问题 运行 spring 使用 Let's Encrypt 证书启动 VPS
Problem running spring boot with Let's Encrypt certificate on VPS
我想在 Spring 引导服务中添加一个应用程序,但我希望它仅 运行 作为 root。当我尝试 运行 它作为不同的用户时,我有一个错误:
Failed to start component [Connector[HTTP/1.1-8081]]
org.apache.catalina.LifecycleException: Protocol handler start failed
https://pastecode.xyz/view/2410ddfc
当我 运行 它与 sudo 它正确启动时。
该应用程序使用 Let's Encrypt 证书,我不知道它是否重要。
在我看来,运行 Tomcat 没有权限。 :-(
我不知道该怎么办了。
感谢您的帮助。
根据您的堆栈跟踪读取,您无权访问该文件:
/etc/letsencrypt/live/dawid.cloud/keystore.p12 (权限被拒绝)
org.apache.catalina.LifecycleException: Protocol handler start failed
at org.apache.catalina.connector.Connector.startInternal(Connector.java:960) ~[tomcat-embed-core-9.0.12.jar!/:9.0.12]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) ~[tomcat-embed-core-9.0.12.jar!/:9.0.12]
at org.apache.catalina.core.StandardService.addConnector(StandardService.java:225) [tomcat-embed-core-9.0.12.jar!/:9.0.12]
at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.addPreviouslyRemovedConnectors(TomcatWebServer.java:259) [spring-boot-2.1.0.RELEASE.jar!/:2.1.0.RELEASE]
at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:197) [spring-boot-2.1.0.RELEASE.jar!/:2.1.0.RELEASE]
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.startWebServer(ServletWebServerApplicationContext.java:300) [spring-boot-2.1.0.RELEASE.jar!/:2.1.0.RELEASE]
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.finishRefresh(ServletWebServerApplicationContext.java:162) [spring-boot-2.1.0.RELEASE.jar!/:2.1.0.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:549) [spring-context-5.1.2.RELEASE.jar!/:5.1.2.RELEASE]
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:140) [spring-boot-2.1.0.RELEASE.jar!/:2.1.0.RELEASE]
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:775) [spring-boot-2.1.0.RELEASE.jar!/:2.1.0.RELEASE]
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:397) [spring-boot-2.1.0.RELEASE.jar!/:2.1.0.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:316) [spring-boot-2.1.0.RELEASE.jar!/:2.1.0.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1260) [spring-boot-2.1.0.RELEASE.jar!/:2.1.0.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1248) [spring-boot-2.1.0.RELEASE.jar!/:2.1.0.RELEASE]
at dawid.cloud.spotkanieklasowe.SpotkanieklasoweApplication.main(SpotkanieklasoweApplication.java:10) [classes!/:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_191]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_191]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_191]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_191]
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48) [spotkanieklasowe-0.0.1.jar:na]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:87) [spotkanieklasowe-0.0.1.jar:na]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:50) [spotkanieklasowe-0.0.1.jar:na]
at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51) [spotkanieklasowe-0.0.1.jar:na]
Caused by: java.lang.IllegalArgumentException: /etc/letsencrypt/live/dawid.cloud/keystore.p12 (Permission denied)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114) ~[tomcat-embed-core-9.0.12.jar!/:9.0.12]
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:85) ~[tomcat-embed-core-9.0.12.jar!/:9.0.12]
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:224) ~[tomcat-embed-core-9.0.12.jar!/:9.0.12]
at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1108) ~[tomcat-embed-core-9.0.12.jar!/:9.0.12]
at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:550) ~[tomcat-embed-core-9.0.12.jar!/:9.0.12]
at org.apache.catalina.connector.Connector.startInternal(Connector.java:957) ~[tomcat-embed-core-9.0.12.jar!/:9.0.12]
... 22 common frames omitted
Caused by: java.io.FileNotFoundException: /etc/letsencrypt/live/dawid.cloud/keystore.p12 (Permission denied)
at java.io.FileInputStream.open0(Native Method) ~[na:1.8.0_191]
at java.io.FileInputStream.open(FileInputStream.java:195) ~[na:1.8.0_191]
at java.io.FileInputStream.<init>(FileInputStream.java:138) ~[na:1.8.0_191]
at java.io.FileInputStream.<init>(FileInputStream.java:93) ~[na:1.8.0_191]
at sun.net.www.protocol.file.FileURLConnection.connect(FileURLConnection.java:90) ~[na:1.8.0_191]
at sun.net.www.protocol.file.FileURLConnection.getInputStream(FileURLConnection.java:188) ~[na:1.8.0_191]
at org.apache.tomcat.util.file.ConfigFileLoader.getInputStream(ConfigFileLoader.java:89) ~[tomcat-embed-core-9.0.12.jar!/:9.0.12]
at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:141) ~[tomcat-embed-core-9.0.12.jar!/:9.0.12]
at org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:204) ~[tomcat-embed-core-9.0.12.jar!/:9.0.12]
at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:184) ~[tomcat-embed-core-9.0.12.jar!/:9.0.12]
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:112) ~[tomcat-embed-core-9.0.12.jar!/:9.0.12]
... 27 common frames omitted
最底部的 caused by 语句始终是异常的 根本原因 。
如果您的服务器 运行 作为 [user] 而不是 root,这确实是个好主意,请使该文件可供特定 [user].[=19= 访问]
作为 root 的解决方法:
mkdir /home/[user]/key
cp -p /etc/letsencrypt/live/dawid.cloud/keystore.p12 /home/[user]/key/
chown -R [user].[user] /home/[user]/key
其中 [user] 是您的用户名。
我敢打赌有一个更直接的解决方案可以使用 certbot
或者您使用什么工具来获取 Let's Encrypt 证书。
