Java 窗口10让tomcat 9在https上工作_Java_Eclipse_Tomcat9

Java 窗口10让tomcat 9在https上工作

java eclipse

Java 窗口10让tomcat 9在https上工作,java,eclipse,tomcat9,Java,Eclipse,Tomcat9,我的目标是使用javascript webkitGetUserMedia访问网络摄像头，并在局域网上使用java WebSocket。我将apache-tomcat-9.0.20与apache-maven-3.6.3和EclipseIDE结合使用。我可以很好地访问网络上的http。但是，使用https，我只能在服务器上访问。我已尝试关闭防火墙，将默认主机名更改为服务器计算机名。但没有什么能起作用。请记住，网络摄像头需要使用https，我可以通过apache服务在我的web中使用我的代码，只需将j

我的目标是使用javascript webkitGetUserMedia访问网络摄像头，并在局域网上使用java WebSocket。我将apache-tomcat-9.0.20与apache-maven-3.6.3和EclipseIDE结合使用。我可以很好地访问网络上的http。但是，使用https，我只能在服务器上访问。我已尝试关闭防火墙，将默认主机名更改为服务器计算机名。但没有什么能起作用。请记住，网络摄像头需要使用https，我可以通过apache服务在我的web中使用我的代码，只需将jsp更改为php，所以我真的怀疑这是防火墙问题

-> -> -> -> ->

首先，在示例配置中，您多次注册相同的端口2x8080和2x8443，因此服务器将在控制台中抛出错误

确保每个端口只注册一个连接器。另一方面，您将获得这样一个例外：

2020年2月27日01:56:22.744信息[main]org.apache.coyote.AbstractProtocol.init初始化ProtocolHandler[http-nio-8080] 2020年2月27日01:56:22.783信息[main]org.apache.coyote.AbstractProtocol.init初始化ProtocolHandler[http-nio-8080] 2020年2月27日01:56:22.795严重[main]org.apache.catalina.util.LifecycleBase.handleSubClassException未能初始化组件[Connector[HTTP/1.1-8080]] org.apache.catalina.LifecycleException:协议处理程序初始化失败位于org.apache.catalina.connector.connector.initInternalConnector.java:983 位于org.apache.catalina.util.LifecycleBase.initLifecycleBase.java:136 位于org.apache.catalina.core.StandardService.initInternalStandardService.java:533 位于org.apache.catalina.util.LifecycleBase.initLifecycleBase.java:136 位于org.apache.catalina.core.StandardServer.initInternalStandardServer.java:1059 位于org.apache.catalina.util.LifecycleBase.initLifecycleBase.java:136 位于org.apache.catalina.startup.catalina.loadCatalina.java:584 位于org.apache.catalina.startup.catalina.startCatalina.java:621 在sun.reflect.NativeMethodAccessorImpl.invoke0Native方法中位于sun.reflect.NativeMethodAccessorImpl.invokeNativeMethodAccessorImpl.java:62 在sun.reflect.DelegatingMethodAccessorImpl.invokeDelegatingMethodAccessorImpl.java:43 位于java.lang.reflect.Method.invokeMethod.java:498 位于org.apache.catalina.startup.Bootstrap.startBootstrap.java:344 位于org.apache.catalina.startup.Bootstrap.mainBootstrap.java:475 原因：java.net.BindException:地址已在使用中在sun.nio.ch.Net.bind0Native方法中位于sun.nio.ch.Net.bindNet.java:433 位于sun.nio.ch.Net.bindNet.java:425 位于sun.nio.ch.serversocketchannelmp.bindserversocketchannelmp.java:223 位于sun.nio.ch.ServerSocketAdaptor.bindServerSocketAdaptor.java:74 位于org.apache.tomcat.util.net.NioEndpoint.initServerSocketNioEndpoint.java:248 位于org.apache.tomcat.util.net.niodendpoint.bindnoiendpoint.java:222 位于org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanupAbstractEndpoint.java:1119 位于org.apache.tomcat.util.net.AbstractEndpoint.initAbstractEndpoint.java:1132 位于org.apache.coyote.AbstractProtocol.initAbstractProtocol.java:557 位于org.apache.coyote.http11.AbstractHttp11Protocol.initAbstractHttp11Protocol.java:74 位于org.apache.catalina.connector.connector.initInternalConnector.java:980 ... 还有13个

