Window 10让tomcat 9在https上工作

问题描述 投票:0回答:1

我的目标是使用javascript webkitGetUserMedia访问网络摄像头并在我的LAN网络上使用Java WebSocket。我将apache-tomcat-9.0.20与apache-maven-3.6.3和eclipse ide一起使用。我可以正常访问网络上的http。但是,使用https只能访问服务器本身。我尝试关闭防火墙,将默认主机名更改为服务器计算机名。但没有任何效果。请记住,网络摄像头需要使用https,并且仅通过将jsp更改为php就能通过apache服务在我的网络中使用我的代码,所以我真的怀疑这是防火墙问题。

<?xml version="1.0" encoding="UTF-8"?>
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
--><!-- Note:  A "Server" is not itself a "Container", so you may not
     define subcomponents such as "Valves" at this level.
     Documentation at /docs/config/server.html
 --><Server port="8005" shutdown="SHUTDOWN">
  <Listener className="org.apache.catalina.startup.VersionLoggerListener"/>
  <!-- Security listener. Documentation at /docs/config/listeners.html
  <Listener className="org.apache.catalina.security.SecurityListener" />
  -->
  <!--APR library loader. Documentation at /docs/apr.html -->
  <Listener SSLEngine="on" className="org.apache.catalina.core.AprLifecycleListener"/>
  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>

  <!-- Global JNDI resources
       Documentation at /docs/jndi-resources-howto.html
  -->
  <GlobalNamingResources>
    <!-- Editable user database that can also be used by
         UserDatabaseRealm to authenticate users
    -->
    <Resource auth="Container" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" name="UserDatabase" pathname="conf/tomcat-users.xml" type="org.apache.catalina.UserDatabase"/>
  </GlobalNamingResources>

  <!-- A "Service" is a collection of one or more "Connectors" that share
       a single "Container" Note:  A "Service" is not itself a "Container",
       so you may not define subcomponents such as "Valves" at this level.
       Documentation at /docs/config/service.html
   -->
  <Service name="Catalina">

    <!--The connectors can use a shared executor, you can define one or more named thread pools-->
    <!--
    <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
        maxThreads="150" minSpareThreads="4"/>
    -->


    <!-- A "Connector" represents an endpoint by which requests are received
         and responses are returned. Documentation at :
         Java HTTP Connector: /docs/config/http.html
         Java AJP  Connector: /docs/config/ajp.html
         APR (HTTP/AJP) Connector: /docs/apr.html
         Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
    -->
    <Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>
    <!-- A "Connector" using the shared thread pool-->
  
    <Connector connectionTimeout="20000" executor="tomcatThreadPool" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>
  
    <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
         This connector uses the NIO implementation. The default
         SSLImplementation will depend on the presence of the APR/native
         library and the useOpenSSL attribute of the
         AprLifecycleListener.
         Either JSSE or OpenSSL style configuration may be used regardless of
         the SSLImplementation selected. JSSE style configuration is used below.
    -->
  
    <Connector SSLEnabled="true" maxThreads="150" port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol">
    </Connector>

    <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
         This connector uses the APR/native implementation which always uses
         OpenSSL for TLS.
         Either JSSE or OpenSSL style configuration may be used. OpenSSL style
         configuration is used below.
    -->
   
    <Connector SSLEnabled="true" maxThreads="150" port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol">
        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"/>
        <SSLHostConfig>
            <Certificate certificateChainFile="C:\Users\spjpi\Desktop\localhost.pkipath" certificateFile="C:\Users\spjpi\Desktop\localhost.cer" certificateKeyFile="C:\Users\spjpi\Desktop\localhost.pem" type="RSA"/>
        </SSLHostConfig>
    </Connector>
  

    <!-- Define an AJP 1.3 Connector on port 8009 -->
    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>


    <!-- An Engine represents the entry point (within Catalina) that processes
         every request.  The Engine implementation for Tomcat stand alone
         analyzes the HTTP headers included with the request, and passes them
         on to the appropriate Host (virtual host).
         Documentation at /docs/config/engine.html -->

