如何设置 Apache Archiva 以使用 HTTPS 而不是 HTTP
How to setup Apache Archiva to use HTTPS instead of HTTP
在默认配置中,Apache Archiva 2.2 使用 HTTP,official documentation 没有说明如何将其更改为 HTTPS。
我认为这可以通过修改 conf/jetty.xml 文件来完成,但是当我尝试这样做时,如 Jetty documentation 中所述,它只会给我这样的错误:
java.lang.NoSuchMethodException: class org.eclipse.jetty.util.ssl.SslContextFactory.setTrustStorePath(class java.lang.String)
可以这样做吗?
我使用 Apache 作为 HTTPS 代理,配置新的虚拟主机:
Listen 8081
<VirtualHost *:8081>
ServerName archiva.example.com
SSLEngine On
SSLCertificateFile /path/to/apache_certs/cert.pem
SSLCertificateKeyFile /path/to/apache_certs/cert.key
ProxyRequests Off
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
<Proxy http://localhost:8080/*>
Order allow,deny
Allow from all
</Proxy>
ProxyPreserveHost on
</VirtualHost>
不要忘记启用两个 运行 所必需的 apache 模组:
sudo a2enmod proxy proxy_http
我将以下内容添加到 jetty.xml 并且有效:
<Call class="java.lang.System" name="setProperty"><Arg>jdk.tls.ephemeralDHKeySize</Arg><Arg>2048</Arg></Call>
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<Arg>
<New class="org.eclipse.jetty.http.ssl.SslContextFactory">
<Set name="keyStore"><SystemProperty name="jetty.home" default="." />/conf/tomcat.keystore</Set>
<Set name="keyStorePassword">changeit</Set>
<Set name="ExcludeProtocols">
<Array type="java.lang.String">
<Item>SSLv3</Item>
</Array>
</Set>
</New>
</Arg>
<Set name="port">8843</Set>
<Set name="maxIdleTime">30000</Set>
<Set name="Acceptors">2</Set>
<Set name="statsOn">false</Set>
<Set name="lowResourcesConnections">5000</Set>
<Set name="lowResourcesMaxIdleTime">5000</Set>
<Set name="IncludeCipherSuites">
<Array type="java.lang.String">
<Item>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</Item>
<Item>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</Item>
<Item>TLS_DHE_RSA_WITH_AES_256_GCM_SHA384</Item>
<Item>TLS_DHE_RSA_WITH_AES_128_GCM_SHA256</Item>
<Item>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384</Item>
<Item>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256</Item>
<Item>TLS_DHE_RSA_WITH_AES_256_CBC_SHA256</Item>
<Item>TLS_DHE_RSA_WITH_AES_128_CBC_SHA256</Item>
<Item>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</Item>
</Array>
</Set>
</New>
</Arg>
</Call>
在默认配置中,Apache Archiva 2.2 使用 HTTP,official documentation 没有说明如何将其更改为 HTTPS。
我认为这可以通过修改 conf/jetty.xml 文件来完成,但是当我尝试这样做时,如 Jetty documentation 中所述,它只会给我这样的错误:
java.lang.NoSuchMethodException: class org.eclipse.jetty.util.ssl.SslContextFactory.setTrustStorePath(class java.lang.String)
可以这样做吗?
我使用 Apache 作为 HTTPS 代理,配置新的虚拟主机:
Listen 8081
<VirtualHost *:8081>
ServerName archiva.example.com
SSLEngine On
SSLCertificateFile /path/to/apache_certs/cert.pem
SSLCertificateKeyFile /path/to/apache_certs/cert.key
ProxyRequests Off
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
<Proxy http://localhost:8080/*>
Order allow,deny
Allow from all
</Proxy>
ProxyPreserveHost on
</VirtualHost>
不要忘记启用两个 运行 所必需的 apache 模组:
sudo a2enmod proxy proxy_http
我将以下内容添加到 jetty.xml 并且有效:
<Call class="java.lang.System" name="setProperty"><Arg>jdk.tls.ephemeralDHKeySize</Arg><Arg>2048</Arg></Call>
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<Arg>
<New class="org.eclipse.jetty.http.ssl.SslContextFactory">
<Set name="keyStore"><SystemProperty name="jetty.home" default="." />/conf/tomcat.keystore</Set>
<Set name="keyStorePassword">changeit</Set>
<Set name="ExcludeProtocols">
<Array type="java.lang.String">
<Item>SSLv3</Item>
</Array>
</Set>
</New>
</Arg>
<Set name="port">8843</Set>
<Set name="maxIdleTime">30000</Set>
<Set name="Acceptors">2</Set>
<Set name="statsOn">false</Set>
<Set name="lowResourcesConnections">5000</Set>
<Set name="lowResourcesMaxIdleTime">5000</Set>
<Set name="IncludeCipherSuites">
<Array type="java.lang.String">
<Item>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</Item>
<Item>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</Item>
<Item>TLS_DHE_RSA_WITH_AES_256_GCM_SHA384</Item>
<Item>TLS_DHE_RSA_WITH_AES_128_GCM_SHA256</Item>
<Item>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384</Item>
<Item>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256</Item>
<Item>TLS_DHE_RSA_WITH_AES_256_CBC_SHA256</Item>
<Item>TLS_DHE_RSA_WITH_AES_128_CBC_SHA256</Item>
<Item>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</Item>
</Array>
</Set>
</New>
</Arg>
</Call>