HTTPS无法在Google Compute Engine上运行

本文介绍了HTTPS无法在Google Compute Engine上运行的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我想知道是否有人在Google Compute Engine（非GAE）实例上使用SSL和HTTPS。我无法在我的网站上使用HTTPS：浏览器和在线测试工具无法连接到我的服务器。

I would like to know if anybody has experience working with SSL and HTTPS on a Google Compute Engine (not GAE) instance. I have been unable to use HTTPS with my website: browsers and online test tools fail to connect to my server.

我的环境是ubuntu-1404-trusty-v20141212和Tomcat 8。

My environment is ubuntu-1404-trusty-v20141212 and Tomcat 8.

这是我做的：

• 我勾选了允许HTTP实例网络设置中的允许HTTPS流量
• 已安装我的4美元Comodo证书。
• 在 server.xml 上使用原样连接器配置，只添加了密钥库和密码

• I ticked "allow HTTP" and "allow HTTPS traffic" on the instance's network settings
• Installed my $4 Comodo certs.
• Used as-is Connector configuration on server.xml with only keystore and password added

< Connector port =8443 protocol =org.apache.coyote.http11.Http11NioProtocol maxThreads = 150SSLEnabled =truescheme =httpssecure =true clientAuth =falsesslProtocol =TLS keystoreFile =/ etc / ssl / private / tomcat.keystore keystorePass =password />

我启动Tomcat时遇到上述错误到 mysite:8443 。一些诊断是：

I get the aforementioned error when I start my Tomcat and go to mysite:8443. Some diagnostics are:

• 日志 catalina.out 没有说严重的事情。

• 使用 netstat -ntlp | grep：8443

• Log catalina.out doesn't say anything severe.

• Using netstat -ntlp |grep :8443

tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN 8500 / java 显示我的tomcat正在收听8443

tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN 8500/java shows my tomcat is listening at 8443

最后，我创建了一个具有相同环境的AWS EC2实例，并安装了我的SSL证书。它立即工作，没有任何修补端口和防火墙。 有关如何使SSL在GCE上工作的任何建议都表示赞赏。

Finally I created an AWS EC2 instance with the same environment and installed my SSL certificates. It immediately works without any tinkering with port and firewall. Any advice on how to make SSL work on GCE is appreciated.

推荐答案

自己想出来。怀疑，这确实与防火墙有关。 在GCE实例中允许HTTPS流量时，默认端口为443而不是8443. 更改侦听端口或更改防火墙规则：

Figured it out myself. As suspected, this does have something to do with firewall. When allowing HTTPS traffic in a GCE instance, the default port is 443 not 8443. Either change the listening port or change the firewall rule here:

Google Developers Console-> Compute Engine-> Networks->该实例所关联的网络名称 - >防火墙规则。

Google Developers Console->Compute Engine->Networks->the network's name the instance is associated with->Firewall rules.

列出了几条规则，在我的情况下我需要修改 default-allow-https

Several rules are listed, in my case I need to modify default-allow-https