1.环境准备
由于Geoserver自带的jetty版本不具备https模块,所以需要下载完整版本jetty。这里需要先查看本地geoserver对应的jetty版本,进入geoserver安装目录,执行如下命令。
java -jar start.jar --version
Jetty Server Classpath:
-----------------------
Version Information on 37 entries in the classpath.
Note: order presented here is how they would appear on the classpath.changes to the --module=name command line options will be reflected here.0: 1.4.1.v201005082020 | ${jetty.base}\lib\mail\javax.mail.glassfish-1.4.1.v201005082020.jar1: (dir) | ${jetty.base}\resources2: 3.1.0 | ${jetty.base}\lib\servlet-api-3.1.jar3: 3.1.0.M0 | ${jetty.base}\lib\jetty-schemas-3.1.jar4: 9.4.48.v20220622 | ${jetty.base}\lib\jetty-http-9.4.48.v20220622.jar5: 9.4.48.v20220622 | ${jetty.base}\lib\jetty-server-9.4.48.v20220622.jar6: 9.4.48.v20220622 | ${jetty.base}\lib\jetty-xml-9.4.48.v20220622.jar7: 9.4.48.v20220622 | ${jetty.base}\lib\jetty-util-9.4.48.v20220622.jar8: 9.4.48.v20220622 | ${jetty.base}\lib\jetty-io-9.4.48.v20220622.jar9: 9.4.48.v20220622 | ${jetty.base}\lib\jetty-jndi-9.4.48.v20220622.jar
10: 9.4.48.v20220622 | ${jetty.base}\lib\jetty-security-9.4.48.v20220622.jar
11: 1.3 | ${jetty.base}\lib\transactions\javax.transaction-api-1.3.jar
12: 9.4.48.v20220622 | ${jetty.base}\lib\jetty-servlet-9.4.48.v20220622.jar
13: 9.4.48.v20220622 | ${jetty.base}\lib\jetty-webapp-9.4.48.v20220622.jar
14: 9.4.48.v20220622 | ${jetty.base}\lib\jetty-plus-9.4.48.v20220622.jar
15: 9.4.48.v20220622 | ${jetty.base}\lib\jetty-annotations-9.4.48.v20220622.jar
16: 9.3 | ${jetty.base}\lib\annotations\asm-9.3.jar
17: 9.3 | ${jetty.base}\lib\annotations\asm-analysis-9.3.jar
18: 9.3 | ${jetty.base}\lib\annotations\asm-commons-9.3.jar
19: 9.3 | ${jetty.base}\lib\annotations\asm-tree-9.3.jar
20: 1.3.2 | ${jetty.base}\lib\annotations\javax.annotation-api-1.3.2.jar
21: 3.19.0.v20190903-0936 | ${jetty.base}\lib\apache-jsp\org.eclipse.jdt.ecj-3.19.0.jar
22: 9.4.48.v20220622 | ${jetty.base}\lib\apache-jsp\org.eclipse.jetty.apache-jsp-9.4.48.v20220622.jar
23: 8.5.70 | ${jetty.base}\lib\apache-jsp\org.mortbay.jasper.apache-el-8.5.70.jar
24: 8.5.70 | ${jetty.base}\lib\apache-jsp\org.mortbay.jasper.apache-jsp-8.5.70.jar
25: 1.2.5 | ${jetty.base}\lib\apache-jstl\org.apache.taglibs.taglibs-standard-impl-1.2.5.jar
26: 1.2.5 | ${jetty.base}\lib\apache-jstl\org.apache.taglibs.taglibs-standard-spec-1.2.5.jar
27: 9.4.48.v20220622 | ${jetty.base}\lib\jetty-client-9.4.48.v20220622.jar
28: 9.4.48.v20220622 | ${jetty.base}\lib\jetty-deploy-9.4.48.v20220622.jar
29: 1.0 | ${jetty.base}\lib\websocket\javax.websocket-api-1.0.jar
30: 9.4.48.v20220622 | ${jetty.base}\lib\websocket\javax-websocket-client-impl-9.4.48.v20220622.jar
31: 9.4.48.v20220622 | ${jetty.base}\lib\websocket\javax-websocket-server-impl-9.4.48.v20220622.jar
32: 9.4.48.v20220622 | ${jetty.base}\lib\websocket\websocket-api-9.4.48.v20220622.jar
33: 9.4.48.v20220622 | ${jetty.base}\lib\websocket\websocket-client-9.4.48.v20220622.jar
34: 9.4.48.v20220622 | ${jetty.base}\lib\websocket\websocket-common-9.4.48.v20220622.jar
35: 9.4.48.v20220622 | ${jetty.base}\lib\websocket\websocket-server-9.4.48.v20220622.jar
36: 9.4.48.v20220622 | ${jetty.base}\lib\websocket\websocket-servlet-9.4.48.v20220622.jar
可以看到当前的jetty版本为9.4.48.v20220622,点击下载jetty。
jetty的zip包下包含如下文件:
dir目录: C:\Users\liang\Desktop\jetty-distribution-9.4.48.v20220622
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 2023/9/9 12:29 bin
d----- 2023/9/9 12:29 demo-base
d----- 2023/9/9 12:29 etc
d----- 2023/9/9 12:29 lib
d----- 2023/9/9 12:29 logs
d----- 2023/9/9 12:29 modules
d----- 2022/6/21 15:53 resources
d----- 2023/9/9 12:29 webapps
------ 2022/6/21 15:53 30012 license-eplv10-aslv20.html
------ 2022/6/21 15:53 6262 notice.html
------ 2022/6/21 15:53 1638 README.TXT
------ 2022/6/21 15:53 6243 start.ini
------ 2022/6/21 15:53 163553 start.jar
------ 2022/6/21 15:53 553587 VERSION.txt
我们需要将etc、lib、modules三个文件夹拷贝到geoserver对应的目录中。
2. 添加https模块
进入的geoserver的目录,当前目录包含start.jar文件,执行如下命令添加https模块
java -jar start.jar --add-to-start=ssl
java -jar start.jar --add-to-start=https
查看当前jetty加载模块:
