[物語を忘れました]°のブログへようこそ

springboot添加ssl实现https访问(http自动跳转)

Step1

去搞一个证书,我的是腾讯买域名送的

Step2

下载jks格式的

Step3

放到项目的resource目录下的ssl文件夹下(需要new)

Step4

新建配置类,用于自动重定向到https

package club.shengcong.sendemail.config;

import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

/**
 * https配置类
 *
 * @author 金聖聰
 * @version v1.0
 * @email jinshengcong@163.com
 * @since Created in 2022/02/04 0:46
 */
@Configuration
public class HttpsConfiguration {
    @Value("${http-port}")
    private int port;

    @Value("${server.port}")
    private int sslPort;

    @Bean
    public ServletWebServerFactory servletContainer() {
        TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
            @Override
            protected void postProcessContext(Context context) {
                SecurityConstraint securityConstraint = new SecurityConstraint();
                securityConstraint.setUserConstraint("CONFIDENTIAL");
                SecurityCollection collection = new SecurityCollection();
                collection.addPattern("/*");
                securityConstraint.addCollection(collection);
                context.addConstraint(securityConstraint);
            }
        };
        tomcat.addAdditionalTomcatConnectors(redirectConnector());
        return tomcat;
    }

    private Connector redirectConnector() {
        Connector connector = new Connector(TomcatServletWebServerFactory.DEFAULT_PROTOCOL);
        connector.setScheme("http");
        connector.setPort(port);
        connector.setSecure(false);
        connector.setRedirectPort(sslPort);
        return connector;
    }
}

Step5

修改配置类

# https的端口
server.port=443
# SSL证书路径 一定要加上classpath:
server.ssl.key-store=classpath:ssl/XXX.jks
# SSL证书私钥
server.ssl.key-store-password=XXXX
# 证书类型
server.ssl.key-store-type=JKS
# http重定向https配置
http-port=80

# 项目路径
server.servlet.context-path=/XXX

Tips: 直接docker部署的时候端口号问题

需要同时开两个端口才能正常访问

-p 80:80 -p 443:443
posted @ 2022-02-05 00:39  故事我忘了°  阅读(258)  评论(0编辑  收藏  举报