I have a web-service endpoint and a http connector on port X. At some point this endpoint needs to switch to https, but on the same port! (I know this is not the normal way of doing things, but this is what my clients expect from an old server they are using...)
我在端口X上有一个Web服务端点和一个http连接器。在某些时候,此端点需要切换到https,但在同一端口上! (我知道这不是正常的做事方式,但这是我的客户对他们正在使用的旧服务器的期望...)
Is there a way to do it in tomcat?
有没有办法在tomcat中做到这一点?
4 个解决方案
#1
5
This is not possible with Tomcat.The HTTPS connector will accept SSL connection only.
Tomcat无法做到这一点.HTTP连接器仅接受SSL连接。
We have such a proxy developed in house. It's not that hard to do. You just need to check the first incoming packet. Looking for the pattern of SSL handshake. We only look for CLIENT_HELLO. Once you figure out the protocol, you can forward the request accordingly.
我们在内部开发了这样的代理。这并不难。您只需要检查第一个传入的数据包。寻找SSL握手的模式。我们只寻找CLIENT_HELLO。一旦找出协议,就可以相应地转发请求。
This is really ugly. You shouldn't do it if all possible. We have to do it because the legacy clients do this and it's impossible to upgrade them all.
这真的很难看。如果可能的话,你不应该这样做。我们必须这样做,因为传统客户端执行此操作并且无法全部升级它们。
#2
0
There is such a thing as HTTPS upgrade, whereby a plaintext HTTP connection is upgraded to HTTP by mutual agreement after it has been formed. Is that what you mean? If so, Tomcat doesn't seem to support it out of the box, and neither does Java out of the box either. You can probably write yourself a Tomcat Connector that will do it; on the client end you have a more interesting problem ;-)
存在HTTPS升级这样的事情,即明文HTTP连接在形成之后通过相互协商升级到HTTP。你是这个意思吗?如果是这样,Tomcat似乎不支持开箱即用,Java也没有开箱即用。您可以自己编写一个可以执行此操作的Tomcat连接器;在客户端你有一个更有趣的问题;-)
But I would ask why? Ports aren't so expensive that you can't use two.
但我会问为什么?端口不是那么昂贵,你不能使用两个。
#3
-1
You don't need to run the HTTP & HTTPS on same port, Configure the Tomcat to redirect requests to HTTPS in server.xml file.
您不需要在同一端口上运行HTTP和HTTPS,配置Tomcat以将请求重定向到server.xml文件中的HTTPS。
#4
-1
well I wonder why they are NOT usually on the same port! wouldn't that be easier?
我想知道为什么他们通常不在同一个港口!会不会更容易?
the reason is probably that related Java APIS (javax.net.ssl) don't allow that; you must have different server sockets. are there any alternative SSL impls for Java? I'm not aware of any.
原因可能是相关的Java APIS(javax.net.ssl)不允许这样做;你必须有不同的服务器套接字。是否有任何替代SSL impls for Java?我不知道。
#1
5
This is not possible with Tomcat.The HTTPS connector will accept SSL connection only.
Tomcat无法做到这一点.HTTP连接器仅接受SSL连接。
We have such a proxy developed in house. It's not that hard to do. You just need to check the first incoming packet. Looking for the pattern of SSL handshake. We only look for CLIENT_HELLO. Once you figure out the protocol, you can forward the request accordingly.
我们在内部开发了这样的代理。这并不难。您只需要检查第一个传入的数据包。寻找SSL握手的模式。我们只寻找CLIENT_HELLO。一旦找出协议,就可以相应地转发请求。
This is really ugly. You shouldn't do it if all possible. We have to do it because the legacy clients do this and it's impossible to upgrade them all.
这真的很难看。如果可能的话,你不应该这样做。我们必须这样做,因为传统客户端执行此操作并且无法全部升级它们。
#2
0
There is such a thing as HTTPS upgrade, whereby a plaintext HTTP connection is upgraded to HTTP by mutual agreement after it has been formed. Is that what you mean? If so, Tomcat doesn't seem to support it out of the box, and neither does Java out of the box either. You can probably write yourself a Tomcat Connector that will do it; on the client end you have a more interesting problem ;-)
存在HTTPS升级这样的事情,即明文HTTP连接在形成之后通过相互协商升级到HTTP。你是这个意思吗?如果是这样,Tomcat似乎不支持开箱即用,Java也没有开箱即用。您可以自己编写一个可以执行此操作的Tomcat连接器;在客户端你有一个更有趣的问题;-)
But I would ask why? Ports aren't so expensive that you can't use two.
但我会问为什么?端口不是那么昂贵,你不能使用两个。
#3
-1
You don't need to run the HTTP & HTTPS on same port, Configure the Tomcat to redirect requests to HTTPS in server.xml file.
您不需要在同一端口上运行HTTP和HTTPS,配置Tomcat以将请求重定向到server.xml文件中的HTTPS。
#4
-1
well I wonder why they are NOT usually on the same port! wouldn't that be easier?
我想知道为什么他们通常不在同一个港口!会不会更容易?
the reason is probably that related Java APIS (javax.net.ssl) don't allow that; you must have different server sockets. are there any alternative SSL impls for Java? I'm not aware of any.
原因可能是相关的Java APIS(javax.net.ssl)不允许这样做;你必须有不同的服务器套接字。是否有任何替代SSL impls for Java?我不知道。