Nginx+Spring boot配置https

2019独角兽企业重金招聘Python工程师标准>>>

Nginx的nginx.conf配置:
#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;
    
    # HTTPS server
    #
    server {
        listen       443 ssl;
        server_name  localhost;

        ssl_certificate      vcm.cer;
        ssl_certificate_key  vcm.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;
        
        location / {
            proxy_pass https://localhost:8443;
            proxy_set_header  Host $host;
            proxy_set_header  X-Real-IP  $remote_addr;
            proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header  X-Forwarded-Proto https;
        #   proxy_redirect    off;
        }

        location  /redirect/station {
            proxy_pass $arg_destScheme://$arg_destIp:$arg_destPort$arg_destUrl?token=$arg_token?;
            if ($http_user_agent !~ 'Chrome'){
                add_header Content-Type "application/octet-stream";
                add_header Content-Disposition "attachment; filename=\"$arg_hFilename\"";
            }
        }
        
        location  /redirect/ipsan {
            proxy_pass $arg_destScheme://$arg_destIp:$arg_destPort$arg_destUrl?token=$arg_token?;
            if ($http_user_agent !~ 'Chrome'){
                add_header Content-Type "application/octet-stream";
                add_header Content-Disposition "attachment; filename=\"$arg_hFilename\"";
            }
        }
        
        location  /redirect/hikcstor {
        
            set $destUrl $arg_destUrl;
            if ($args ~* &destUrl=(.*)){
                set $destUrl $1;
            }
            proxy_pass $arg_destScheme://$arg_destIp:$arg_destPort$destUrl;
            proxy_pass_request_headers on;
            proxy_set_header Date "$arg_hDay $arg_hTime";
            proxy_set_header Host $arg_hHost;
            proxy_set_header Accept-Language $arg_hAcceptLanguage;
            proxy_set_header Authorization "$arg_hAuthTitle $arg_hAuthorization";
            proxy_set_header Content-Type $arg_hContentType;
            proxy_set_header Connection $arg_hConnection;
            add_header Content-Type "application/octet-stream";
            add_header Content-Disposition "attachment; filename=\"$arg_hFilename\"";
        }
    }

}

Spring boot方面：

application.property文件配置https:

server.port=8443

server.ssl.key-store=keystore.p12
server.ssl.key-store-password=msm-vcm
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat
server.session-timeout=3600

编写类配置tomcat，将所有的请求都转到加密的https

    @Bean
    public EmbeddedServletContainerFactory servletContainer() {
        TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {
            @Override
            protected void postProcessContext(Context context) {
                SecurityConstraint securityConstraint = new SecurityConstraint();
                securityConstraint.setUserConstraint("CONFIDENTIAL");
                SecurityCollection collection = new SecurityCollection();
                collection.addPattern("/*");
                securityConstraint.addCollection(collection);
                context.addConstraint(securityConstraint);
            }
        };
        return tomcat;
    }

转载于:https://my.oschina.net/ffse54s/blog/1503803