Web项目配置https

具体命令

keytool -genkey -storetype PKCS12 -keysize 2048 -alias tomcat -keyalg RSA -keystore ./tomcat.keystore

 

命令说明

-genkey 生成密钥

-alias tomcat(别名) 

-keypass 123456(别名密码) 

-keyalg RSA(算法) 

-keysize 2048(密钥长度) 

-validity 365(有效期，天单位) 

-keystore tomcat.keystore(指定生成证书的位置和证书名称) 

-storepass 123456(获取keystore信息的密码)

执行过程

 

得到了tomcat.keystore之后将证书放置到项目根目录

定义HTTPS的配置类

import org.apache.catalina.Context; import org.apache.catalina.connector.Connector; import org.apache.tomcat.util.descriptor.web.SecurityCollection; import org.apache.tomcat.util.descriptor.web.SecurityConstraint; import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration;
 @Configuration public class HttpsConfiguration {  @Bean public TomcatServletWebServerFactory servletContainer() { TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() { @Override protected void postProcessContext(Context context) { SecurityConstraint constraint = new SecurityConstraint(); constraint.setUserConstraint("CONFIDENTIAL"); SecurityCollection collection = new SecurityCollection(); collection.addPattern("/*"); constraint.addCollection(collection); context.addConstraint(constraint); } }; tomcat.addAdditionalTomcatConnectors(httpConnector()); return tomcat; } @Bean public Connector httpConnector() { Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); connector.setScheme("http"); //Connector监听的http的端口号
        connector.setPort(6161); connector.setSecure(false); //监听到http的端口号后转向到的https的端口号
        connector.setRedirectPort(8843); return connector; } }

 

配置.properties.yml

并复制到springboot项目的resource目录下

server.ssl.key-store=tomcat.keystore server.ssl.key-store-password=123456 server.ssl.key-store-type=PKCS12 server.ssl.key-alias=tomcat

 

但是以上方式生成的证书是不受浏览器信任的证书

 

向腾讯云申请一年的免费的证书

阿里云也可以

免费一年证书（推荐）：https://buy.cloud.tencent.com/ssl?fromSource=ssl

 

配置端口转发

import org.apache.catalina.Context; import org.apache.catalina.connector.Connector; import org.apache.tomcat.util.descriptor.web.SecurityCollection; import org.apache.tomcat.util.descriptor.web.SecurityConstraint; import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; /** * @author wzm * @version 1.0.0 * @date 2019/6/27 12:27 **/ @Configuration public class HttpsConfiguration { @Value("${server.port}") private  int sPort; @Value("${http.port}") private  int hPort; @Bean public TomcatServletWebServerFactory servletContainer() { TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() { @Override protected void postProcessContext(Context context) { SecurityConstraint constraint = new SecurityConstraint(); constraint.setUserConstraint("CONFIDENTIAL"); SecurityCollection collection = new SecurityCollection(); collection.addPattern("/*"); constraint.addCollection(collection); context.addConstraint(constraint); } }; tomcat.addAdditionalTomcatConnectors(httpConnector()); return tomcat; }
 @Bean public Connector httpConnector() { //org.apache.coyote.http2.Http2Protocol //org.apache.coyote.http11.Http11NioProtocol
        Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); connector.setScheme("http"); //Connector监听的http的端口号
 connector.setPort(hPort); connector.setSecure(false); //监听到http的端口号后转向到的https的端口号
 connector.setRedirectPort(sPort); return connector; } }

 

spring-boot配置

server:
  port: 8084
  servlet.context-path: /tldollar
  ssl:
    key-store: classpath:2421151_www.esbug.com.pfx
    key-store-password: gHkFz29P
http:
  port: 8080