/**
* Spring boot配置
*/
//1、生成jsk命令
keytool -importkeystore -srckeystore 读取绝对路径.pfx -destkeystore 存放的绝对路径.jks -srcstoretype PKCS12 -deststoretype JKS
//2、放到.yml配置文件同级目录下
//3、配置文件修改
server:
port: 443
ssl:
key-store: classpath:xxx.jks
key-store-password: 密码
key-alias: alias
key-store-type: JKS
//4、启动文件修改
@Bean
public TomcatServletWebServerFactory servletContainer() {
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
@Override
protected void postProcessContext(Context context) {
//如果不要http,就放开注释
// SecurityConstraint constraint = new SecurityConstraint();
// constraint.setUserConstraint("CONFIDENTIAL");
// SecurityCollection collection = new SecurityCollection();
// collection.addPattern("/*");
// constraint.addCollection(collection);
// context.addConstraint(constraint);
}
};
tomcat.addAdditionalTomcatConnectors(httpConnector());
return tomcat;
}
@Bean
public Connector httpConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setSecure(false);
connector.setScheme("http");
//Connector监听的http的端口号
connector.setPort("8080");
connector.setSecure(false);
//监听到http的端口号后转向到的https的端口号
connector.setRedirectPort("443");
return connector;
}
/**
* Tomcat配置
*/
1、pfx
增加keystoreFile 、 keystoreType 、 keystorePass
<Connector port="8443" protocol="HTTP/1.1"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
keystoreFile="/证书路径/名称.pfx"
keystoreType="PKCS12"
keystorePass="证书密码"
clientAuth="false" sslProtocol="TLS" />
2、jks
增加keystoreFile、 keystorePass
<Connector port="8443" protocol="HTTP/1.1"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
keystoreFile="/证书路径/名称.jks"
keystorePass="证书密码"
clientAuth="false" sslProtocol="TLS" />
3、如果修改端口为443,则需修改下列
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="443" />
/**
* Nginx配置
*/
1、将pem、key文件放到指定目录
2、修改nginx配置文件
# HTTPS server
#
server {
listen 443 ssl;
server_name 域名;
ssl_certificate xxx.pem;
ssl_certificate_key xxx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
#location / {
# root html;
# index index.html index.htm;
#}
}