    <!-- You should set jvmRoute to support load-balancing via AJP ie :
    <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
    -->
    <Engine defaultHost="localhost" name="Catalina">

      <!--For clustering, please take a look at documentation at:
          /docs/cluster-howto.html  (simple how to)
          /docs/config/cluster.html (reference documentation) -->
      <!--
      <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
      -->

      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
           via a brute-force attack -->
      <Realm className="org.apache.catalina.realm.LockOutRealm">
        <!-- This Realm uses the UserDatabase configured in the global JNDI
             resources under the key "UserDatabase".  Any edits
             that are performed against this UserDatabase are immediately
             available for use by the Realm.  -->
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
      </Realm>

      <Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true">
        <!-- SingleSignOn valve, share authentication between web applications
             Documentation at: /docs/config/valve.html -->
        <!--
        <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
        -->

        <!-- Access log processes all example.
             Documentation at: /docs/config/valve.html
             Note: The pattern used is equivalent to using pattern="common" -->
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" pattern="%h %l %u %t &quot;%r&quot; %s %b" prefix="localhost_access_log" suffix=".txt"/>

      <Context docBase="camera" path="/camera" reloadable="true" source="org.eclipse.jst.j2ee.server:camera"/></Host>
    </Engine>
  </Service>
</Server>
java eclipse tomcat9
1个回答
0
投票

首先,在示例配置中,您要多次注册相同的端口(2x8080和2x8443),因此您的服务器将在控制台中引发错误。

确保每个端口仅注册一个连接器。换句话说,您将得到这样的证据:

[2020年2月27日01:56:22.744信息[主] org.apache.coyote.AbstractProtocol.init初始化ProtocolHandler [“ http-nio-8080”]2020年2月27日01:56:22.783信息[主] org.apache.coyote.AbstractProtocol.init初始化ProtocolHandler [“ http-nio-8080”]2020年2月27日01:56:22.795严重[main] org.apache.catalina.util.LifecycleBase.handleSubClassException无法初始化组件[Connector [HTTP / 1.1-8080]]org.apache.catalina.LifecycleException:协议处理程序初始化失败在org.apache.catalina.connector.Connector.initInternal(Connector.java:983)在org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)在org.apache.catalina.core.StandardService.initInternal(StandardService.java:533)在org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)在org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1059)在org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)在org.apache.catalina.startup.Catalina.load(Catalina.java:584)在org.apache.catalina.startup.Catalina.start(Catalina.java:621)在sun.reflect.NativeMethodAccessorImpl.invoke0(本机方法)处在sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)在sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)在java.lang.reflect.Method.invoke(Method.java:498)在org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:344)在org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)引起原因:java.net.BindException:地址已在使用中在sun.nio.ch.Net.bind0(本机方法)在sun.nio.ch.Net.bind(Net.java:433)在sun.nio.ch.Net.bind(Net.java:425)在sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:223)在sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:74)在org.apache.tomcat.util.net.NioEndpoint.initServerSocket(NioEndpoint.java:248)在org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:222)在org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1119)在org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1132)在org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:557)在org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74)在org.apache.catalina.connector.Connector.initInternal(Connector.java:980)... 13更多

因此,您应该为端口8080选择以下配置之一:

<!-- A "Connector" represents an endpoint by which requests are received
     and responses are returned. Documentation at :
     Java HTTP Connector: /docs/config/http.html
     Java AJP  Connector: /docs/config/ajp.html
     APR (HTTP/AJP) Connector: /docs/apr.html
     Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
-->
<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>
<!-- A "Connector" using the shared thread pool-->

<!--<Connector connectionTimeout="20000" executor="tomcatThreadPool" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>-->

或使用共享线程池:

<!-- A "Connector" represents an endpoint by which requests are received
     and responses are returned. Documentation at :
     Java HTTP Connector: /docs/config/http.html
     Java AJP  Connector: /docs/config/ajp.html
     APR (HTTP/AJP) Connector: /docs/apr.html
     Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
-->
<!--<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>-->
<!-- A "Connector" using the shared thread pool-->

<Connector connectionTimeout="20000" executor="tomcatThreadPool" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>

