本文介绍了Moqui在Elastic Beanstalk Tomcat实例上部署到AWS的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我们已经在使用Java环境的Elastic Beanstalk上运行带有嵌入式Jetty服务器的Moqui 2.0了大约一年。出于安全原因,我们将应用程序与Postgres数据库一起在专用子网中运行,并通过VPN对其进行访问。因此,我们从不费心启用HTTPS访问。

We have been running Moqui 2.0 with the embedded Jetty server on Elastic Beanstalk using a Java environment for about a year now. For security reasons, we had the application running in a private subnet along with the Postgres database and accessing it over VPN. Because of this, we never bothered to enable HTTPS access.

我们现在要在公共子网中部署Moqui,以便无需VPN即可访问它,因此我们需要HTTPS访问。

We now want to deploy Moqui in the public subnet so that it can be accessed without the VPN and therefore we need HTTPS access.

侧面说明:请记住,我已经通读了部署选项!。

Sidenote: Bear in mind, I have already read through the deployment options here!.

我的第一个问题是,您能否仅使用嵌入式服务器通过HTTPS运行Moqui?我查看了MoquiStart类,并且main似乎默认仅支持端口8080上的HTTP初始化。有整段内容被注释掉,其中还包含带有注释初始化HTTPS和HTTP / 2的代码:

My first question is, can you run Moqui over HTTPS using the embedded server only? I looked at the MoquiStart class and main seems to only support the initialisation of HTTP on port 8080 by default. There is a whole section which is commented out which also contains code to initialise HTTPS and HTTP/2 with the comment:

// Possible code to handle HTTPS, HTTP/2 (h2, h2c):

所以我认为HTTPS是Moqui不支持Moqui作为独立应用程序吗?

So I assume that HTTPS is not supported by Moqui as a standalone application?

Moqui并未配置Jetty来服务HTTPS请求,而是使用Java环境在公共子网中运行Moqui,因为到目前为止,我们显然不能接受。剩下两个选择。诸如Docker之类的容器化(这超出了我的技能范围),或者在诸如Tomcat之类的应用程序服务器中运行(这也超出了我的技能范围,但我至少可以在概念上有所帮助)。这导致我进入

With the assumption above that Moqui isn't configuring Jetty to serve HTTPS requests, running Moqui in the public subnet using a Java environment as we have until now obviously becomes unacceptable. Which leaves us with two options. Containerisation such as Docker (which is beyond my skills set) or running within an application server such as Tomcat (which is also beyond my skillset but I can at least wrap my head around conceptually). Which lead me to this StackOverflow thread on the issue!.

我对J2EE体系结构不熟悉,但是我认为一旦在Tomcat中运行,Catalina就会绕过Jetty端口在MoquiStart中以某种方式初始化 ? [请允许我为自己的理解提供简短的解释]

I'm not familiar with J2EE architecture, but I assume that once running within Tomcat, Catalina bypasses the Jetty port initialisation in MoquiStart somehow? [Would appreciate brief explanation for my own understanding]

无论如何,以上线程确认我在使用HTTPS解决方案的正确轨道上。

Regardless, the above thread confirmed that I was on the right track for an HTTPS solution.

问题是,Moqui无法正常工作。我知道Tomcat运行良好,因为在创建环境时,我使用示例应用程序,并且可以通过HTTP正常访问。部署ROOT.war文件(在../apache-tomcat-8.5.6/webapps中找到)后,我既无法通过HTTP也无法通过HTTPS访问Moqui。 (我的安全小组是完全开放的)它尝试连接并最终超时。

The problem is, Moqui isn't working. I know Tomcat is working fine because when I create the environment, I use the Sample Application and I can access that ok over HTTP. As soon as I deploy the ROOT.war file (which I find in ../apache-tomcat-8.5.6/webapps), I can neither access Moqui over HTTP nor HTTPS. (My security group is totally open) It tries to connect and eventually times out.

我已经检查了EB日志,可能的罪魁祸首已记录在catalina中。YYYY- MM-DD.log文件。

I have checked the EB logs and the likely culprit is logged in the catalina.YYYY-MM-DD.log file.

14-May-2019 21:21:07.101 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/var/lib/tomcat8/webapps/ROOT]
14-May-2019 21:21:23.946 SEVERE [localhost-startStop-1] org.apache.catalina.core.StandardContext.startInternal One or more listeners failed to start. Full details will be found in the appropriate container log file
14-May-2019 21:21:23.956 SEVERE [localhost-startStop-1] org.apache.catalina.core.StandardContext.startInternal Context [] startup failed due to previous errors
14-May-2019 21:21:23.965 WARNING [localhost-startStop-1] org.apache.catalina.loader.WebappClassLoaderBase.clearReferencesThreads The web application [ROOT] appears to have started a thread named [AsyncAppender-AsyncLog] but has failed to stop it. This is very likely to create a memory leak.

