具體命令
keytool -genkey -storetype PKCS12 -keysize 2048 -alias tomcat -keyalg RSA -keystore ./tomcat.keystore
命令說明
-genkey 生成密鑰
-alias tomcat(別名)
-keypass 123456(別名密碼)
-keyalg RSA(算法)
-keysize 2048(密鑰長度)
-validity 365(有效期,天單位)
-keystore tomcat.keystore(指定生成證書的位置和證書名稱)
-storepass 123456(獲取keystore信息的密碼)
執行過程
得到了tomcat.keystore之后將證書放置到項目根目錄
定義HTTPS的配置類
import org.apache.catalina.Context; import org.apache.catalina.connector.Connector; import org.apache.tomcat.util.descriptor.web.SecurityCollection; import org.apache.tomcat.util.descriptor.web.SecurityConstraint; import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration;
@Configuration public class HttpsConfiguration { @Bean public TomcatServletWebServerFactory servletContainer() { TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() { @Override protected void postProcessContext(Context context) { SecurityConstraint constraint = new SecurityConstraint(); constraint.setUserConstraint("CONFIDENTIAL"); SecurityCollection collection = new SecurityCollection(); collection.addPattern("/*"); constraint.addCollection(collection); context.addConstraint(constraint); } }; tomcat.addAdditionalTomcatConnectors(httpConnector()); return tomcat; } @Bean public Connector httpConnector() { Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); connector.setScheme("http"); //Connector監聽的http的端口號
connector.setPort(6161); connector.setSecure(false); //監聽到http的端口號后轉向到的https的端口號
connector.setRedirectPort(8843); return connector; } }
配置.properties.yml
並復制到springboot項目的resource目錄下
server.ssl.key-store=tomcat.keystore server.ssl.key-store-password=123456 server.ssl.key-store-type=PKCS12 server.ssl.key-alias=tomcat
但是以上方式生成的證書是不受瀏覽器信任的證書
向騰訊雲申請一年的免費的證書
阿里雲也可以
配置端口轉發
import org.apache.catalina.Context; import org.apache.catalina.connector.Connector; import org.apache.tomcat.util.descriptor.web.SecurityCollection; import org.apache.tomcat.util.descriptor.web.SecurityConstraint; import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; /** * @author wzm * @version 1.0.0 * @date 2019/6/27 12:27 **/ @Configuration public class HttpsConfiguration { @Value("${server.port}") private int sPort; @Value("${http.port}") private int hPort; @Bean public TomcatServletWebServerFactory servletContainer() { TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() { @Override protected void postProcessContext(Context context) { SecurityConstraint constraint = new SecurityConstraint(); constraint.setUserConstraint("CONFIDENTIAL"); SecurityCollection collection = new SecurityCollection(); collection.addPattern("/*"); constraint.addCollection(collection); context.addConstraint(constraint); } }; tomcat.addAdditionalTomcatConnectors(httpConnector()); return tomcat; }
@Bean public Connector httpConnector() { //org.apache.coyote.http2.Http2Protocol //org.apache.coyote.http11.Http11NioProtocol
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); connector.setScheme("http"); //Connector監聽的http的端口號
connector.setPort(hPort); connector.setSecure(false); //監聽到http的端口號后轉向到的https的端口號
connector.setRedirectPort(sPort); return connector; } }
spring-boot配置
server:
port: 8084
servlet.context-path: /tldollar
ssl:
key-store: classpath:2421151_www.esbug.com.pfx
key-store-password: gHkFz29P
http:
port: 8080