类似情况,使用SSL端口8443:

    <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 This connector uses 
        the NIO implementation. The default SSLImplementation will depend on the 
        presence of the APR/native library and the useOpenSSL attribute of the AprLifecycleListener. 
        Either JSSE or OpenSSL style configuration may be used regardless of the 
        SSLImplementation selected. JSSE style configuration is used below. -->

    <Connector SSLEnabled="true" maxThreads="150" port="8443"
        protocol="org.apache.coyote.http11.Http11NioProtocol">
        <SSLHostConfig>
            <Certificate
                certificateChainFile="C:\Users\spjpi\Desktop\localhost.pkipath"
                certificateFile="C:\Users\spjpi\Desktop\localhost.cer"
                certificateKeyFile="C:\Users\spjpi\Desktop\localhost.pem"
                type="RSA" />
        </SSLHostConfig>
    </Connector>

    <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2 This 
        connector uses the APR/native implementation which always uses OpenSSL for 
        TLS. Either JSSE or OpenSSL style configuration may be used. OpenSSL style 
        configuration is used below. -->

    <!--<Connector SSLEnabled="true" maxThreads="150" port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol">
        <UpgradeProtocol
            className="org.apache.coyote.http2.Http2Protocol" />
        <SSLHostConfig>
            <Certificate
                certificateChainFile="C:\Users\spjpi\Desktop\localhost.pkipath"
                certificateFile="C:\Users\spjpi\Desktop\localhost.cer"
                certificateKeyFile="C:\Users\spjpi\Desktop\localhost.pem"
                type="RSA" />
        </SSLHostConfig>
    </Connector>-->

使用Http / 2协议:

    <!--<Connector SSLEnabled="true" maxThreads="150" port="8443"
        protocol="org.apache.coyote.http11.Http11NioProtocol">
        <SSLHostConfig>
            <Certificate
                certificateChainFile="C:\Users\spjpi\Desktop\localhost.pkipath"
                certificateFile="C:\Users\spjpi\Desktop\localhost.cer"
                certificateKeyFile="C:\Users\spjpi\Desktop\localhost.pem"
                type="RSA" />
        </SSLHostConfig>
    </Connector>-->

    <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2 This 
        connector uses the APR/native implementation which always uses OpenSSL for 
        TLS. Either JSSE or OpenSSL style configuration may be used. OpenSSL style 
        configuration is used below. -->

    <Connector SSLEnabled="true" maxThreads="150" port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol">
        <UpgradeProtocol
            className="org.apache.coyote.http2.Http2Protocol" />
        <SSLHostConfig>
            <Certificate
                certificateChainFile="C:\Users\spjpi\Desktop\localhost.pkipath"
                certificateFile="C:\Users\spjpi\Desktop\localhost.cer"
                certificateKeyFile="C:\Users\spjpi\Desktop\localhost.pem"
                type="RSA" />
        </SSLHostConfig>
    </Connector>

有效的示例配置可能是:

<?xml version="1.0" encoding="UTF-8"?>
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-->
<Server port="8005" shutdown="SHUTDOWN">
  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
  <!--APR library loader. Documentation at /docs/apr.html -->
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

  <GlobalNamingResources>
    <!-- Editable user database that can also be used by
         UserDatabaseRealm to authenticate users
    -->
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>

  <Service name="Catalina">

    <!--The connectors can use a shared executor, you can define one or more named thread pools-->
    <!--
    <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
        maxThreads="150" minSpareThreads="4"/>
    -->

    <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true">
        <SSLHostConfig>
            <Certificate certificateKeystoreFile="/Users/ccarrera/Desarrollo/keystore/keystore-dev.jks"
              certificateKeyAlias="localhost" certificateKeystorePassword="localhost"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>

    <!-- Define an AJP 1.3 Connector on port 8009 -->
    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

    <Engine name="Catalina" defaultHost="localhost">

      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
           via a brute-force attack -->
      <Realm className="org.apache.catalina.realm.LockOutRealm">
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
               resourceName="UserDatabase"/>
      </Realm>

      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />
      </Host>
    </Engine>
  </Service>
</Server>