编辑:certbot deploy hook 似乎是一个不错的下一个搜索词 in an answer on superuser.com
我想在 Spring 引导服务中添加一个应用程序,但我希望它仅 运行 作为 root。当我尝试 运行 它作为不同的用户时,我有一个错误:
Failed to start component [Connector[HTTP/1.1-8081]]
org.apache.catalina.LifecycleException: Protocol handler start failed
https://pastecode.xyz/view/2410ddfc
当我 运行 它与 sudo 它正确启动时。
该应用程序使用 Let's Encrypt 证书,我不知道它是否重要。
在我看来,运行 Tomcat 没有权限。 :-(
我不知道该怎么办了。
感谢您的帮助。
根据您的堆栈跟踪读取,您无权访问该文件:
/etc/letsencrypt/live/dawid.cloud/keystore.p12 (权限被拒绝)
org.apache.catalina.LifecycleException: Protocol handler start failed
at org.apache.catalina.connector.Connector.startInternal(Connector.java:960) ~[tomcat-embed-core-9.0.12.jar!/:9.0.12]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) ~[tomcat-embed-core-9.0.12.jar!/:9.0.12]
at org.apache.catalina.core.StandardService.addConnector(StandardService.java:225) [tomcat-embed-core-9.0.12.jar!/:9.0.12]
at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.addPreviouslyRemovedConnectors(TomcatWebServer.java:259) [spring-boot-2.1.0.RELEASE.jar!/:2.1.0.RELEASE]
at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:197) [spring-boot-2.1.0.RELEASE.jar!/:2.1.0.RELEASE]
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.startWebServer(ServletWebServerApplicationContext.java:300) [spring-boot-2.1.0.RELEASE.jar!/:2.1.0.RELEASE]
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.finishRefresh(ServletWebServerApplicationContext.java:162) [spring-boot-2.1.0.RELEASE.jar!/:2.1.0.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:549) [spring-context-5.1.2.RELEASE.jar!/:5.1.2.RELEASE]
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:140) [spring-boot-2.1.0.RELEASE.jar!/:2.1.0.RELEASE]
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:775) [spring-boot-2.1.0.RELEASE.jar!/:2.1.0.RELEASE]
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:397) [spring-boot-2.1.0.RELEASE.jar!/:2.1.0.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:316) [spring-boot-2.1.0.RELEASE.jar!/:2.1.0.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1260) [spring-boot-2.1.0.RELEASE.jar!/:2.1.0.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1248) [spring-boot-2.1.0.RELEASE.jar!/:2.1.0.RELEASE]
at dawid.cloud.spotkanieklasowe.SpotkanieklasoweApplication.main(SpotkanieklasoweApplication.java:10) [classes!/:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_191]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_191]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_191]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_191]
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48) [spotkanieklasowe-0.0.1.jar:na]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:87) [spotkanieklasowe-0.0.1.jar:na]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:50) [spotkanieklasowe-0.0.1.jar:na]
at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51) [spotkanieklasowe-0.0.1.jar:na]
Caused by: java.lang.IllegalArgumentException: /etc/letsencrypt/live/dawid.cloud/keystore.p12 (Permission denied)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114) ~[tomcat-embed-core-9.0.12.jar!/:9.0.12]
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:85) ~[tomcat-embed-core-9.0.12.jar!/:9.0.12]
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:224) ~[tomcat-embed-core-9.0.12.jar!/:9.0.12]
at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1108) ~[tomcat-embed-core-9.0.12.jar!/:9.0.12]
at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:550) ~[tomcat-embed-core-9.0.12.jar!/:9.0.12]
at org.apache.catalina.connector.Connector.startInternal(Connector.java:957) ~[tomcat-embed-core-9.0.12.jar!/:9.0.12]
... 22 common frames omitted
Caused by: java.io.FileNotFoundException: /etc/letsencrypt/live/dawid.cloud/keystore.p12 (Permission denied)
at java.io.FileInputStream.open0(Native Method) ~[na:1.8.0_191]
at java.io.FileInputStream.open(FileInputStream.java:195) ~[na:1.8.0_191]
at java.io.FileInputStream.<init>(FileInputStream.java:138) ~[na:1.8.0_191]
at java.io.FileInputStream.<init>(FileInputStream.java:93) ~[na:1.8.0_191]
at sun.net.www.protocol.file.FileURLConnection.connect(FileURLConnection.java:90) ~[na:1.8.0_191]
at sun.net.www.protocol.file.FileURLConnection.getInputStream(FileURLConnection.java:188) ~[na:1.8.0_191]
at org.apache.tomcat.util.file.ConfigFileLoader.getInputStream(ConfigFileLoader.java:89) ~[tomcat-embed-core-9.0.12.jar!/:9.0.12]
at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:141) ~[tomcat-embed-core-9.0.12.jar!/:9.0.12]
at org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:204) ~[tomcat-embed-core-9.0.12.jar!/:9.0.12]
at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:184) ~[tomcat-embed-core-9.0.12.jar!/:9.0.12]
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:112) ~[tomcat-embed-core-9.0.12.jar!/:9.0.12]
... 27 common frames omitted
最底部的 caused by 语句始终是异常的 根本原因 。
如果您的服务器 运行 作为 [user] 而不是 root,这确实是个好主意,请使该文件可供特定 [user].[=19= 访问]
作为 root 的解决方法:
mkdir /home/[user]/key
cp -p /etc/letsencrypt/live/dawid.cloud/keystore.p12 /home/[user]/key/
chown -R [user].[user] /home/[user]/key
其中 [user] 是您的用户名。
我敢打赌有一个更直接的解决方案可以使用 certbot
或者您使用什么工具来获取 Let's Encrypt 证书。
编辑:certbot deploy hook 似乎是一个不错的下一个搜索词 in an answer on superuser.com