启用ssl模块,执行如下命令:
java -jar $JETTY_HOME/start.jar --add-modules=ssl
命令的输出,如下:
INFO : ssl initialized in ${jetty.base}/start.d/ssl.ini
INFO : Base directory was modified
查看ssl模块的配置文件,执行如下命令:
cat $JETTY_BASE/start.d/ssl.ini
命令的输出,如下:
# ---------------------------------------
# Module: ssl
# Enables a TLS (SSL) connector to support secure protocols.
# Secure HTTP/1.1 is provided by enabling the "https" module and secure HTTP/2 is provided by enabling the "http2" module.
# ---------------------------------------
--modules=ssl
### TLS (SSL) Connector Configuration
## The host/address to bind the connector to.
# jetty.ssl.host=0.0.0.0
## The port the connector listens on.
# jetty.ssl.port=8443
## The connector idle timeout, in milliseconds.
# jetty.ssl.idleTimeout=30000
## The number of acceptors (-1 picks a default value based on number of cores).
# jetty.ssl.acceptors=1
## The number of selectors (-1 picks a default value based on number of cores).
# jetty.ssl.selectors=-1
## The ServerSocketChannel accept queue backlog (0 picks the platform default).
# jetty.ssl.acceptQueueSize=0
## The thread priority delta to give to acceptor threads.
# jetty.ssl.acceptorPriorityDelta=0
## Whether to enable the SO_REUSEADDR socket option.
# jetty.ssl.reuseAddress=true
## Whether to enable the SO_REUSEPORT socket option.
# jetty.ssl.reusePort=false
## Whether to enable the TCP_NODELAY socket option on accepted sockets.
# jetty.ssl.acceptedTcpNoDelay=true
## The SO_RCVBUF socket option to set on accepted sockets.
## A value of -1 indicates that the platform default is used.
# jetty.ssl.acceptedReceiveBufferSize=-1
## The SO_SNDBUF socket option to set on accepted sockets.
## A value of -1 indicates that the platform default is used.
# jetty.ssl.acceptedSendBufferSize=-1
## Whether client SNI data is required for all secure connections.
## When SNI is required, clients that do not send SNI data are rejected with an HTTP 400 response.
# jetty.ssl.sniRequired=false
## Whether client SNI data is checked to match CN and SAN in server certificates.
## When SNI is checked, if the match fails the connection is rejected with an HTTP 400 response.
# jetty.ssl.sniHostCheck=true
## The max age, in seconds, for the Strict-Transport-Security response header.
# jetty.ssl.stsMaxAgeSeconds=31536000
## Whether to include the subdomain property in any Strict-Transport-Security header.
# jetty.ssl.stsIncludeSubdomains=true
### SslContextFactory Configuration
## Note that OBF passwords are not secure, just protected from casual observation.
## Whether client SNI data is required for all secure connections.
## When SNI is required, clients that do not send SNI data are rejected with a TLS handshake error.
# jetty.sslContext.sniRequired=false
## The Endpoint Identification Algorithm.
## Same as javax.net.ssl.SSLParameters#setEndpointIdentificationAlgorithm(String).
# jetty.sslContext.endpointIdentificationAlgorithm=
## The JSSE Provider.
# jetty.sslContext.provider=
## The KeyStore file path, either an absolute path or a relative path to $JETTY_BASE.
# jetty.sslContext.keyStorePath=etc/keystore.p12
## The TrustStore file path, either an absolute path or a relative path to $JETTY_BASE.
# jetty.sslContext.trustStorePath=etc/keystore.p12
## The KeyStore password.
# jetty.sslContext.keyStorePassword=
## The Keystore type.
# jetty.sslContext.keyStoreType=PKCS12
## The KeyStore provider.
