How to make netty support both HTTP and HTTPS
adding a built-in SslHandler to netty can support HTTPS, but there are problems with using HTTP access after it is added.
how can you support the use of two protocols in one port in parallel, such as determining the use of HTTPS protocol in an event and then adding SslHandler to pipeline.
SelfSignedCertificate ssc = new SelfSignedCertificate();
SslContext sslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).build();
SSLEngine sslEngine = sslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
ch.pipeline().addFirst( new SslHandler(sslEngine));
allows the same port to listen to two different protocols, which is itself a bad design. Generally, 80
port provides HTTP
protocol, and 443
port provides HTTPS
protocol. However, Netty
has provided SSL
and non-SSL
utility classes with the same port support OptionalSslHandler
.
refer to https://github.com/. Netty/nett...
according to node how to enable a port to support both https and http , the first bit of the https data stream described in this article is hexadecimal" 16 ", and the conversion to decimal is 22
. The first bit of data read is judged to dynamically add ChannelHandler.
.childHandler(new ChannelInitializer<NioSocketChannel>() {
protected void initChannel(final NioSocketChannel ch) throws Exception {
ch.pipeline().addFirst(new ChannelInboundHandlerAdapter() {
@Override
public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {
if (((ByteBuf) msg).getByte(0) == 22) {
SelfSignedCertificate ssc = new SelfSignedCertificate();
SslContext sslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).build();
SSLEngine sslEngine = sslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
// https HttpServerCodec
ctx.pipeline().addBefore("HttpServerCodec", "sslHandler", new SslHandler(sslEngine));
}
ctx.pipeline().remove(this);
super.channelRead(ctx, msg);
}
});
ch.pipeline().addLast("HttpServerCodec", new HttpServerCodec());
ch.pipeline().addLast("aggregator", new HttpObjectAggregator(10 * 1024 * 1024));
ch.pipeline().addLast(new HttpServerHandler());
}
});
conversely, add sslHandler before removing
.childHandler(new ChannelInitializer<NioSocketChannel>() {
protected void initChannel(final NioSocketChannel ch) throws Exception {
ch.pipeline().addFirst(new ChannelInboundHandlerAdapter() {
@Override
public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {
if (((ByteBuf) msg).getByte(0) != 22) {
// sslHandler
ctx.pipeline().remove("sslHandler");
}
ctx.pipeline().remove(this);
super.channelRead(ctx, msg);
}
});
SelfSignedCertificate ssc = new SelfSignedCertificate();
SslContext sslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).build();
SSLEngine sslEngine = sslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
ch.pipeline().addLast( "sslHandler", new SslHandler(sslEngine));
ch.pipeline().addLast("HttpServerCodec", new HttpServerCodec());
ch.pipeline().addLast("aggregator", new HttpObjectAggregator(10 * 1024 * 1024));
ch.pipeline().addLast(new HttpServerHandler());
}
});