因此，您应该为端口8080选择以下配置之一：

<!-- A "Connector" represents an endpoint by which requests are received
     and responses are returned. Documentation at :
     Java HTTP Connector: /docs/config/http.html
     Java AJP  Connector: /docs/config/ajp.html
     APR (HTTP/AJP) Connector: /docs/apr.html
     Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
-->
<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>
<!-- A "Connector" using the shared thread pool-->

<!--<Connector connectionTimeout="20000" executor="tomcatThreadPool" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>-->

或使用共享线程池：

<!-- A "Connector" represents an endpoint by which requests are received
     and responses are returned. Documentation at :
     Java HTTP Connector: /docs/config/http.html
     Java AJP  Connector: /docs/config/ajp.html
     APR (HTTP/AJP) Connector: /docs/apr.html
     Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
-->
<!--<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>-->
<!-- A "Connector" using the shared thread pool-->

<Connector connectionTimeout="20000" executor="tomcatThreadPool" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>

类似的情况，对于SSL端口8443：

    <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 This connector uses 
        the NIO implementation. The default SSLImplementation will depend on the 
        presence of the APR/native library and the useOpenSSL attribute of the AprLifecycleListener. 
        Either JSSE or OpenSSL style configuration may be used regardless of the 
        SSLImplementation selected. JSSE style configuration is used below. -->

    <Connector SSLEnabled="true" maxThreads="150" port="8443"
        protocol="org.apache.coyote.http11.Http11NioProtocol">
        <SSLHostConfig>
            <Certificate
                certificateChainFile="C:\Users\spjpi\Desktop\localhost.pkipath"
                certificateFile="C:\Users\spjpi\Desktop\localhost.cer"
                certificateKeyFile="C:\Users\spjpi\Desktop\localhost.pem"
                type="RSA" />
        </SSLHostConfig>
    </Connector>

    <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2 This 
        connector uses the APR/native implementation which always uses OpenSSL for 
        TLS. Either JSSE or OpenSSL style configuration may be used. OpenSSL style 
        configuration is used below. -->

    <!--<Connector SSLEnabled="true" maxThreads="150" port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol">
        <UpgradeProtocol
            className="org.apache.coyote.http2.Http2Protocol" />
        <SSLHostConfig>
            <Certificate
                certificateChainFile="C:\Users\spjpi\Desktop\localhost.pkipath"
                certificateFile="C:\Users\spjpi\Desktop\localhost.cer"
                certificateKeyFile="C:\Users\spjpi\Desktop\localhost.pem"
                type="RSA" />
        </SSLHostConfig>
    </Connector>-->

使用Http/2协议：

使用我自己的密钥库的有效示例配置可以是：

<?xml version="1.0" encoding="UTF-8"?>
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-->
<Server port="8005" shutdown="SHUTDOWN">
  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
  <!--APR library loader. Documentation at /docs/apr.html -->
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

  <GlobalNamingResources>
    <!-- Editable user database that can also be used by
         UserDatabaseRealm to authenticate users
    -->
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>

  <Service name="Catalina">

    <!--The connectors can use a shared executor, you can define one or more named thread pools-->
    <!--
    <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
        maxThreads="150" minSpareThreads="4"/>
    -->

    <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true">
        <SSLHostConfig>
            <Certificate certificateKeystoreFile="/Users/myuser/dev/keystore/keystore-dev.jks"
              certificateKeyAlias="localhost" certificateKeystorePassword="localhost"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>

