我正在使用 WildFly25,并让它以默认设置运行。
服务器控制台
WildFly Full 25.0.0.Final (WildFly Core 17.0.1.Final) started in 3938ms - Started 308 of 547 services (338 services are lazy, passive or on-demand)
Http management interface listening on http://127.0.0.1:9990/management
Admin console listening on http://127.0.0.1:9990
我想更新配置,因此它在 https 上使用 SSL/TLS 运行。
因此,我按照 WildFly 文档 使用 WildFly CLI 对其进行配置(建议使用 CLI,而不是手动编辑 XML,因为出错的可能性较小)。
配置
通过 CLI 连接:
/home/jboss/wildfly/wildfly-25.0.0.Final/bin ./jboss-cli.sh
connect
我有一个密钥库(
mykeystore.jks
)。然后我将密钥库添加到 WildFly 配置中:
/subsystem=elytron/key-store=httpsKS:add(path=/home/jboss/wildfly/wildfly-25.0.0.Final/standalone/configuration/mykeystore.jks,credential-reference={clear-text=password},type=JKS)
/subsystem=elytron/key-manager=httpsKM:add(key-store=httpsKS,credential-reference={clear-text=password})
/subsystem=elytron/server-ssl-context=httpsSSC:add(key-manager=httpsKM,protocols=["TLSv1.2"])
当我检查
security-realm
时:
/subsystem=undertow/server=default-server/https-listener=https:read-attribute(name=security-realm)
{
"outcome" => "success",
"result" => undefined
}
这在 standalone.xml 中可见:
<tls>
<key-stores>
<key-store name="applicationKS">
<credential-reference clear-text="password"/>
<implementation type="JKS"/>
<file path="application.keystore" relative-to="jboss.server.config.dir"/>
</key-store>
<key-store name="httpsKS">
<credential-reference clear-text="password"/>
<implementation type="JKS"/>
<file path="/home/jboss/wildfly/wildfly-25.0.0.Final/standalone/configuration/mykeystore.jks"/>
</key-store>
</key-stores>
<key-managers>
<key-manager name="applicationKM" key-store="applicationKS" generate-self-signed-certificate-host="localhost">
<credential-reference clear-text="password"/>
</key-manager>
<key-manager name="httpsKM" key-store="httpsKS">
<credential-reference clear-text="password"/>
</key-manager>
</key-managers>
<server-ssl-contexts>
<server-ssl-context name="applicationSSC" key-manager="applicationKM"/>
<server-ssl-context name="httpsSSC" protocols="TLSv1.2" key-manager="httpsKM"/>
</server-ssl-contexts>
</tls>
但我在 xml 中没有看到任何
<security-realm>
:
<security-realms>
<identity-realm name="local" identity="$local"/>
<properties-realm name="ApplicationRealm">
<users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/>
<groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
</properties-realm>
<properties-realm name="ManagementRealm">
<users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm"/>
<groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
</properties-realm>
</security-realms>
由于
security-realm
是 undefined
(任何更改之前和之后),我运行以下命令(来自 WildFly 文档),但没有任何影响。 (这看起来像是将 security-realm
设置为 undefined
,因此它不应该对已经的 undefined
security-realm
有任何影响)。
batch
/subsystem=undertow/server=default-server/https-listener=https:undefine-attribute(name=security-realm)
/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=ssl-context,value=httpsSSC)
run-batch
reload
问题
我错过了什么?遵循 WildFly 文档后,我希望得到以下内容(即服务器在
https
和端口 9993
上侦听管理控制台):
服务器控制台
WildFly Full 25.0.0.Final (WildFly Core 17.0.1.Final) started in 3938ms - Started 308 of 547 services (338 services are lazy, passive or on-demand)
Http management interface listening on https://127.0.0.1:9993/management
Admin console listening on https://127.0.0.1:9993
更多信息
[standalone@localhost:9990 /] /core-service=management/management-interface=http-interface:write-attribute(name=secure-socket-binding, value=management-https)
{
"outcome" => "failed",
"failure-description" => "WFLYSRV0259: If attribute secure-socket-binding is defined ssl-context must also be defined",
"rolled-back" => true
}
当我运行它时,它开始工作:
/core-service=management/management-interface=http-interface:write-attribute(name=ssl-context,value=httpsSSC)
reload
/core-service=management/management-interface=http-interface:write-attribute(name=secure-socket-binding, value=management-https)
reload
控制台输出:
09:25:59,234 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0062: Http management interface listening on http://127.0.0.1:9990/management and https://127.0.0.1:9993/management
09:25:59,234 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0053: Admin console listening on http://127.0.0.1:9990 and https://127.0.0.1:9993
你是一个救星。 core-service 命令也对我有用。