问题描述
我想知道是否有人在Google Compute Engine(非GAE)实例上使用SSL和HTTPS。我无法在我的网站上使用HTTPS:浏览器和在线测试工具无法连接到我的服务器。
I would like to know if anybody has experience working with SSL and HTTPS on a Google Compute Engine (not GAE) instance. I have been unable to use HTTPS with my website: browsers and online test tools fail to connect to my server.
我的环境是ubuntu-1404-trusty-v20141212和Tomcat 8。
My environment is ubuntu-1404-trusty-v20141212 and Tomcat 8.
这是我做的:
- 我勾选了允许HTTP实例网络设置中的允许HTTPS流量
- 已安装我的4美元Comodo证书。
- 在
server.xml
上使用原样连接器配置,只添加了密钥库和密码
- I ticked "allow HTTP" and "allow HTTPS traffic" on the instance's network settings
- Installed my $4 Comodo certs.
- Used as-is Connector configuration on
server.xml
with only keystore and password added
< Connector port =8443
protocol =org.apache.coyote.http11.Http11NioProtocol
maxThreads = 150SSLEnabled =truescheme =httpssecure =true
clientAuth =falsesslProtocol =TLS
keystoreFile =/ etc / ssl / private / tomcat.keystore
keystorePass =password
/>
我启动Tomcat时遇到上述错误到 https://mysite.com:8443
。一些诊断是:
I get the aforementioned error when I start my Tomcat and go to https://mysite.com:8443
. Some diagnostics are:
- 日志
catalina.out
没有说严重的事情。 -
使用
netstat -ntlp | grep:8443
- Log
catalina.out
doesn't say anything severe. Using
netstat -ntlp |grep :8443
tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN 8500 / java
显示我的tomcat正在收听8443
tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN 8500/java
shows my tomcat is listening at 8443
最后,我创建了一个具有相同环境的AWS EC2实例,并安装了我的SSL证书。它立即工作,没有任何修补端口和防火墙。
有关如何使SSL在GCE上工作的任何建议都表示赞赏。
Finally I created an AWS EC2 instance with the same environment and installed my SSL certificates. It immediately works without any tinkering with port and firewall.Any advice on how to make SSL work on GCE is appreciated.
推荐答案
自己想出来。怀疑,这确实与防火墙有关。
在GCE实例中允许HTTPS流量时,默认端口为443而不是8443.
更改侦听端口或更改防火墙规则:
Figured it out myself. As suspected, this does have something to do with firewall.When allowing HTTPS traffic in a GCE instance, the default port is 443 not 8443.Either change the listening port or change the firewall rule here:
Google Developers Console-> Compute Engine-> Networks->该实例所关联的网络
名称 - >防火墙规则。
列出了几条规则,在我的情况下我需要修改 default-allow-https
Several rules are listed, in my case I need to modify default-allow-https
这篇关于HTTPS无法在Google Compute Engine上运行的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!