Web项目配置https

具体命令

keytool -genkey -storetype PKCS12 -keysize 2048 -alias tomcat -keyalg RSA -keystore ./tomcat.keystore
 

命令说明

-genkey 生成密钥

-alias tomcat(别名) 

-keypass 123456(别名密码) 

-keyalg RSA(算法) 

-keysize 2048(密钥长度) 

-validity 365(有效期,天单位) 

-keystore tomcat.keystore(指定生成证书的位置和证书名称) 

-storepass 123456(获取keystore信息的密码)

执行过程

 
得到了tomcat.keystore之后将证书放置到项目根目录

定义HTTPS的配置类

import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class HttpsConfiguration {

    @Bean
    public TomcatServletWebServerFactory servletContainer() {
        TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
            @Override
            protected void postProcessContext(Context context) {
                SecurityConstraint constraint = new SecurityConstraint();
                constraint.setUserConstraint("CONFIDENTIAL");
                SecurityCollection collection = new SecurityCollection();
                collection.addPattern("/*");
                constraint.addCollection(collection);
                context.addConstraint(constraint);
            }
        };
        tomcat.addAdditionalTomcatConnectors(httpConnector());
        return tomcat;
    }
    @Bean
    public Connector httpConnector() {
        Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
        connector.setScheme("http");
        //Connector监听的http的端口号
        connector.setPort(6161);
        connector.setSecure(false);
        //监听到http的端口号后转向到的https的端口号
        connector.setRedirectPort(8843);
        return connector;
    }
}

 

配置.properties.yml

并复制到springboot项目的resource目录下
server.ssl.key-store=tomcat.keystore 
server.ssl.key-store-password=123456 
server.ssl.key-store-type=PKCS12 
server.ssl.key-alias=tomcat
 
但是以上方式生成的证书是不受浏览器信任的证书
 
向腾讯云申请一年的免费的证书
阿里云也可以
免费一年证书(推荐):https://buy.cloud.tencent.com/ssl?fromSource=ssl
 

配置端口转发

import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
/**
* @author wzm
* @version 1.0.0
* @date 2019/6/27 12:27
**/
 
@Configuration
public class HttpsConfiguration {
 
    @Value("${server.port}")
    private  int sPort;
 
    @Value("${http.port}")
    private  int hPort;
 
    @Bean
    public TomcatServletWebServerFactory servletContainer() {
        TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
            @Override
            protected void postProcessContext(Context context) {
                SecurityConstraint constraint = new SecurityConstraint();
                constraint.setUserConstraint("CONFIDENTIAL");
                SecurityCollection collection = new SecurityCollection();
                collection.addPattern("/*");
                constraint.addCollection(collection);
                context.addConstraint(constraint);
            }
        };
        tomcat.addAdditionalTomcatConnectors(httpConnector());
        return tomcat;
    }

    @Bean
    public Connector httpConnector() {
        //org.apache.coyote.http2.Http2Protocol
        //org.apache.coyote.http11.Http11NioProtocol
        Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
        connector.setScheme("http");
        //Connector监听的http的端口号
        connector.setPort(hPort);
        connector.setSecure(false);
        //监听到http的端口号后转向到的https的端口号
        connector.setRedirectPort(sPort);
        return connector;
    }
}
 

spring-boot配置

server:
  port: 8084
  servlet.context-path: /tldollar
  ssl:
    key-store: classpath:2421151_www.esbug.com.pfx
    key-store-password: gHkFz29P
http:
  port: 8080
posted @ 2019-12-16 22:27  itwetouch  阅读(1279)  评论(0编辑  收藏  举报