1. 技术文章
  2. How to setup Apache Archiva to use HTTPS instead of HTTP

How to setup Apache Archiva to use HTTPS instead of HTTP

不打扰是莪最后的温柔 提交于 2019-12-07 18:48:35

问题


In default configuration, Apache Archiva 2.2 uses HTTP, and official documentation tells nothing how to change it to HTTPS.

I think that this can be done by modifying conf/jetty.xml file, but when I try to do this, as described in Jetty documentation, it only gives me errors like:

java.lang.NoSuchMethodException: class org.eclipse.jetty.util.ssl.SslContextFactory.setTrustStorePath(class java.lang.String)

Is it possible to do this?


回答1:


I used Apache as a HTTPS proxy, configuring new virtual host:

Listen 8081

<VirtualHost *:8081>
        ServerName archiva.example.com

        SSLEngine On
        SSLCertificateFile    /path/to/apache_certs/cert.pem
        SSLCertificateKeyFile /path/to/apache_certs/cert.key

        ProxyRequests     Off
        ProxyPass         /  http://localhost:8080/
        ProxyPassReverse  /  http://localhost:8080/
        <Proxy http://localhost:8080/*>
                Order allow,deny
                Allow from all
        </Proxy>
        ProxyPreserveHost on
</VirtualHost>



回答2:


I added the following to jetty.xml and it worked:

<Call class="java.lang.System" name="setProperty"><Arg>jdk.tls.ephemeralDHKeySize</Arg><Arg>2048</Arg></Call>
<Call name="addConnector">
    <Arg>
        <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
            <Arg>
                <New class="org.eclipse.jetty.http.ssl.SslContextFactory">
                    <Set name="keyStore"><SystemProperty name="jetty.home" default="." />/conf/tomcat.keystore</Set>
                    <Set name="keyStorePassword">changeit</Set>
                    <Set name="ExcludeProtocols">
                        <Array type="java.lang.String">
                            <Item>SSLv3</Item>
                        </Array>
                    </Set>
                </New>
            </Arg>
            <Set name="port">8843</Set>
            <Set name="maxIdleTime">30000</Set>
            <Set name="Acceptors">2</Set>
            <Set name="statsOn">false</Set>
            <Set name="lowResourcesConnections">5000</Set>
            <Set name="lowResourcesMaxIdleTime">5000</Set>
            <Set name="IncludeCipherSuites">
                <Array type="java.lang.String">
                    <Item>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</Item>
                    <Item>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</Item>
                    <Item>TLS_DHE_RSA_WITH_AES_256_GCM_SHA384</Item>
                    <Item>TLS_DHE_RSA_WITH_AES_128_GCM_SHA256</Item>
                    <Item>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384</Item>
                    <Item>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256</Item>
                    <Item>TLS_DHE_RSA_WITH_AES_256_CBC_SHA256</Item>
                    <Item>TLS_DHE_RSA_WITH_AES_128_CBC_SHA256</Item>
                    <Item>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</Item>
                    <Item>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</Item>
                    <Item>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</Item>
                    <Item>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</Item>
                </Array>
            </Set>
        </New>
    </Arg>
</Call>


来源:https://stackoverflow.com/questions/30871001/how-to-setup-apache-archiva-to-use-https-instead-of-http

标签
https
archiva
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!