1

我需要调试 Jetty SPDY 配置问题的帮助。

版本:

Jetty: org.eclipse.jetty.aggregate:jetty-all:9.0.6.v20130930 (Maven dependency)
Jetty-SPDY: org.eclipse.jetty.spdy:spdy-http-server:9.0.6.v20130930 (Maven dependency)
NPN-API: org.eclipse.jetty.npn:npn-api:8.1.2.v20120308 (Maven dependency, tried w/ and w/o it)
NPN-BOOT: org.mortbay.jetty.npn:npn-boot:8.1.2.v20120308 (used as -Xbootclasspath/p:/home/martin/.m2/repository/org/mortbay/jetty/npn/npn-boot/8.1.2.v20120308/npn-boot-8.1.2.v20120308.jar)
Google Chrome: 30
Firefox: 24

嵌入式码头(Scala 代码):

package com.example.test

import org.apache.wicket.util.time.Duration
import org.eclipse.jetty.server.{HttpConnectionFactory, SslConnectionFactory, ServerConnector, SecureRequestCustomizer, HttpConfiguration, Server}
import org.eclipse.jetty.util.resource.Resource
import org.eclipse.jetty.util.ssl.SslContextFactory
import org.eclipse.jetty.spdy.server.http.{HTTPSPDYServerConnectionFactory, ReferrerPushStrategy, HTTPSPDYServerConnector}
import org.eclipse.jetty.webapp.WebAppContext
import org.eclipse.jetty.spdy.server.{SPDYServerConnectionFactory, NPNServerConnectionFactory}
import org.eclipse.jetty.npn.NextProtoNego

object JettyStart {

  def main(args: Array[String]) {

    val startTime = System.currentTimeMillis()

    val tlsHttpConfiguration = new HttpConfiguration()
    tlsHttpConfiguration.setSecureScheme("https")
    tlsHttpConfiguration.setSecurePort(8443)
    tlsHttpConfiguration.setOutputBufferSize(32768)
    tlsHttpConfiguration.setRequestHeaderSize(8192)
    tlsHttpConfiguration.setResponseHeaderSize(8192)
    tlsHttpConfiguration.addCustomizer(new SecureRequestCustomizer)
    tlsHttpConfiguration.setSendServerVersion(true)

    val server = new Server()

    val http = new HttpConnectionFactory(tlsHttpConfiguration)
    val connector = new ServerConnector(server, http)
    connector.setIdleTimeout(Duration.ONE_MINUTE.getMilliseconds)
    connector.setSoLingerTime(-1)
    connector.setPort(8080)
    server.addConnector(connector)

    val keystore: Resource = Resource.newClassPathResource("/keystore")

    if (keystore != null && keystore.exists) {

      SPDYServerConnectionFactory.checkNPNAvailable()

      val pushStrategy = new ReferrerPushStrategy
      pushStrategy.setReferrerPushPeriod(5000)
      pushStrategy.setMaxAssociatedResources(32)

      val factory: SslContextFactory = new SslContextFactory
      factory.setKeyStoreResource(keystore)
      factory.setKeyStorePassword("wicket")
      factory.setTrustStoreResource(keystore)
      factory.setKeyManagerPassword("wicket")
      factory.setProtocol("TLSv1")
      factory.setIncludeProtocols("TLSv1")

      NextProtoNego.debug = true

      val sslConnectionFactory = new SslConnectionFactory(factory, "npn")

      val npnConnectionFactory = new NPNServerConnectionFactory("spdy/3", "spdy/2", "http/1.1")
      npnConnectionFactory.setDefaultProtocol("http/1.1")

      val spdy3ConnectionFactory = new HTTPSPDYServerConnectionFactory(3, tlsHttpConfiguration, pushStrategy)

      val spdy2ConnectionFactory = new HTTPSPDYServerConnectionFactory(2, tlsHttpConfiguration)

      val httpConnectionFactory = new HttpConnectionFactory(tlsHttpConfiguration)

      val spdyConnector = new ServerConnector(server, sslConnectionFactory, npnConnectionFactory, spdy3ConnectionFactory,
        spdy2ConnectionFactory, httpConnectionFactory)
      spdyConnector.setPort(8443)
      server.addConnector(spdyConnector)
    }

    val context = new WebAppContext()
    context.setServer(server)
    context.setContextPath("/")
    context.setWar("src/main/webapp")
    server.setHandler(context)
    server.setDumpAfterStart(false)

    server.start()
    println("Start took: " + Duration.valueOf(System.currentTimeMillis() - startTime))
    System.in.read()
    System.out.println(">>> STOPPING EMBEDDED JETTY SERVER")
    server.stop()
    server.join()
  }
}

上面的代码灵感来自https://github.com/eclipse/jetty.project/blob/master/jetty-spdy/spdy-example-webapp/src/main/config/example-jetty-spdy.xml

请求端口 8080 工作正常。

请求端口 8443 尝试建立安全连接并超时。

NPN 调试会产生这样的日志:

[S] NPN received for 13ef0ffb[SSLEngine[hostname=127.0.0.1 port=43086] SSL_NULL_WITH_NULL_NULL]
[S] NPN protocols [spdy/3, spdy/2, http/1.1] sent to client for 13ef0ffb[SSLEngine[hostname=127.0.0.1 port=43086] SSL_NULL_WITH_NULL_NULL]
[S] NPN selected 'spdy/3' for 13ef0ffb[SSLEngine[hostname=127.0.0.1 port=43086] SSL_NULL_WITH_NULL_NULL]
4

1 回答 1

2

看起来您的 NPN 版本已关闭。

这是您需要使用的 npn 工件的版本,具体取决于您选择的 Java 版本。

用 Maven 术语表示。

<dependency>
  <groupId>org.mortbay.jetty.npn</groupId>
  <artifactId>npn-boot</artifactId>
  <version>${npn-version}</version>
</dependency>
<dependency>
  <groupId>org.mortbay.jetty.npn</groupId>
  <artifactId>npn-api</artifactId>
  <version>${npn-version}</version>
</dependency>

Java 到 NPN 版本的映射(截至 2013 年 10 月 23 日)

  Java     |  ${npn-version}
-----------+--------------------------
  1.7.0_9  |  1.1.3.v20130313
  1.7.0_11 |  1.1.3.v20130313
  1.7.0_13 |  1.1.4.v20130313
  1.7.0_15 |  1.1.4.v20130313
  1.7.0_17 |  1.1.5.v20130313
  1.7.0_21 |  1.1.5.v20130313
  1.7.0_25 |  1.1.5.v20130313
  1.7.0_40 |  1.1.6.v20130911
  1.7.0_45 |  1.1.6.v20130911

不同的版本用于处理 JVM 中为创建 TLS 扩展所做的更改。

注意:Java 9 承诺提供更好的 API 来管理整个 TLS/NPN/ALPN 扩展设置,因此这种将 bootjars 严格映射到特定 Java 版本的做法最终应该会消失。

于 2013-10-23T22:13:21.587 回答