SpringBoot-v2.x.x部署SSL证书
准备SSL证书——xxx.pfx格式
阿里云申请免费的SSL即可,把域名绑定的SSL证书下载到本机桌面上,如下:
说明:两个证书文件(仅本次下载有效)
——xxx.pfx:证书源文件
——xxx.txt:证书唯一密码
拷贝证书文件至SpringBoot工程
解压证书压缩包文件,两个文件复制到SpirngBoot项目工程的resources资源根目录下:
SpringBoot配置文件.yml——引入SSL证书参数
application.yml:添加配置参数
# 端口
server:
# 默认访问端口443。作用:访问https时,不需要添加端口443: https://域名
# 例如:”port: 8443“ 时,https访问时,需要添加端口8443: https://域名:8443
port: 8443
tomcat:
# tomcat的URI编码
uri-encoding: UTF-8
# tomcat最大线程数,默认为200
max-threads: 1000
# Tomcat启动初始化的线程数,默认值25
min-spare-threads: 30
#开启https认证配置,我这里用的是.jsk证书,tomcat证书也一样能用
# ssl:
# # resources根目录的”证书源文件.pfx“
# key-store: classpath:xxx.pfx
# # “.pfx”证书对应格式"PKCS12",“.jks"证书对应“JKS”
# key-store-type: PKCS12
# # ”.txt“证书密码
# key-store-password: xxx
# client-auth: none
#开启https认证配置
ssl:
# resources根目录的”证书源文件.pfx“
key-store: classpath:xxx.jks
# ”.txt“证书密码
key-store-password: xxx
# “.pfx”证书对应格式"PKCS12",“.jks"证书对应“JKS”
key-store-type: JKS
#是否开启服务端认证为关闭
client-auth: none
SpringBoot配置Application启动类
配置步骤:获取Tomcat工厂实例tomcat ——自定义连接参数createHTTPConnector方法——return返回连接信息给方法——add添加至tomcat实例——return返回添加信息给tomcat工厂
import lombok.extern.slf4j.Slf4j;
import org.apache.catalina.connector.Connector;
import org.mybatis.spring.annotation.MapperScan;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.core.env.Environment;
import org.springframework.scheduling.annotation.EnableScheduling;
import org.springframework.util.SocketUtils;
import java.net.InetAddress;
//@SpringBootApplication(exclude = {DruidDataSourceAutoConfigure.class})
@SpringBootApplication
@MapperScan("com.xxx.gds.mapper")
@Slf4j
@EnableScheduling
public class GdsMiniApplication {
public static void main(String[] args) throws Exception {
ConfigurableApplicationContext application = SpringApplication.run(GdsMiniApplication.class, args);
Environment env = application.getEnvironment();
log.info("\n----------------------------------------------------------\n\t" +
"Application '{}' is running! Access URLs:\n\t" +
"Login: \thttp://{}:{}/login\n\t" +
"Doc: \thttp://{}:{}/doc.html\n" +
"----------------------------------------------------------",
env.getProperty("spring.application.name"),
InetAddress.getLocalHost().getHostAddress(),
env.getProperty("server.port"),
InetAddress.getLocalHost().getHostAddress(),
env.getProperty("server.port"));
}
//SpringBoot-v2.0+配置方式
@Bean
public ServletWebServerFactory servletContainer() {
//创建Tomcat服务器工厂实例
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory();
//添加此tomcat实例其它连接参数
tomcat.addAdditionalTomcatConnectors(createHTTPConnector());
return tomcat;
}
/**
* 配置tomcat自定义连接参数
* @return
*/
private Connector createHTTPConnector() {
//Connector port有两种运行模式(NIO和APR),选择NIO模式:protocol="org.apache.coyote.http11.Http11NioProtocol"
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
//同时启用http(8080)、https(8443)两个端口
connector.setScheme("http");
//设置安全连接标志,该标志将被分配给通过该连接接收的请求
//secure新的安全连接标志
//如果connector.setSecure(true),则http使用http, https使用https; 分离状态,因此设置false
connector.setSecure(false);
//http默认端口
connector.setPort(80);
//重定向证书端口443,便于http自动跳转https
connector.setRedirectPort(8443);
return connector;
}