Nginx在开发环境用的还是比较少,之前用在Web开发中解决跨域的问题,在安卓开发中如果想经过Nginx开启https并且转发到其他服务器,相关的配置步骤也不是特别复杂。
Android使用自签名证书
如果使用自签名证书,一般需要拿到server.crt证书。如果你服务器使用的是jks或者p12证书文件,则需要先将证书提取出server.crt。
拿到server.crt证书之后,使用OkHttp进行简单的设置即可接入Https。
OkHttpClient httpClient = new OkHttpClient() .newBuilder() .sslSocketFactory(getSLLContext().getSocketFactory()) .build();
注意下面的server.crt放在raw目录下面:
private SSLContext getSLLContext() { SSLContext sslContext = null; try { CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); InputStream certificate = mContext.getAssets().open("server.crt"); KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null); String certificateAlias = Integer.toString(0); keyStore.setCertificateEntry(certificateAlias, certificateFactory.generateCertificate(certificate)); sslContext = SSLContext.getInstance("TLS"); final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(keyStore); sslContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom()); } catch (CertificateException e) { e.printStackTrace(); } catch (KeyStoreException e) { e.printStackTrace(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } catch (KeyManagementException e) { e.printStackTrace(); } return sslContext; }
Nginx开启Https
1.准备server.crt和server.key放在conf目录下
2.在conf目录下的nginx.conf中配置如下代码
server { listen 443 ssl; server_name localhost; ssl_certificate server.crt; ssl_certificate_key server.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { root html; index index.html index.htm; } }