1、spring cloud配置https
网关配置ssl
将jks文件放在网关的resources文件夹下
server:
port: 9999
ssl:
key-store: classpath:zhaodui.com.jks
key-store-password: 111111 //申请的证书密匙
key-store-type: JKS
spring:
application:
name: base-gateway
cloud:
#Sentinel配置
sentinel:
web-context-unify: false
transport:
dashboard: localhost:8087
# 懒加载Sentinel Dashboard菜单
eager: false
gateway:
discovery:
locator:
enabled: true
globalcors:
cors-configurations:
'[/**]':
allow-credentials: true
allowed-origins: "*"
allowed-headers: "*"
allowed-methods: "*"
# 全局熔断降级配置
default-filters:
- name: Hystrix
args:
name: default
#转发地址
fallbackUri: 'forward:/fallback'
- name: Retry
args:
#重试次数,默认值是 3 次
retries: 3
#HTTP 的状态返回码
statuses: BAD_GATEWAY,BAD_REQUEST
#指定哪些方法的请求需要进行重试逻辑,默认值是 GET 方法
methods: GET,POST
httpclient:
ssl:
use-insecure-trust-manager: true
pom文件配置加jks
<resources>
<resource>
<directory>src/main/resources</directory>
<filtering>true</filtering>
<excludes>
<exclude>zhaodui.com.jks</exclude>
</excludes>
</resource>
<resource>
<directory>src/main/resources</directory>
<filtering>false</filtering>
<includes>
<include>zhaodui.com.jks</include>
</includes>
</resource>
<resource>
<directory>src/main/java</directory>
<includes>
<include>**/*.xml</include>
<include>**/*.json</include>
<include>**/*.ftl</include>
</includes>
</resource>
</resources>
2、spring配置https
配置yml文件
将jks文件放在网关的resources文件夹下
server:
port: 9999
ssl:
key-store: classpath:zhaodui.com.jks
key-store-password: 111111
key-store-type: JKS
pom文件加
<resources>
<resource>
<directory>src/main/resources</directory>
<filtering>true</filtering>
<excludes>
<exclude>haiyanbuye.jks</exclude>
</excludes>
</resource>
<resource>
<directory>src/main/resources</directory>
<filtering>false</filtering>
<includes>
<include>haiyanbuye.jks</include>
</includes>
</resource>
<resource>
<directory>src/main/java</directory>
<includes>
<include>**/*.xml</include>
<include>**/*.json</include>
<include>**/*.ftl</include>
</includes>
</resource>
</resources>
3.Nginx配置
将ssl证书key、pem加在Nginx的conf文件中
server {
listen 443 ssl;
server_name zhaodui.com.cn;
root html;
index index.html index.htm;
#需要将cert-file-name.pem替换成已上传的证书文件的名称。
ssl_certificate zhaodui.com.pem;
#需要将cert-file-name.key替换成已上传的证书密钥文件的名称。
ssl_certificate_key zhaodui.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
#表示使用的加密套件的类型。
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#表示使用的TLS协议的类型。
ssl_prefer_server_ciphers on;
#解决Router(mode: 'history')模式下,刷新路由地址不能找到页面的问题
location / {
root html;
index index.html index.htm;
try_files $uri $uri/ /index.html;
#if (!-e $request_filename) {
# rewrite ^(.*)$ /index.html?s=$1 last;
# break;
#}
}
}