1.Springboot进行注入Bean在tomcat中(此功能是为了http->https)
import org.springframework.context.annotation.Configuration;
import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.coyote.http11.Http11NioProtocol;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
import org.springframework.context.annotation.Bean;
@Configuration
public class ConnectorConfig {
@Bean
public ServletWebServerFactory servletWebServerFactory() {
TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection securityCollection = new SecurityCollection();
securityCollection.addPattern("/*");
securityConstraint.addCollection(securityCollection);
context.addConstraint(securityConstraint);
}
};
factory.addAdditionalTomcatConnectors(redirectConnector());
return factory;
}
private Connector redirectConnector() {
Connector connector = new Connector(Http11NioProtocol.class.getName());
connector.setScheme("http");
connector.setPort(80);
connector.setSecure(false);
connector.setRedirectPort(8090);//这个端口号是你yml配置的server.port
return connector;
}
}
2.阿里云去进行下载签名选择下载
3.yml中配置
(有两种签名类型如果你是jdk8,则进行使用pfx转化jks)
#pfx版本
server:
port: 8090
ssl:
key-store: classpath:xxx.pfx(在阿里云下载的pfx文件)
key-store-type: PKCS12
key-store-password: xxx(在阿里云下载的pfx-password里面的内容)
enabled: true
#JKS版本(该JKS的文件需要用到jdk8的内置工具)
keytool -importkeystore -srckeystore xxx.pfx -srcstoretype pkcs12 -destkeystore xxx.jks -deststoretype JKS
server:
port: 8090
ssl:
key-store: classpath:xxx.jks(该JKS的文件需要用到jdk8的内置工具)
key-store-type: JKS
key-store-password: xxx(在阿里云下载的pfx-password里面的内容)
enabled: true
4.服务器中如何配置ssl(重点防止采坑)
这里你需要把这个文件放进跟jar的同级目录中
由于打入的jar中不包含对应pfx文件
yml的写法需要去掉 classpath 再进行部署
#pfx/jks
server:
port: 8090
ssl:
key-store: xxx.pfx(在阿里云下载的pfx文件)
key-store-type: PKCS12
key-store-password: xxx(在阿里云下载的pfx-password里面的内容)
enabled: true
5.如何校验是否成功
直接在浏览器中输入你的对应的域名以及https的页面
我是用swagger的界面直接打开,即可
https://www.dapengzx.com:8090/swagger-ui.html#/