本次用于测试的尼特社区使用的是Spring boot 2.1.6版本,理论上2.X都能成功。
一、申请、下载SSL证书。(已申请的忽视此步骤)
腾讯云、阿里云、UCLOUD都提供免费的证书,可以去申请下载。各平台大同小异,下面以腾讯为例。
腾讯云地址:https://cloud.tencent.com/product/ssl
①登陆后进入腾讯云控制台:https://console.cloud.tencent.com/ssl
②点击“申请免费证书”
③按提示填写即可,注意:目前暂不支持密码找回,若忘记密码则需重新申请证书。所以请牢记密码,后面也会用上。
④申请成功后,下载到本地解压。
⑤进入tomcat文件夹,找到.jks后缀结尾的文件,这是需要的。
二、修改application.properties文件
①将.jks文件丢入resources文件夹下,与application.properties同级。
②在application.properties文件中添加以下几行配置信息
server.custom.httpPort=80
server.port=443
#https加密端口号 443
#SSL证书路径,文件名修改成你自己的 一定要加上classpath:
server.ssl.key-store=classpath:niter_cn.jks
#SSL证书密码,申请时填写的
server.ssl.key-store-password=****
#证书类型
server.ssl.key-store-type=JKS
三、编写HttpsConfig类
①新建HttpsConfig类。
②如果你要同时启用http与https访问,请添加以下配置Bean。(第②步与第③步,二选一就行了)
@Value("${server.custom.httpPort}")
private Integer httpPort;
@Bean
public ServletWebServerFactory serverFactory() {
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory();
tomcat.addAdditionalTomcatConnectors(createStandardConnector());
return tomcat;
}
private Connector createStandardConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setPort(httpPort);
return connector;
}
③如果你要开启http强制跳转到https,请添加以下配置Bean(第②步与第③步,二选一就行了)。(另外需要注意以下Bean配置只适用于spring boot 2.0 及以上版本。1.5版本请参考链接)
@Bean
public Connector connector(){
Connector connector=new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
//Connector监听的http的端口号
connector.setPort(80);
connector.setSecure(false);
//监听到http的端口号后转向到的https的端口号
connector.setRedirectPort(443);
return connector;
}
@Bean
public TomcatServletWebServerFactory tomcatServletWebServerFactory(Connector connector){
TomcatServletWebServerFactory tomcat=new TomcatServletWebServerFactory(){
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint=new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection=new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addAdditionalTomcatConnectors(connector);
return tomcat;
}
④这里附上HttpsConfig类完整代码:
package cn.niter.forum.config;
import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class HttpsConfig {
/*
@Value("${server.custom.httpPort}")
private Integer httpPort;
@Bean
public ServletWebServerFactory serverFactory() {
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory();
tomcat.addAdditionalTomcatConnectors(createStandardConnector());
return tomcat;
}
private Connector createStandardConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setPort(httpPort);
return connector;
}
*/
/**
* 访问80端口跳转433
* */
@Bean
public Connector connector(){
Connector connector=new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
//Connector监听的http的端口号
connector.setPort(80);
connector.setSecure(false);
//监听到http的端口号后转向到的https的端口号
connector.setRedirectPort(443);
return connector;
}
@Bean
public TomcatServletWebServerFactory tomcatServletWebServerFactory(Connector connector){
TomcatServletWebServerFactory tomcat=new TomcatServletWebServerFactory(){
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint=new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection=new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addAdditionalTomcatConnectors(connector);
return tomcat;
}
}
以上两种方式强烈推荐使用第二种即http强制跳转https访问。尼特社区也是采用的第二种方式。
完成以上步骤后就可以通过HTTPS访问,完成httpt跳转https啦~
演示看看效果