前言
在實際開發過程中,如果後端需要啓用https訪問,通常項目啓動後配置nginx代理再配置https,前端調用時高版本的chrome還會因爲證書未信任導致調用失敗,通過摸索整理一套開發調試下的https方案,特此分享
後端配置
生成HTTPS密鑰
keytool -genkeypair -alias tomcat -keyalg RSA -keysize 2048 -ext "SAN=IP:192.168.1.14" -keypass abcd@1234 -keystore frame.jks -storepass abcd@1234 -validity 360000
SAN需要設置你自己電腦的固定ip
配置SSL訪問
這裏以2.0.0.RELEASE版本爲例
server:
ssl:
key-store: classpath:systemfile/frame.jks
key-store-password: abcd@1234
key-store-type: JKS
key-alias: tomcat
如果需要打包部署測試環境,需要添加以下配置將jks密鑰排除在外
<resources>
<resource>
<filtering>true</filtering>
<directory>src/main/resources</directory>
<excludes>
<exclude>**/*.jks</exclude>
</excludes>
</resource>
<resource>
<filtering>false</filtering>
<directory>src/main/resources</directory>
<includes>
<include>**/*.jks</include>
</includes>
</resource>
</resources>
創建TomcatConfig配置信任
@Configuration
public class TomcatConfig {
@Bean
public TomcatServletWebServerFactory servletContainer() {
TomcatServletWebServerFactory tomcatServletContainerFactory = new TomcatServletWebServerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint constraint = new SecurityConstraint();
constraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
constraint.addCollection(collection);
context.addConstraint(constraint);
}
};
tomcatServletContainerFactory.addConnectorCustomizers(new FrameTomcatConnectorCustomizer());
return tomcatServletContainerFactory;
}
}
瀏覽器設置
使用360瀏覽器訪問系統後臺管理地址,點擊地址欄的查看證書並導出
打開360瀏覽期設置,搜索證書,配置SSL證書,在受信任的根證書派發機構和受信任的發佈者兩個tab下導入剛纔導出的證書
關閉瀏覽器重新打開,訪問系統地址,地址欄鎖變綠則代表配置成功
開發調試
postman在調試https接口時在Setting目錄關閉SSL驗證