实现访问服务器地址(默认http的80)跳转到https端口(443)
开启端口监听
因为https默认是443端口,需要开启对443端口的监听
在application.properties中
#web监听端口
server.port = 443
配置ssl证书
由于没有从相关机构申请证书,使用jdk自带的证书管理工具进行生成,方法如下
keytool -genkey -alias tomcat -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650
这个命令需要交互输入一些密码以及组织的相关信息,这些信息再后面的配置中会使用到
会生成一个名为keystore.p12的文件,这个文件就是我们需要使用的文件,将其放置到resources目录下
在application.properties中配置
#https
server.ssl.enabled=true
server.ssl.key-store= classpath:keystore.p12
server.ssl.protocol=TLS
server.ssl.key-store-password= 自定义
server.ssl.keyStoreType= PKCS12
server.ssl.keyAlias= tomcat
配置跳转
创建下面的配置类
import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.context.embedded.EmbeddedServletContainerFactory;
import org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
/**
* 设置将访问80端口的请求跳转到指定的端口上去,这样用户就可以直接输入设备地址访问而不需要输入前缀和端口了
*
* @author 阿信sxq
*
*/
@Configuration
public class ContainerCustomizer {
@Value("${server.port}")
private Integer webPort;
/**
* 构建servlet容器的工厂类
* 将80端口跳转到{@linkplain #webPort}端口
*
* @return 内置servlet容器类的工厂实例
*/
@Bean
public EmbeddedServletContainerFactory servletContainer() {
TomcatEmbeddedServletContainerFactory factory = new TomcatEmbeddedServletContainerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
factory.addAdditionalTomcatConnectors(createConnector());
return factory;
}
/**
* 创建tomcat连接器。
* 该连接器将会接收http的80端口的访问,并且重定向到指定的端口上去,{@linkplain #webPort}
*
* @return tomcat连接器
*/
private Connector createConnector() {
final Connector connector = new Connector();
connector.setPort(80);
connector.setRedirectPort(webPort);
return connector;
}
}
这个是使用内置的tomcat做容器的配置方式,使用jetty需要使用另外的方式
jetty配置跳转
下面的代码来自http://stackoverflow.com/questions/26655875/spring-boot-redirect-http-to-https,
由于没有使用jetty,所以没有进行验证
import org.eclipse.jetty.security.ConstraintMapping;
import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.util.security.Constraint;
import org.eclipse.jetty.webapp.AbstractConfiguration;
import org.eclipse.jetty.webapp.WebAppContext;
class HttpToHttpsJettyConfiguration extends AbstractConfiguration {
// http://wiki.eclipse.org/Jetty/Howto/Configure_SSL#Redirecting_http_requests_to_https
@Override
public void configure(WebAppContext context) throws Exception {
Constraint constraint = new Constraint();
constraint.setDataConstraint(2);
ConstraintMapping constraintMapping = new ConstraintMapping();
constraintMapping.setPathSpec("/*");
constraintMapping.setConstraint(constraint);
ConstraintSecurityHandler constraintSecurityHandler = new ConstraintSecurityHandler();
constraintSecurityHandler.addConstraintMapping(constraintMapping);
context.setSecurityHandler(constraintSecurityHandler);
}
}
@Configuration
public class HttpToHttpsJettyCustomizer implements EmbeddedServletContainerCustomizer{
@Override
public void customize(ConfigurableEmbeddedServletContainer container) {
JettyEmbeddedServletContainerFactory containerFactory = (JettyEmbeddedServletContainerFactory) container;
//Add a plain HTTP connector and a WebAppContext config to force redirect from http->https
containerFactory.addConfigurations(new HttpToHttpsJettyConfiguration());
containerFactory.addServerCustomizers(server -> {
HttpConfiguration http = new HttpConfiguration();
http.setSecurePort(443);
http.setSecureScheme("https");
ServerConnector connector = new ServerConnector(server);
connector.addConnectionFactory(new HttpConnectionFactory(http));
connector.setPort(80);
server.addConnector(connector);
});
}
}
特别说明
使用上面的方法配置的https由于证书不是受信的,所以浏览器会报警告,需要手工确认,这个没办法