【发布时间】:2012-10-30 09:41:14
【问题描述】:
我在我的 Apache Tomcat 7 Web 服务器上启用了端口 8443 的连接器。但是,当我尝试访问已部署的应用程序 (https://myserver:8443/myapplication/) 或 8443 上的 tomcat 管理器时,该页面无法解析。我想知道我是否错过了一步? Tomcat 启动时没有任何错误或警告。以下是我所做的更改:
在我的防火墙上允许端口 8443 并取消注释 server.xml 中的 8443 连接器:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/var/lib/tomcat7/localhost.jks"
keystorePass="mypassword" keyAlias="localhost" />
我在 catalina.sh 中添加了以下内容:
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=/var/lib/tomcat7/localhost.jks -Djavax.net.ssl.keyStore=/var/lib/tomcat7/localhost.jks -Djavax.net .ssl.keyStorePassword=mypassword -Djavax.net.ssl.trustStorePassword=mypassword"
最后,我重启了Tomcat:
Nov 9, 2012 10:51:44 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-8080"]
Nov 9, 2012 10:51:44 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-8443"]
Nov 9, 2012 10:51:44 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 574 ms
Nov 9, 2012 10:51:44 PM org.apache.catalina.core.StandardService startInternal
INFO: Starting service Catalina
Nov 9, 2012 10:51:44 PM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.26
Nov 9, 2012 10:51:44 PM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive /var/lib/tomcat7/webapps/myapplication.war
Nov 9, 2012 10:51:45 PM org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring root WebApplicationContext
Configuring Spring Security Core ...
... finished configuring Spring Security Core
Nov 9, 2012 10:51:57 PM org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring FrameworkServlet 'grails'
Nov 9, 2012 10:51:57 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory /var/lib/tomcat7/webapps/ROOT
Nov 9, 2012 10:51:57 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8080"]
Nov 9, 2012 10:51:57 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8443"]
Nov 9, 2012 10:51:57 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 13439 ms
如您所见,它为 8443 启动了 ProtocolHandler。
我是否需要将证书的别名更改为真实的服务器名称而不是 localhost?这是我唯一能想到的。有没有人有其他想法?
这是 8443 端口的 nmap:
$nmap -p 8443 localhost
Starting Nmap 5.21 ( http://nmap.org ) at 2012-11-10 02:47 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000091s latency).
rDNS record for 127.0.0.1: localhost.localdomain
PORT STATE SERVICE
8443/tcp open https-alt
Nmap done: 1 IP address (1 host up) scanned in 0.06 seconds
谢谢!
将 Djavax.net.debug=all 添加到 catalina.sh 后的 Catalina.out:
...
Nov 11, 2012 4:24:36 PM org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring FrameworkServlet 'grails'
Nov 11, 2012 4:24:36 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory /var/lib/tomcat7/webapps/ROOT
Nov 11, 2012 4:24:37 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8080"]
Nov 11, 2012 4:24:37 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8443"]
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
http-bio-8443-Acceptor-0, called closeSocket()
Nov 11, 2012 4:24:37 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 13399 ms
【问题讨论】:
-
443端口也是开放的,是不是需要映射到8443?
-
如果在启动时不包含 -Djavax.net* 参数会怎样?
-
我尝试从 catalina.sh 中删除所有 -Djavax.net* 参数,但我看到了完全相同的行为。
-
好的。我不认为本地主机应该是一个问题。我假设非 SSL 正在工作。要调试,您可以尝试
-Djavax.net.debug=all -
我添加了 Djavax.net.debug=all 并且除了显示很多证书信息之外,我没有看到任何异常。我已经在原始帖子中发布了我认为是 catalina.out 的相关部分。你能看到什么吗?