    <!-- Define an AJP 1.3 Connector on port 8009 -->
    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

    <Engine name="Catalina" defaultHost="localhost">

      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
           via a brute-force attack -->
      <Realm className="org.apache.catalina.realm.LockOutRealm">
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
               resourceName="UserDatabase"/>
      </Realm>

      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />
      </Host>
    </Engine>
  </Service>
</Server>

如果所有配置都正常，启动服务器，您将在日志中看到如下内容：

2020年2月27日02:15:14.234信息[主要] org.apache.coyote.AbstractProtocol.init初始化ProtocolHandler [http-nio-8080]27-Feb-2020 02:15:14.268信息[主要] org.apache.coyote.AbstractProtocol.init初始化ProtocolHandler [https-jsse-nio-8443]27-Feb-2020 02:15:14.473信息[主要] org.apache.coyote.AbstractProtocol.init初始化ProtocolHandler [ajp-nio-8009]2020年2月27日02:15:14.475信息[主要] org.apache.catalina.startup.catalina.load中的服务器初始化 [828]毫秒27-Feb-2020 02:15:14.500信息[主要] org.apache.catalina.core.StandardService.startInternal启动服务[Catalina]27-Feb-2020 02:15:14.500信息[main] org.apache.catalina.core.standardeengine.startInternal启动Servlet 引擎：[ApacheTomcat/9.0.20]

2020年2月27日02:15:15.144信息[主要] org.apache.coyote.AbstractProtocol.start启动ProtocolHandler [http-nio-8080]27-Feb-2020 02:15:15.158信息[主要] org.apache.coyote.AbstractProtocol.start启动ProtocolHandler [https-jsse-nio-8443]27-Feb-2020 02:15:15.164信息[主要] org.apache.coyote.AbstractProtocol.start启动ProtocolHandler [ajp-nio-8009]2020年2月27日02:15:15.166信息[main] org.apache.catalina.startup.catalina.start服务器在[690]中启动毫秒

之后，使用curl、wget等从浏览器或命令行本地测试服务器：

其中，您的_IP是您的服务器IP，例如192.168.0.1

如果您的证书是供开发使用的自签名证书，或者未经受信任的机构签名，则您的浏览器中会出现如下错误：您的连接不是私有的，例如ERR\u CERT\u authority\u INVALID。因此，您需要将您的证书放入受信任的证书存储中，接受不安全证书，或者使用受信任机构签署的生产就绪证书以获取有关以下内容的详细信息：

请记住，默认情况下，tomcat连接器将侦听所有本地服务器地址

请注意，如果要限制绑定IP地址，连接器具有可以使用IP指定的“地址”属性

从Tomcat参考：

地址

对于具有多个IP地址的服务器，此属性指定哪个地址将用于侦听指定端口。通过默认情况下，连接器将侦听所有本地地址。除非JVM 使用系统属性（基于Java的连接器NIO、NIO2将侦听IPv4和IPv6地址当配置为0.0.0.0或：：时。APR/本机连接器如果配置为0.0.0.0，将仅侦听IPv4地址，并且将侦听IPv6地址和IPv4地址（可选），具体取决于 ipv6onlyv6的设置，如果配置为：：

如果您无法使用提供的URL在本地访问服务器，请提供日志和错误消息

否则，如果您在本地成功访问所有这些URL，请从远程主机尝试：

检查服务器IP是否可从远程终端访问，例如ping 尝试在浏览器中访问和如果收到错误消息，您的连接不是专用连接，请按查看更多详细信息，然后按accept继续。在这种情况下，如前所述，请检查您的证书是否有效/未过期，以及权限是否在您的受信任证书中。如果您遇到另一种错误，请检查您的服务器和远程客户端/pc是否同时禁用了防火墙规则，并使用telnet检查远程端口访问。检查/etc/hosts和iptables配置。如果问题仍然存在，请提供更多信息。