# jetty.sslContext.keyStoreProvider=
## The KeyManager password.
# jetty.sslContext.keyManagerPassword=
## The TrustStore password.
# jetty.sslContext.trustStorePassword=
## The TrustStore type.
# jetty.sslContext.trustStoreType=PKCS12
## The TrustStore provider.
# jetty.sslContext.trustStoreProvider=
## Whether client certificate authentication is required.
# jetty.sslContext.needClientAuth=false
## Whether client certificate authentication is desired, but not required.
# jetty.sslContext.wantClientAuth=false
## Whether cipher order is significant.
# jetty.sslContext.useCipherSuitesOrder=true
## The SSLSession cache size.
# jetty.sslContext.sslSessionCacheSize=-1
## The SSLSession cache timeout (in seconds).
# jetty.sslContext.sslSessionTimeout=-1
## Whether TLS renegotiation is allowed.
# jetty.sslContext.renegotiationAllowed=true
## The max number of TLS renegotiations per connection.
# jetty.sslContext.renegotiationLimit=5
各参数的说明,如下:
- Connector对象的参数
jetty.ssl.host
监听地址,默认值为0.0.0.0,表示在本机所有的IP均可接收请求。jetty.ssl.port
SSL服务的监听端口,默认值为8443。jetty.ssl.idleTimeout
SSL链接处于空闲状态的超时值,超时后链接被自动释放,单位:毫秒,默认值为30000,即30秒。jetty.ssl.acceptors
accept对象的数量,默认值为1。取值为-1时,表示依据CPU核的数量来推算accept对象的数量。jetty.ssl.selectors
selector对象的数量,默认值为1。取值为-1时,表示依据CPU核的数量来推算selector对象的数量。jetty.ssl.acceptQueueSize
accept操作的backlog中请求的数量,默认值为0,表示使用操作系统的默认值。jetty.ssl.acceptorPriorityDelta
执行accept操作的线程的运行期优先级,默认值为0。
依据JDK中线程的文档,不同平台下线程运行优先级的实现存在比较大的差异,因此为保障代码的可移植性和正确性,业务逻辑的正确性不应对线程的优先级做出假设或者依赖。jetty.ssl.reuseAddress
对应socket选项SO_REUSEADDR,默认值为true。jetty.ssl.reusePort
对应socket选项SO_REUSEPORT,默认值为false。jetty.ssl.acceptedTcpNoDelay
对应socket选项TCP_NODELAY,默认值为true。jetty.ssl.acceptedReceiveBufferSize
接收数据的缓冲区的大小,对应socket选项SO_RCVBUF,默认值为-1,表示使用操作系统的默认值。jetty.ssl.acceptedSendBufferSize
发送数据的缓冲区的大小,对应socket选项SO_SNDBUF,默认值为-1,表示使用操作系统的默认值。jetty.ssl.sniRequired
客户的SNI数据是否必需,默认值为false。jetty.ssl.sniHostCheck
是否校验客户的SNI数据中的CN和SAN。jetty.ssl.stsMaxAgeSeconds
返回HTTP安全头部Strict Transport Security时,max-age字段的取值,单位:秒,默认值为31536000。
参考资料:jetty.ssl.stsIncludeSubdomains
返回HTTP安全头部Strict Transport Security时,是否包含includeSubDomains字段,默认值为true。
参考资料:
SslContextFactory对象的参数jetty.sslContext.sniRequired
所有安全链接中,客户的SNI数据是否必需,默认值为false。jetty.sslContext.endpointIdentificationAlgorithm
即javax.net.ssl.SSLParameters#setEndpointIdentificationAlgorithm(String)jetty.sslContext.providerjetty.sslContext.keyStorePath
KeyStore文件的路径,支持使用相对于$JETTY_BASE的路径,也可以使用绝对路径。jetty.sslContext.trustStorePath
TrustStore文件的路径,支持使用相对于$JETTY_BASE的路径,也可以使用绝对路径。jetty.sslContext.keyStorePassword
KeyStore文件的口令。jetty.sslContext.keyStoreType
KeyStore文件的类型,默认值为PKCS12。jetty.sslContext.keyStoreProviderjetty.sslContext.keyManagerPassword
KeyManager的口令。jetty.sslContext.trustStorePassword
TrustStore文件的口令。jetty.sslContext.trustStoreType
TrustStore文件的类型,默认值为PKCS12。jetty.sslContext.trustStoreProviderjetty.sslContext.needClientAuth
是否需要执行客户端认证,默认值为false。jetty.sslContext.wantClientAuth
是否期望执行客户端认证,默认值为false。jetty.sslContext.useCipherSuitesOrder
是否验证加密顺序,默认值为true。jetty.sslContext.sslSessionCacheSize
SSLSession缓存占用的容量,默认值为-1。jetty.sslContext.sslSessionTimeout
SSLSession缓存的超时值,单位:秒,默认值为-1。jetty.sslContext.renegotiationAllowed
是否允许尝试重复执行TLS协商,默认值为true。jetty.sslContext.renegotiationLimit
单个通信链接,TLS协商次数的上限值,默认值为5。
![[Angular 基础] - routing 路由(下)](https://img-blog.csdnimg.cn/direct/bc5f89dee8f44b1d9b36faef464ab99b.png)