堆栈跟踪如下:

sun.misc.Unsafe.park(Native Method)
java.util.concurrent.locks.LockSupport.park(LockSupport.java:175)
java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.await(AbstractQueuedSynchronizer.java:2039)
java.util.concurrent.ArrayBlockingQueue.take(ArrayBlockingQueue.java:403)
org.apache.logging.log4j.core.appender.AsyncAppender$AsyncThread.run(AsyncAppender.java:282)

立即下游错误是:

14-May-2019 21:21:23.989 SEVERE [localhost-startStop-1] org.apache.catalina.loader.WebappClassLoaderBase.checkThreadLocalMapForLeaks The web application [ROOT] created a ThreadLocal with key of type [com.hazelcast.internal.util.ThreadLocalRandom$1] (value [com.hazelcast.internal.util.ThreadLocalRandom$1@4379b697]) and a value of type [com.hazelcast.internal.util.ThreadLocalRandom] (value [com.hazelcast.internal.util.ThreadLocalRandom@37d77b2b]) but failed to remove it when the web application was stopped. Threads are going to be renewed over time to try and avoid a probable memory leak.
14-May-2019 21:21:24.006 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/var/lib/tomcat8/webapps/ROOT] has finished in [16,904] ms

相关部分MoquiActualConf是:

Relevant parts MoquiActualConf are:

   ...
    <default-property name="webapp_http_host" value="[OUR_IP_HERE]"/>
    <default-property name="webapp_http_port" value="80"/>
    <default-property name="webapp_https_port" value="443"/>
    <default-property name="webapp_https_enabled" value="true"/>
    <default-property name="entity_ds_db_conf" value="h2"/>
    <default-property name="entity_ds_host" value="localhost"/>
    <default-property name="entity_ds_port" value=""/>
    <default-property name="entity_ds_database" value="moqui"/>
    <default-property name="entity_ds_url" value="jdbc:h2:${moqui_runtime}/db/h2/${entity_ds_database};lock_timeout=30000"/>
    <default-property name="entity_ds_schema" value=""/>
    <default-property name="entity_ds_user" value="sa"/>
    <default-property name="entity_ds_password" value="sa"/>
    ...
        <webapp name="webroot" http-port="80" http-host="[OUR_IP_HERE]" https-port="443" https-host="[OUR_IP_HERE]" https-enabled="true" require-session-token="true" websocket-timeout="600000">
            <root-screen host=".*" location="component://webroot/screen/webroot.xml"/>
            <error-screen error="unauthorized" screen-path="error/Unauthorized"/>
            <error-screen error="forbidden" screen-path="error/Forbidden"/>
            <error-screen error="not-found" screen-path="error/NotFound"/>
            <error-screen error="too-many" screen-path="error/TooMany"/>
            <error-screen error="internal-error" screen-path="error/InternalError"/>
            <listener class="org.moqui.impl.webapp.MoquiSessionListener"/>
            <servlet name="MoquiServlet" class="org.moqui.impl.webapp.MoquiServlet" load-on-startup="1">
                <url-pattern><![CDATA[/*]]></url-pattern>
            </servlet>
            <servlet name="MoquiFopServlet" class="org.moqui.impl.webapp.MoquiFopServlet" load-on-startup="1">
                <url-pattern><![CDATA[/fop/*]]></url-pattern>
            </servlet>
            <session-config timeout="60"/>
            <endpoint path="/notws" class="org.moqui.impl.webapp.NotificationEndpoint" timeout="3600000" enabled="true"/>
    ...

我一直在研究EC2实例的Tomcat胆量

I've been digging around in the Tomcat guts of the EC2 instance for three days now and come up with nothing so would really appreciate some help.

PS:在不相关的注释上,由于某种原因,MoquiActualConf被MoquiProductionConf而不是

PS: On an unrelated note, for some reason, MoquiActualConf is being overridden by MoquiProductionConf rather than MoquiTestConf as specified in the Procfile.

web: java -Xmx1024M -cp . MoquiStart port=8080 conf=conf/MoquiTestConf.xml

我不认为这是导致问题,但在指向生产数据库等时会导致问题。

I don't think this is the cause of the issue but will cause problems down the line when pointing to production db, etc.

推荐答案

我设法在AWS中制作Moqui实例通过设置ec2负载平衡器,可通过HTTPS访问EB。显而易见,Moqui的码头监听端口5000,ec2 Nginx监听端口80(并将其转发到端口5000),ec2负载均衡器监听端口80和443(并将其转发到ec2 Nginx端口80)。
如果您不想使用负载均衡器,则可以设置ec2 Nginx来侦听HTTPS,并将其转发到Moqui的码头端口5000,就像Nginx HTTP一样。
最不推荐的方法是通过环境变量传递一些https jetty的参数,可能需要在MoquiStart中进行一些小的更改。几年前,我不记得详细信息,但是Jetty能够以这种方式提供HTTPS。

I manage to make Moqui instance in AWS EB accessible via HTTPS by setting up the ec2 load balancer. To point the obvious, Moqui's jetty listening to port 5000, ec2 Nginx listens to port 80 (and forward it to port 5000), ec2 load balancer listens to port 80 and 443 (and forward it to ec2 Nginx port 80).If you don't want to use load balancer you can setup ec2 Nginx to listen for HTTPS and forward it to Moqui's jetty port 5000 the same way Nginx HTTP does.The least preferred way is passing some https jetty's parameters via environment variables, small changes might be needed in MoquiStart. It was years ago and I don't recall the detail but Jetty was able to serve HTTPS this way.

这篇关于Moqui在Elastic Beanstalk Tomcat实例上部署到AWS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!