShutdown () { return endPoint.isOutputShutdown(); }
@Override public boolean isInputShutdown () { return endPoint.isInputShutdown(); }
@Override public void shutdownOutput () { endPoint.shutdownOutput(); }
@Override public void close () { endPoint.close(); }
@Override public Object getTransport () { return endPoint.getTransport(); }
@Override public long getIdleTimeout () { return endPoint.getIdleTimeout(); }
@Override public Connection getConnection () { return endPoint.getConnection(); }
@Override public void onOpen () { endPoint.onOpen(); }
@Override public void onClose () { endPoint.onClose(); }
@Override public boolean isOptimizedForDirectBuffers() { return endPoint.isOptimizedForDirectBuffers(); }
@Override public boolean isFillInterested () { return endPoint.isFillInterested(); }
@Override public boolean flush (final ByteBuffer... v) throws IOException { return endPoint.flush(v); }
@Override public void setIdleTimeout (final long v) { endPoint.setIdleTimeout(v); }
@Override public void write (final Callback v, final ByteBuffer... b) throws WritePendingException { endPoint.write(v, b); }
@Override public void setConnection (final Connection v) { endPoint.setConnection(v); }
@Override public void upgrade (final Connection v) { endPoint.upgrade(v); }
@Override public void fillInterested (final Callback v) throws ReadPendingException { endPoint.fillInterested(v); }
@Override public int hashCode() { return endPoint.hashCode(); }
@Override public boolean equals(final Object obj) { return endPoint.equals(obj); }
@Override public String toString() { return endPoint.toString(); }
public byte[] getBytes() { if (pendingException == null) { try { readAhead(); } catch (final IOException e) { pendingException = e; } } return bytes; }
private void throwPendingException() throws IOException { if (pendingException != null) { final IOException e = pendingException; pendingException = null; throw e; } }
public MyReadAheadEndpoint(final EndPoint channel, final int readAheadLength){
this.endPoint = channel;
start = ByteBuffer.wrap(bytes = new byte[readAheadLength]);
start.flip();
leftToRead = readAheadLength;
}
private synchronized void readAhead() throws IOException {
if (leftToRead > 0) {
final int n = endPoint.fill(start);
if (n == -1) { leftToRead = -1; }
else { leftToRead -= n; }
if (leftToRead <= 0) start.rewind();
}
}
private int readFromStart(final ByteBuffer dst) throws IOException {
final int n = Math.min(dst.remaining(), start.remaining());
if (n > 0) {
dst.put(bytes, start.position(), n);
start.position(start.position() + n);
dst.flip();
}
return n;
}
@Override public synchronized int fill(final ByteBuffer dst) throws IOException {
throwPendingException();
if (leftToRead > 0) readAhead();
if (leftToRead > 0) return 0;
final int sr = start.remaining();
if (sr > 0) {
dst.compact();
final int n = readFromStart(dst);
if (n < sr) return n;
}
return sr + endPoint.fill(dst);
}
}
import org.eclipse.jetty.io.Connection;
import org.eclipse.jetty.io.EndPoint;
import org.eclipse.jetty.io.ssl.SslConnection;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.AbstractConnectionFactory;
import org.eclipse.jetty.http.HttpVersion;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.annotation.Name;
public class MySslConnectionFactory extends AbstractConnectionFactory {
private final SslContextFactory _sslContextFactory;