希望有帮助，

首先，在示例配置中，您多次注册相同的端口2x8080和2x8443，因此您的服务器将在控制台中抛出错误

确保每个端口只注册一个连接器。另一方面，您将获得这样一个例外：

2020年2月27日01:56:22.744信息[main]org.apache.coyote.AbstractProtocol.init初始化ProtocolHandler[http-nio-8080] 2020年2月27日01:56:22.783信息[main]org.apache.coyote.AbstractProtocol.init初始化ProtocolHandler[http-nio-8080] 2020年2月27日01:56:22.795严重[main]org.apache.catalina.util.LifecycleBase.handleSubClassException未能初始化组件[Connector[HTTP/1.1-8080]] org.apache.catalina.LifecycleException:协议处理程序初始化失败位于org.apache.catalina.connector.connector.initInternalConnector.java:983 位于org.apache.catalina.util.LifecycleBase.initLifecycleBase.java:136 位于org.apache.catalina.core.StandardService.initInternalStandardService.java:533 位于org.apache.catalina.util.LifecycleBase.initLifecycleBase.java:136 位于org.apache.catalina.core.StandardServer.initInternalStandardServer.java:1059 位于org.apache.catalina.util.LifecycleBase.initLifecycleBase.java:136 位于org.apache.catalina.startup.catalina.loadCatalina.java:584 位于org.apache.catalina.startup.catalina.startCatalina.java:621 在sun.reflect.NativeMethodAccessorImpl.invoke0Native方法中位于sun.reflect.NativeMethodAccessorImpl.invokeNativeMethodAccessorImpl.java:62 在sun.reflect.DelegatingMethodAccessorImpl.invokeDelegatingMethodAccessorImpl.java:43 位于java.lang.reflect.Method.invokeMethod.java:498 位于org.apache.catalina.startup.Bootstrap.startBootstrap.java:344 位于org.apache.catalina.startup.Bootstrap.mainBootstrap.java:475 原因：java.net.BindException:地址已在使用中在sun.nio.ch.Net.bind0Native方法中位于sun.nio.ch.Net.bindNet.java:433 在太阳，nio.c h、 java:425 位于sun.nio.ch.serversocketchannelmp.bindserversocketchannelmp.java:223 位于sun.nio.ch.ServerSocketAdaptor.bindServerSocketAdaptor.java:74 位于org.apache.tomcat.util.net.NioEndpoint.initServerSocketNioEndpoint.java:248 位于org.apache.tomcat.util.net.niodendpoint.bindnoiendpoint.java:222 位于org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanupAbstractEndpoint.java:1119 位于org.apache.tomcat.util.net.AbstractEndpoint.initAbstractEndpoint.java:1132 位于org.apache.coyote.AbstractProtocol.initAbstractProtocol.java:557 位于org.apache.coyote.http11.AbstractHttp11Protocol.initAbstractHttp11Protocol.java:74 位于org.apache.catalina.connector.connector.initInternalConnector.java:980 ... 还有13个

因此，您应该为端口8080选择以下配置之一：

<!-- A "Connector" represents an endpoint by which requests are received
     and responses are returned. Documentation at :
     Java HTTP Connector: /docs/config/http.html
     Java AJP  Connector: /docs/config/ajp.html
     APR (HTTP/AJP) Connector: /docs/apr.html
     Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
-->
<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>
<!-- A "Connector" using the shared thread pool-->

<!--<Connector connectionTimeout="20000" executor="tomcatThreadPool" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>-->

或使用共享线程池：

<!-- A "Connector" represents an endpoint by which requests are received
     and responses are returned. Documentation at :
     Java HTTP Connector: /docs/config/http.html
     Java AJP  Connector: /docs/config/ajp.html
     APR (HTTP/AJP) Connector: /docs/apr.html
     Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
-->
<!--<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>-->
<!-- A "Connector" using the shared thread pool-->

