HTTPS(全稱:Hyper Text Transfer Protocol over Secure Socket Layer 或 Hypertext Transfer Protocol Secure,超文本傳輸安全協議),是以安全爲目標的HTTP通道,簡單講是HTTP的安全版。
我們可以在阿里雲上申請SSL證書,免費使用1年
因爲我們服務器是用Nginx,所以得下載Nginx和tomcat 2種證書。
然後修改nginx.conf 文件
#user www;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
proxy_headers_hash_max_size 51200;
proxy_headers_hash_bucket_size 6400;
#gzip on;
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://localhost:8080;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
}
#JS和CSS緩存時間設置
location ~.*\.(js|css|html|png|jpg)$
{
proxy_pass http://localhost:8080;
expires 1d;
}
return 301 https://dingyinwu.com;
}
# HTTPS server
#
server {
listen 443 ssl;
server_name localhost;
#ssl on;
root html;
index index.html index.htm;
ssl_certificate cert/dyw.pem;
ssl_certificate_key cert/dyw.key;
ssl_session_timeout 5m;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://localhost:8443;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
}
#JS和CSS緩存時間設置
location ~.*\.(js|css|html|png|jpg)$
{
proxy_pass https://localhost:8443;
expires 1d;
}
}
}
這裏不僅僅配置Nginx,根據前面我們對阿里雲的安全組進行配置,443端口得去配置開通,才能訪問的到。
上面配置中的80端口,會自動跳轉到443端口。然後443端口會轉到springboot項目中的8443端口。
然後我們得去項目中進行配置
Application
@Bean
public EmbeddedServletContainerFactory servletContainer() {
TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");//confidential
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addAdditionalTomcatConnectors(httpConnector());
return tomcat;
}
@Bean
public Connector httpConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
connector.setPort(8080);
connector.setSecure(false);
connector.setRedirectPort(8443);
return connector;
}
application.yaml
server:
port: 8443
ssl:
key-store: classpath:server.pfx
key-store-password:
key-store-type: PKCS12
以上2個就是配置的方法。如果僅僅是使用springboot的,就配置springboot就可以。也會對8080端口自動跳轉到https的8443端口。
歡迎轉載,轉載請註明出處 http://www.dingyinwu.com/article/73.html
如果文章中有任何問題或者可以改進的地方,請大家多提提意見,我會非常感激。