个人中心
gpt4 book ai didi

java - 使用 Lets Encrypt SSL 证书保护 Netty 服务器

转载 作者:行者123 更新时间:2023-12-04 22:42:15 26 4
gpt4 key购买 nike

我有一个 RESTful netty 服务器,它将向请求的用户提供一些数据。我想使用 Let's Encrypt 生成的 SSL 证书来保护此服务器。
我目前有这个用于我的 ChannelInitializer,其中 CHAIN_FILE 是对 fullchain.pem 的文件引用,PRIVATE_FILE 是对 privkey.pem 的文件引用。

    ChannelPipeline pipeline = channel.pipeline();
    SslContext sslContext = SslContextBuilder.forServer(CHAIN_FILE, PRIVATE_FILE).build();
    pipeline.addLast("ssl", sslContext.newHandler(channel.alloc()));
    pipeline.addLast(new HttpServerCodec()); // A combination of HttpRequestDecoder and HttpResponseEncoder which enables easier server side HTTP implementation.
    pipeline.addLast(new HttpObjectAggregator(Integer.MAX_VALUE)); // Aggregates HttpMessage and HttpContents into a single FullHttpResponse/FullHttpRequest
    pipeline.addLast(new HttpServerHandler()); // Handles incoming HttpRequests
每当我尝试向服务器发出请求时,我都会收到错误消息: 
[io.netty.channel.DefaultChannelPipeline] An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception.
io.netty.handler.codec.DecoderException: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554202f20485454502f312e310d0a486f73743a206c6f63616c686f73740d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a43616368652d436f6e74726f6c3a206d61782d6167653d300d0a7365632d63682d75613a2022476f6f676c65204368726f6d65223b763d223839222c20224368726f6d69756d223b763d223839222c20223b4e6f742041204272616e64223b763d223939220d0a7365632d63682d75612d6d6f62696c653a203f300d0a557067726164652d496e7365637572652d52657175657374733a20310d0a557365722d4167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f38392e302e343338392e313134205361666172692f3533372e33360d0a4163636570743a20746578742f68746d6c2c6170706c69636174696f6e2f7868746d6c2b786d6c2c6170706c69636174696f6e2f786d6c3b713d302e392c696d6167652f617669662c696d6167652f776562702c696d6167652f61706e672c2a2f2a3b713d302e382c6170706c69636174696f6e2f7369676e65642d65786368616e67653b763d62333b713d302e390d0a5365632d46657463682d536974653a206e6f6e650d0a5365632d46657463682d4d6f64653a206e617669676174650d0a5365632d46657463682d557365723a203f310d0a5365632d46657463682d446573743a20646f63756d656e740d0a4163636570742d456e636f64696e673a20677a69702c206465666c6174652c2062720d0a4163636570742d4c616e67756167653a20656e2d55532c656e3b713d302e390d0a436f6f6b69653a20696f3d414e444b736c6953336c6374366a4b47414141430d0a0d0a
    at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:471) ~[PaperSpigot.jar:git-Paper-449]
    at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) ~[PaperSpigot.jar:git-Paper-449]
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) ~[PaperSpigot.jar:git-Paper-449]
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) ~[PaperSpigot.jar:git-Paper-449]
    at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) ~[PaperSpigot.jar:git-Paper-449]
    at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) ~[PaperSpigot.jar:git-Paper-449]
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) ~[PaperSpigot.jar:git-Paper-449]
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) ~[PaperSpigot.jar:git-Paper-449]
    at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) ~[PaperSpigot.jar:git-Paper-449]
    at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163) ~[PaperSpigot.jar:git-Paper-449]
    at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:714) ~[PaperSpigot.jar:git-Paper-449]
    at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:650) ~[PaperSpigot.jar:git-Paper-449]
    at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:576) ~[PaperSpigot.jar:git-Paper-449]
    at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493) ~[PaperSpigot.jar:git-Paper-449]
    at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) ~[PaperSpigot.jar:git-Paper-449]
    at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[PaperSpigot.jar:git-Paper-449]
    at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) ~[PaperSpigot.jar:git-Paper-449]
    at java.lang.Thread.run(Thread.java:834) [?:?]
Caused by: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554202f20485454502f312e310d0a486f73743a206c6f63616c686f73740d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a43616368652d436f6e74726f6c3a206d61782d6167653d300d0a7365632d63682d75613a2022476f6f676c65204368726f6d65223b763d223839222c20224368726f6d69756d223b763d223839222c20223b4e6f742041204272616e64223b763d223939220d0a7365632d63682d75612d6d6f62696c653a203f300d0a557067726164652d496e7365637572652d52657175657374733a20310d0a557365722d4167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f38392e302e343338392e313134205361666172692f3533372e33360d0a4163636570743a20746578742f68746d6c2c6170706c69636174696f6e2f7868746d6c2b786d6c2c6170706c69636174696f6e2f786d6c3b713d302e392c696d6167652f617669662c696d6167652f776562702c696d6167652f61706e672c2a2f2a3b713d302e382c6170706c69636174696f6e2f7369676e65642d65786368616e67653b763d62333b713d302e390d0a5365632d46657463682d536974653a206e6f6e650d0a5365632d46657463682d4d6f64653a206e617669676174650d0a5365632d46657463682d557365723a203f310d0a5365632d46657463682d446573743a20646f63756d656e740d0a4163636570742d456e636f64696e673a20677a69702c206465666c6174652c2062720d0a4163636570742d4c616e67756167653a20656e2d55532c656e3b713d302e390d0a436f6f6b69653a20696f3d414e444b736c6953336c6374366a4b47414141430d0a0d0a
    at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1246) ~[PaperSpigot.jar:git-Paper-449]
    at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1314) ~[PaperSpigot.jar:git-Paper-449]
    at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:501) ~[PaperSpigot.jar:git-Paper-449]
    at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:440) ~[PaperSpigot.jar:git-Paper-449]
    ... 17 more
我是网络服务器的新手,所以我真的只能想到两件事:
  • 我将 SslContextBuilder#forServer 传递给完全错误的东西。如果是这样,我需要传递什么
  • 我在某处读到这可能意味着 http 与 https 不匹配。