<Connector connectionTimeout="20000" executor="tomcatThreadPool" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>

类似的情况，对于SSL端口8443：

    <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 This connector uses 
        the NIO implementation. The default SSLImplementation will depend on the 
        presence of the APR/native library and the useOpenSSL attribute of the AprLifecycleListener. 
        Either JSSE or OpenSSL style configuration may be used regardless of the 
        SSLImplementation selected. JSSE style configuration is used below. -->

    <Connector SSLEnabled="true" maxThreads="150" port="8443"
        protocol="org.apache.coyote.http11.Http11NioProtocol">
        <SSLHostConfig>
            <Certificate
                certificateChainFile="C:\Users\spjpi\Desktop\localhost.pkipath"
                certificateFile="C:\Users\spjpi\Desktop\localhost.cer"
                certificateKeyFile="C:\Users\spjpi\Desktop\localhost.pem"
                type="RSA" />
        </SSLHostConfig>
    </Connector>

    <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2 This 
        connector uses the APR/native implementation which always uses OpenSSL for 
        TLS. Either JSSE or OpenSSL style configuration may be used. OpenSSL style 
        configuration is used below. -->

    <!--<Connector SSLEnabled="true" maxThreads="150" port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol">
        <UpgradeProtocol
            className="org.apache.coyote.http2.Http2Protocol" />
        <SSLHostConfig>
            <Certificate
                certificateChainFile="C:\Users\spjpi\Desktop\localhost.pkipath"
                certificateFile="C:\Users\spjpi\Desktop\localhost.cer"
                certificateKeyFile="C:\Users\spjpi\Desktop\localhost.pem"
                type="RSA" />
        </SSLHostConfig>
    </Connector>-->

使用Http/2协议：

使用我自己的密钥库的有效示例配置可以是：

<?xml version="1.0" encoding="UTF-8"?>
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-->
<Server port="8005" shutdown="SHUTDOWN">
  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
  <!--APR library loader. Documentation at /docs/apr.html -->
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

  <GlobalNamingResources>
    <!-- Editable user database that can also be used by
         UserDatabaseRealm to authenticate users
    -->
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>

  <Service name="Catalina">

    <!--The connectors can use a shared executor, you can define one or more named thread pools-->
    <!--
    <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
        maxThreads="150" minSpareThreads="4"/>
    -->

    <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true">
        <SSLHostConfig>
            <Certificate certificateKeystoreFile="/Users/myuser/dev/keystore/keystore-dev.jks"
              certificateKeyAlias="localhost" certificateKeystorePassword="localhost"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>

    <!-- Define an AJP 1.3 Connector on port 8009 -->
    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

    <Engine name="Catalina" defaultHost="localhost">

      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
           via a brute-force attack -->
      <Realm className="org.apache.catalina.realm.LockOutRealm">
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
               resourceName="UserDatabase"/>
      </Realm>

      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />
      </Host>
    </Engine>
  </Service>
</Server>

如果所有配置都正常，启动服务器，您将在日志中看到如下内容：

之后，使用curl、wget等从浏览器或命令行本地测试服务器：

其中，您的_IP是您的服务器IP，例如192.168.0.1

请记住，默认情况下，tomcat连接器将侦听所有本地服务器地址

请注意，如果要限制绑定IP地址，连接器具有可以使用IP指定的“地址”属性

从Tomcat参考：

地址

如果您无法使用提供的URL在本地访问服务器，请提供日志和错误消息

否则，如果您在本地成功访问所有这些URL，请从远程主机尝试：

希望有帮助，

您能尝试在服务器上执行netstat-an并将输出发布到问题中吗？如果apache服务器为whitel，则可能是防火墙问题

已在端口8443上登录，而tomcat服务器未登录。您是否可以尝试在服务器上执行netstat-an并在问题中发布输出？如果apache服务器在端口8443上被列入白名单，而tomcat服务器未被列入白名单，则可能是防火墙问题。