參考 Spring Boot中啟動HTTPS ,https://www.website-solution.net/ssl-certificate/...Spring Boot中啟動HTTPS
SpringBoot 2.0.0新版和SpringBoot1.5.2版本中Tomcat配置的差別(坑),,Https系列之三:讓服務器同時支持http、https,基於spring boot
Spring Boot 配置 SSL 憑證的設定,,HTTP,HTTPS詳解以及get post區別,狀態碼
SSL Certificate(SSL 證書)
是數字證書的一種,類似於駕駛證,護照和營業執照的電子副本,因為配置在服務器上,也稱為SSL服務器證書。SSL 證書遵守SSL協議,由受信任的數字證書頒發機構,在驗證服務器身份后頒發,具有服務器身份驗證和數據傳輸加密功能。SSL證書給予網站HTTPS安全協議加密傳輸與信任功能。SSL證書是用於在Web服務器與瀏覽器以及客戶端之間建立加密鏈接的加密技術。通過配置和應用SSL證書來啟用HTTPS協議,來保證互聯網數據傳輸的安全,全球每天有數以億計的網站都是通過HTTPS來確保數據安全,保護用戶隱私。
1.獲取證書
這里自己用如下command 命令生成 並把生成的證書keystore.p12放在 src/main/resource文件夾下
keytool -genkey -alias tomcat -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650
生成證書過程如下,需要記住設置的 keystore password
2.添加依賴
<!-- https://mvnrepository.com/artifact/tomcat/tomcat-http11 -->
<dependency>
<groupId>tomcat</groupId>
<artifactId>tomcat-http11</artifactId>
<version>5.0.28</version>
</dependency>3. 在application.properties中配置HTTPS 這里密碼是生成證書時自己設置的密碼
#https
server.port=8443
server.ssl.key-store=classpath:keystore.p12
server.ssl.key-store-password=123456
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat4.將HTTP請求重定向到HTTPS(可選)
import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class ServletWebServerConfiguration {
@Bean
public ServletWebServerFactory servletContainer() {
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
@Override
protected void postProcessContext(Context context) {
// Due to CONFIDENTIAL and /*, this will cause Tomcat to redirect every request to HTTPS.
// You can configure multiple patterns and multiple constraints if you need more control over what is and is not redirected.
SecurityConstraint constraint = new SecurityConstraint();
constraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
constraint.addCollection(collection);
context.addConstraint(constraint);
}
};
tomcat.addAdditionalTomcatConnectors(httpConnector());
return tomcat;
}
@Bean
public Connector httpConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
connector.setPort(8080);
// if connector.setSecure(true),the http use the http and https use the https
// else if connector.setSecure(false),the http redirect to https;
connector.setSecure(true);
// redirectPort The redirect port number (non-SSL to SSL)
connector.setRedirectPort(8443);
return connector;
}
}5.啟動項目 會有如下log打出
o.s.boot.web.embedded.tomcat.TomcatWebServer - Tomcat started on port(s): 8443 (https) 8080 (http) with context path ''