java -jar start.jar --list-modules
当然,我们也可以通过start.ini文件查看模块加载情况
# ---------------------------------------
# Module: ssl
# Enables a TLS(SSL) Connector on the server.
# This may be used for HTTPS and/or HTTP2 by enabling
# the associated support modules.
# ---------------------------------------
--module=ssl### TLS(SSL) Connector Configuration## Connector host/address to bind to
# jetty.ssl.host=0.0.0.0## Connector port to listen on
jetty.ssl.port=8081
...(此处省略N行)
# ---------------------------------------
# Module: https
# Adds HTTPS protocol support to the TLS(SSL) Connector
# ---------------------------------------
--module=https
此时,我们是通过https访问geoserver服务,默认端口为8443。只不过浏览器会有个安全的弹出框。
3. 配置证书
Jetty 需要使用的Key文件为keystore,而各大服务商申请的Key文件一般为pem等文件。因此我们需要对其做一下转换。
3.1 将pfx格式证书转换为jks格式证书
keytool -importkeystore -srckeystore surpass.pfx -destkeystore surpass.jks -srcstoretype
3.2 将jks格式证书转换为p12格式证书
package com.surpass;import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.util.Enumeration;/*** 证书转换* @author surpassliang* @date 2023/9/9 12:45*/
public class CertConvert {// 证书格式public static final String JKS = "JKS";public static final String PKCS12 = "PKCS12";/*** 证书和路径*/public static final String KEYSTORE_PASSWORD = "123456";/*** 证书别名*/public static final String CERT_ALIAS = "client";public static void main(String[] args) {if (args.length < 2) {System.out.println("参数不足,包含输入和输出参数");}//jksString inputKeystore = args[0];//p12String outputKeystore = args[1];try (FileInputStream fis = new FileInputStream(inputKeystore);FileOutputStream out = new FileOutputStream(outputKeystore)) {KeyStore inputKeyStore = KeyStore.getInstance(JKS);char[] nPassword = KEYSTORE_PASSWORD.toCharArray();inputKeyStore.load(fis, nPassword);KeyStore outputKeyStore = KeyStore.getInstance(PKCS12);outputKeyStore.load(null, KEYSTORE_PASSWORD.toCharArray());Enumeration<String> enumStars = inputKeyStore.aliases();while (enumStars.hasMoreElements()) {String keyAlias = enumStars.nextElement();if (inputKeyStore.isKeyEntry(keyAlias)) {Key key = inputKeyStore.getKey(keyAlias, nPassword);Certificate[] certChain = inputKeyStore.getCertificateChain(keyAlias);outputKeyStore.setKeyEntry(CERT_ALIAS, key, KEYSTORE_PASSWORD.toCharArray(), certChain);}}outputKeyStore.store(out, nPassword);System.out.println("转换完成....");} catch (Exception e) {System.out.println(e.getMessage());}}
}
3.3 将p12证书格式转换为 keystore文件格式
keytool -importkeystore -v -srckeystore surpass.p12 -srcstoretype pkcs12 -srcstorepass 123456 -destkeystore 你的证书.keystore -deststoretype jks -deststorepass 123456
3.4 将证书放到指定位置。
4. 配置证书
打开start.ini文件,找到如下位置,修改证书路径
jetty.keystore=etc/cert/ 你的证书.keystore
jetty.truststore=etc/cert/你的证书.keystore
jetty.keystore.password= 123456
jetty.keymanager.password= 123456
jetty.truststore.password= 123456
、读写分离(主从架构)、分库分表(垂直分库、垂直分表、水平分表))
![[系统安全] 五十三.DataCon竞赛 (2)2022年DataCon涉网分析之恶意样本IOC自动化提取详解](http://pic.xiahunao.cn/[系统安全] 五十三.DataCon竞赛 (2)2022年DataCon涉网分析之恶意样本IOC自动化提取详解)
![[Linux]动静态库](http://pic.xiahunao.cn/[Linux]动静态库)
“ 和 “count(1)“ 和 “count(field1)“ 的差异)
)
)