private final String _nextProtocol;
public MySslConnectionFactory() { this(HttpVersion.HTTP_1_1.asString()); }
public MySslConnectionFactory(@Name("next") final String nextProtocol) { this((SslContextFactory)null, nextProtocol); }
public MySslConnectionFactory(@Name("sslContextFactory") final SslContextFactory factory, @Name("next") final String nextProtocol) {
super("SSL");
this._sslContextFactory = factory == null?new SslContextFactory():factory;
this._nextProtocol = nextProtocol;
this.addBean(this._sslContextFactory);
}
public SslContextFactory getSslContextFactory() { return this._sslContextFactory; }
@Override protected void doStart() throws Exception {
super.doStart();
final SSLEngine engine = this._sslContextFactory.newSSLEngine();
engine.setUseClientMode(false);
final SSLSession session = engine.getSession();
if(session.getPacketBufferSize() > this.getInputBufferSize()) this.setInputBufferSize(session.getPacketBufferSize());
}
@Override public Connection newConnection(final Connector connector, final EndPoint realEndPoint) {
final MyReadAheadEndpoint aheadEndpoint = new MyReadAheadEndpoint(realEndPoint, 1);
final byte[] bytes = aheadEndpoint.getBytes();
final boolean isSSL;
if (bytes == null || bytes.length == 0) {
System.out.println("NO-Data in newConnection : "+aheadEndpoint.getRemoteAddress());
isSSL = true;
} else {
final byte b = bytes[0]; // TLS first byte is 0x16 , SSLv2 first byte is >= 0x80 , HTTP is guaranteed many bytes of ASCII
isSSL = b >= 0x7F || (b < 0x20 && b != '\n' && b != '\r' && b != '\t');
if(!isSSL) System.out.println("newConnection["+isSSL+"] : "+aheadEndpoint.getRemoteAddress());
}
final EndPoint plainEndpoint;
final SslConnection sslConnection;
if (isSSL) {
final SSLEngine engine = this._sslContextFactory.newSSLEngine(aheadEndpoint.getRemoteAddress());
engine.setUseClientMode(false);
sslConnection = this.newSslConnection(connector, aheadEndpoint, engine);
sslConnection.setRenegotiationAllowed(this._sslContextFactory.isRenegotiationAllowed());
this.configure(sslConnection, connector, aheadEndpoint);
plainEndpoint = sslConnection.getDecryptedEndPoint();
} else {
sslConnection = null;
plainEndpoint = aheadEndpoint;
}
final ConnectionFactory next = connector.getConnectionFactory(_nextProtocol);
final Connection connection = next.newConnection(connector, plainEndpoint);
plainEndpoint.setConnection(connection);
return sslConnection == null ? connection : sslConnection;
}
protected SslConnection newSslConnection(final Connector connector, final EndPoint endPoint, final SSLEngine engine) {
return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine);
}
@Override public String toString() {
return String.format("%s@%x{%s->%s}", new Object[]{this.getClass().getSimpleName(), Integer.valueOf(this.hashCode()), this.getProtocol(), this._nextProtocol});
}
}
您可以通過編寫自定義Jetty ConnectionFactory來實現此目的。 我建議首先復制和修改SslConnectionFactory和SslConnection的代碼。 您需要檢查連接的前幾個字節(根據需要進行緩沖)以查找SSL客戶端Hello。 使用SSLv2 Hello,您可以通過兩個長度字節識別,然后是0x01,后跟版本字節。 SSLv3 Hello以0x16開頭,后跟版本字節。 版本字節序列對於SSL 3.0為0x03 0x00,對於SSL 2.0為0x02 0x00,對於TLS 1.0為0x03 0x01,對於TLS 1.1為0x03 0x02,對於TLS 1.2為0x03 0x03。 有效的HTTP流量不應該以這些字節序列開頭。 ( 這個答案有更多細節。)如果是SSL,則將其傳遞給SSLEngine; 如果沒有,請將其直接傳遞給下一個協議連接器。
截至Jetty-9.4.15.v20190215,端口統一的支持通過類OptionalSslConnectionFactory構建到Jetty中。