    • 我可能首先不需要保护它,但我想了解为什么它会失败,因为我将来很可能会遇到类似的事情。提前致谢。
    编辑:
    Concision 的建议是正确的。我的客户没有通过 HTTPS 请求。该请求现在已被接受并正确返回结果,但由于出现新错误,连接仍然不安全: 
    [04:43:38 WARN]: [io.netty.channel.DefaultChannelPipeline] An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception.
    io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
            at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:471) ~[PaperSpigot.jar:git-Paper-449]
            at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) ~[PaperSpigot.jar:git-Paper-449]
            at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) ~[PaperSpigot.jar:git-Paper-449]
            at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) ~[PaperSpigot.jar:git-Paper-449]
            at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) ~[PaperSpigot.jar:git-Paper-449]
            at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) ~[PaperSpigot.jar:git-Paper-449]
            at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) ~[PaperSpigot.jar:git-Paper-449]
            at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) ~[PaperSpigot.jar:git-Paper-449]
            at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) ~[PaperSpigot.jar:git-Paper-449]
            at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:792) ~[PaperSpigot.jar:git-Paper-449]
            at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:475) ~[PaperSpigot.jar:git-Paper-449]
            at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378) ~[PaperSpigot.jar:git-Paper-449]
            at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) ~[PaperSpigot.jar:git-Paper-449]
            at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[PaperSpigot.jar:git-Paper-449]
            at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) ~[PaperSpigot.jar:git-Paper-449]
            at java.lang.Thread.run(Thread.java:834) [?:?]
    Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
            at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?]
            at sun.security.ssl.Alert.createSSLException(Alert.java:117) ~[?:?]
            at sun.security.ssl.TransportContext.fatal(TransportContext.java:337) ~[?:?]
            at sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293) ~[?:?]
            at sun.security.ssl.TransportContext.dispatch(TransportContext.java:186) ~[?:?]
            at sun.security.ssl.SSLTransport.decode(SSLTransport.java:171) ~[?:?]
            at sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:681) ~[?:?]
            at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:636) ~[?:?]
            at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:454) ~[?:?]
            at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:433) ~[?:?]
            at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:637) ~[?:?]
            at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:282) ~[PaperSpigot.jar:git-Paper-449]
            at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1372) ~[PaperSpigot.jar:git-Paper-449]
            at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1267) ~[PaperSpigot.jar:git-Paper-449]
            at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1314) ~[PaperSpigot.jar:git-Paper-449]
            at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:501) ~[PaperSpigot.jar:git-Paper-449]
            at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:440) ~[PaperSpigot.jar:git-Paper-449]
            ... 15 more

    这让我相信我传递给 SslContextBuilder#forServer() 的论点是完全错误的。我目前只是传递 letencrypt 为我生成的原始 cert.pem 和 privkey.pem 文件。

    最佳答案

    犯了几个愚蠢的错误:
    一方面,我的服务器仍然指向端口 80 (HTTP) 而不是 443 (HTTPS)。
    此外,我传递 fullchain.pem 而不是 cert.pem 作为 #forServer 方法的第一个参数。
    正如简洁所说,第一个错误是由于我的客户试图通过 HTTP 而不是 HTTPS 发出请求

    关于java - 使用 Lets Encrypt SSL 证书保护 Netty 服务器,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/66986453/

    26 4 0
    文章推荐: python - 如何绕过 python 请求 SSL 和代理错误?
    文章推荐: java - RabbitMQ JAVA Spring 配置 - spring.rabbitmq.ssl.key-store
    文章推荐: ssl - LetsEncrypt 生成 fullchain.pem 和 privkey.pem 文件。我需要 .crt 和 .key 文件。我怎样才能得到它们?
    文章推荐: java - 对象输入流错误 : StreamCorruptedException
    行者123
    个人简介

    我是一名优秀的程序员,十分优秀!

    滴滴打车优惠券免费领取
    滴滴打车优惠券
    全站热门文章
    Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
    广告合作:1813099741@qq.com 6ren.com