HTTPS(全称:Hyper Text Transfer Protocol over Secure Socket Layer 或 Hypertext Transfer Protocol Secure,超文本传输安全协议),是以安全为目标的HTTP通道,简单讲是HTTP的安全版。
我们可以在阿里云上申请SSL证书,免费使用1年
因为我们服务器是用Nginx,所以得下载Nginx和tomcat 2种证书。
然后修改nginx.conf 文件
#user www;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
proxy_headers_hash_max_size 51200;
proxy_headers_hash_bucket_size 6400;
#gzip on;
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://localhost:8080;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
}
#JS和CSS缓存时间设置
location ~.*\.(js|css|html|png|jpg)$
{
proxy_pass http://localhost:8080;
expires 1d;
}
return 301 https://dingyinwu.com;
}
# HTTPS server
#
server {
listen 443 ssl;
server_name localhost;
#ssl on;
root html;
index index.html index.htm;
ssl_certificate cert/dyw.pem;
ssl_certificate_key cert/dyw.key;
ssl_session_timeout 5m;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://localhost:8443;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
}
#JS和CSS缓存时间设置
location ~.*\.(js|css|html|png|jpg)$
{
proxy_pass https://localhost:8443;
expires 1d;
}
}
}
这里不仅仅配置Nginx,根据前面我们对阿里云的安全组进行配置,443端口得去配置开通,才能访问的到。
上面配置中的80端口,会自动跳转到443端口。然后443端口会转到springboot项目中的8443端口。
然后我们得去项目中进行配置
Application
@Bean
public EmbeddedServletContainerFactory servletContainer() {
TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");//confidential
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addAdditionalTomcatConnectors(httpConnector());
return tomcat;
}
@Bean
public Connector httpConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
connector.setPort(8080);
connector.setSecure(false);
connector.setRedirectPort(8443);
return connector;
}
application.yaml
server:
port: 8443
ssl:
key-store: classpath:server.pfx
key-store-password:
key-store-type: PKCS12
以上2个就是配置的方法。如果仅仅是使用springboot的,就配置springboot就可以。也会对8080端口自动跳转到https的8443端口。
欢迎转载,转载请注明出处 http://www.dingyinwu.com/article/73.html
如果文章中有任何问题或者可以改进的地方,请大家多提提意见,我会非常感激。