這是一個示例類,在運行時,將啟動一個偵聽單個端口8000的服務器,並將響應HTTP或HTTPS。 (這是基於此處單獨的HTTP和HTTPS連接器的Jetty示例代碼。)
import java.io.*;
import javax.servlet.http.*;
import org.eclipse.jetty.http.HttpVersion;
import org.eclipse.jetty.server.*;
import org.eclipse.jetty.server.handler.AbstractHandler;
import org.eclipse.jetty.util.ssl.SslContextFactory;
public class Jetty9PortUnification {
public static void main(String[] args) throws Exception {
// Use example keystore and keys from Jetty distribution
String keystorePath = "jetty-distribution/demo-base/etc/keystore";
File keystoreFile = new File(keystorePath);
if (!keystoreFile.exists()) {
throw new FileNotFoundException(keystoreFile.getAbsolutePath());
}
Server server = new Server();
HttpConfiguration httpConfig = new HttpConfiguration();
httpConfig.setSecureScheme("https");
httpConfig.setSecurePort(8000);
SecureRequestCustomizer src = new SecureRequestCustomizer();
httpConfig.addCustomizer(src);
HttpConnectionFactory httpConnectionFactory = new HttpConnectionFactory(httpConfig);
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath(keystoreFile.getAbsolutePath());
sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
SslConnectionFactory sslConnectionFactory = new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString());
ServerConnector portUnified = new ServerConnector(server,
new OptionalSslConnectionFactory(sslConnectionFactory, HttpVersion.HTTP_1_1.asString()),
sslConnectionFactory,
httpConnectionFactory);
portUnified.setPort(8000);
server.addConnector(portUnified);
server.setHandler(new AbstractHandler() {
@Override
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException {
response.setContentType("text/plain");
response.getWriter().println("Hello");
baseRequest.setHandled(true);
}
});
server.start();
server.join();
}
}
要運行它,你需要javax.servlet-api-3.1.0.jar , jetty-server-9.4.15.v20190215.jar , jetty-util-9.4.15.v20190215.jar , jetty-http-9.4.15.v20190215.jar和jetty-io-9.4.15.v20190215.jar 。
即使將Jetty排除在外,這實際上也是不可能的,因為服務器必須檢測傳入連接是HTTP還是SSL / TLS。 TLS協議不是為支持這種用法而設計的,因此任何實現都是黑客攻擊(我找不到任何實現)。
確實存在一個SSL-SSH多路復用器 ,它可以區分傳入連接是TLS還是SSH,而OpenVPN具有“端口共享”功能,它可以將非OpenVPN連接代理到另一個端口。
一種可能的方法是使用匹配數據包內的字符串的iptables規則。 HTTP請求的第一個數據包應包含“HTTP /”,而TLS ClientHello數據包則不包含。 然后可以將連接重定向到不使用TLS的其他端口。 請注意,由於在整個數據包中進行字符串搜索,這會產生額外的開銷,這是一個非常糟糕的解決方案。
iptables --table nat --append PREROUTING --protocol tcp --dport 10433 --match string --string "HTTP/" --REDIRECT 1080
在與 Jetty 相同的端口上將 HTTP 重定向到 HTTPS — 識別 http 與 Z5E0561Z1050A1C4BADEA77
[英]Redirect HTTP to HTTPS on the same port with Jetty — identifying http vs. https from the Request
碼頭:如何從請求中獲取無緩沖的InputStream或Reader(通過HTTP“流”事件)?
[英]Jetty: how do I get unbuffered InputStream or Reader from request (to “stream” events over HTTP)?
如何從jetty服務器中的java servlet發送大(超過64k)http響應?
[英]How do I send large (over 64k) http responses from a java servlet in a jetty server?
如何通過除443以外的其他端口通過HTTPS使用嵌入式Jetty?
[英]How to user embedded Jetty with HTTPS over port other than 443?
tomcat如何為區域設置請求提供Http服務,為遠程請求提供https
[英]tomcat how to serve Http for locale requests, https for remote requests
如何在運行時從Java代碼獲取server.xml中已配置的HTTP和HTTPS端口號
[英]How to get the configured HTTP and HTTPS port numbers in server.xml from Java code at runtime
如何驗證 URL,例如 Java 中的“http://mylocalhost:port”?
[英]How do I validate a URL such as "http://mylocalhost:port "in Java?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.