如果一切都配置正确,请启动服务器,您将在日志中看到类似以下内容的内容:

2020年2月27日02:15:14.234信息[主要]org.apache.coyote.AbstractProtocol.init初始化ProtocolHandler[“ http-nio-8080”] 2020年2月27日02:15:14.268 INFO [main]org.apache.coyote.AbstractProtocol.init初始化ProtocolHandler[“ https-jsse-nio-8443”] 2020年2月27日02:15:14.473信息[主要]org.apache.coyote.AbstractProtocol.init初始化ProtocolHandler[“ ajp-nio-8009”] 2020年2月27日02:15:14.475信息[主要]org.apache.catalina.startup.Catalina.load服务器初始化[828]毫秒,2020年2月27日02:15:14.500 INFO [main]org.apache.catalina.core.StandardService.start内部启动服务[Catalina] 2020年2月27日02:15:14.500 INFO [主要]org.apache.catalina.core.StandardEngine.start内部启动Servlet引擎:[Apache Tomcat / 9.0.20]

....

2020年2月27日02:15:15.144信息[主要]org.apache.coyote.AbstractProtocol.start启动ProtocolHandler[“ http-nio-8080”] 2020年2月27日02:15:15.158 INFO [main]org.apache.coyote.AbstractProtocol.start启动ProtocolHandler[“ https-jsse-nio-8443”] 2020年2月27日02:15:15.164 INFO [main]org.apache.coyote.AbstractProtocol.start启动ProtocolHandler[“ ajp-nio-8009”] 2020年2月27日02:15:15.166信息[主要]org.apache.catalina.startup.Catalina.start [690]中的服务器启动毫秒

之后,从浏览器或命令行(使用curl,wget等)在本地测试服务器:

  1. https://localhost:8443/

  2. https://127.0.0.1:8443/

  3. https://YOUR_IP:8443/(其中YOUR_IP是您的服务器IP,例如192.168.0.1)

[如果您的证书是自签名证书(供开发使用)或未由受信任的权威机构签名,则您将在浏览器中收到如下错误:“您的连接不是私有的”(例如ERR_CERT_AUTHORITY_INVALID)。因此,您需要将证书放入受信任的证书存储区,接受并接受不安全的证书,或者使用由受信任的权威机构签名的生产就绪证书(有关此信息的更多信息:solve invalid SSL/TLS issue)。

请记住,默认情况下,tomcat连接器将侦听所有本地服务器地址。

供您参考,如果您想限制绑定的IP地址,则连接器具有一个您可以使用IP指定的“地址”属性。

从Tomcat参考:docs

地址

对于具有多个IP地址的服务器,此属性指定哪个地址将用于侦听指定端口。通过默认情况下,连接器将侦听所有本地地址。除非JVM使用系统属性(基于Java)配置连接器(NIO,NIO2)将同时监听IPv4和IPv6地址配置为0.0.0.0或::时。 APR /本地连接器如果配置了0.0.0.0,它将仅侦听IPv4地址,并且将侦听IPv6地址(根据需要侦听IPv4地址,具体取决于ipv6onlyv6的设置)(如果使用::。进行配置)

如果您无法通过提供的此URL在本地访问服务器,请提供日志和错误消息。

否则,如果您可以在本地成功访问所有这些URL,请从远程主机尝试:

  1. 检查服务器IP是否可从远程终端访问(例如ping)
  2. 尝试在浏览器中访问https://YOUR_IP:8443/(和http://YOUR_IP:8080/
  3. 如果收到错误消息“您的连接不是私有的,请按以查看更多详细信息并接受处理不安全
  4. 。在这种情况下,如前所述,请检查您的证书有效/未过期,并且授权位于您的受信任证书中。
  5. 如果遇到其他类型的错误,请检查您的服务器和远程客户端/电脑是否禁用了防火墙规则(双方),并使用telnet检查远程端口访问。
  6. 检查您的/ etc / hosts和iptables配置。
  7. 如果问题仍然存在,请提供更多信息。
  8. 希望有帮助,

© www.soinside.com 2019 - 2024. All rights reserved.