无法访问新安装EJBCA

Question

我刚刚完成了在野蝇上面安装ejbca社区版。EJBCA服务器是蔚蓝云中的VM。

在构建过程中，一切都进行得很顺利:每三个部署步骤都可以成功构建一次。

- ant deployear
- ant runinstall
- ant deploy-keystore) 

版本：

Wildfly 18.0
EJBCA 7.4.3.2 
Ant 1.10.10
Mysql  Ver 15.1 Distrib 10.3.27-MariaDB
JDBC connector : mariadb 2.7.3 
Debian 10 buster

但是我无法到达目的地。

https://<public ip address>:8443/ejbca/

错误信息：

    The connection has timed out
    
    The server at <my public ip @> is taking too long to respond.

因此，开始检查打开的不同端口：

    **remote** nmap scan from my local vm to the remote EJBCA VM : 

    nmap -Pn8080,22,8442,8443,9990,3306 52.188.59.103
    
    Host is up (0.037s latency).
    Not shown: 995 filtered ports
    PORT     STATE SERVICE
    21/tcp   open  ftp
    80/tcp   open  http
    443/tcp  open  https
    554/tcp  open  rtsp
    1723/tcp open  pptp
    
    Nmap done: 1 IP address (1 host up) scanned in 5.62 seconds

在EJBCA上，本地端口扫描显示端口8443和8080处于打开状态：

rDNS record for 127.0.0.1: localhost
Not shown: 996 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
3306/tcp open  mysql
8080/tcp open  http-proxy
8443/tcp open  https-alt

从我的ip到EJBCA主机的Azure连接测试对于每个被测试的端口都是可以的。

然而，在线端口检查显示端口8443和8442已关闭https://portchecker.co/

所以我不知道该相信哪个测试？

我试着禁用本地防火墙和代理，但没有起到任何作用。

当我试图访问EJBCA url时，我在ejbca服务器上做了一个tcpdump :但是没有显示任何内容。

我在这里错过了什么？我还能做什么测试？

编辑：

服务器日志：(错误和警告)

web管理错误：

 2021-06-14 13:00:07,332 ERROR [org.jboss.as.jsf] (MSC service thread 1-2) WFLYJSF0002: Could not load JSF managed bean class: org.ejbca.ui.web.admin.peerconnector.PeerConnectorsMBean
2021-06-14 13:00:07,433 ERROR [org.jboss.as.jsf] (MSC service thread 1-2) WFLYJSF0002: Could not load JSF managed bean class: org.ejbca.ui.web.admin.peerconnector.PeerConnectorMBean

被反对的民族解放组织：

2021-06-14 13:00:14,598 WARN  [org.jboss.weld.Bootstrap] (MSC service thread 1-4) WELD-000146: BeforeBeanDiscovery.addAnnotatedType(AnnotatedType<?>) used for class com.sun.faces.flow.FlowDiscoveryCDIHelper is deprecated from CDI 1.1!

严重错误：

2021-06-14 13:00:15,967 SEVERE [javax.enterprise.resource.webcontainer.jsf.flow] (MSC service thread 1-4) Unable to obtain CDI 1.1 utilities for Mojarra
2021-06-14 13:00:15,971 SEVERE [javax.enterprise.resource.webcontainer.jsf.application.view] (MSC service thread 1-4) Unable to obtain CDI 1.1 utilities for Mojarra

警告：

2021-06-14 13:00:16,770 INFO  [org.ejbca.core.ejb.StartupSingletonBean] (ServerService Thread Pool -- 94) Init, EJBCA 7.4.3.2 Community (67479006a69140e81d66e39871bed8255362effc) startup.
2021-06-14 13:00:16,780 WARN  [io.undertow.servlet] (ServerService Thread Pool -- 66) UT015020: Path /* is secured for some HTTP methods, however it is not secured for [HEAD, POST, GET]
2021-06-14 13:00:16,780 WARN  [io.undertow.servlet] (ServerService Thread Pool -- 73) UT015020: Path /* is secured for some HTTP methods [...] 

Answer 1

在启动期间，WildFly应该记录如下内容，这样您就可以验证WildFly是否配置为侦听所有IP的端口。

16:58:12,890 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-7) WFLYUT0006: Undertow HTTPS listener httpspriv listening on 0.0.0.0:8443
16:58:12,920 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-8) WFLYUT0006: Undertow HTTPS listener httpspub listening on 0.0.0.0:8442

您还可以尝试连接到端口8442，以检查问题不在于浏览器中没有客户端证书。