在java安装目录下bin目录下keytool工具
keytool -genkey -storetype PKCS12 -keysize 2048 -alias tomcat -keyalg RSA -keystore ./tomcat.keystore
命令说明:
-genkey 生成密钥
-alias tomcat(别名)
-keypass 123456(别名密码)
-keyalg RSA(算法)
-keysize 2048(密钥长度)
-validity 365(有效期,天单位)
-keystore tomcat.keystore(指定生成证书的位置和证书名称)
-storepass 123456(获取keystore信息的密码)
执行过程如下:
得到了tomcat.keystore之后将证书放置到项目根目录
定义HTTPS的配置类
import org.apache.catalina.Context; import org.apache.catalina.connector.Connector; import org.apache.tomcat.util.descriptor.web.SecurityCollection; import org.apache.tomcat.util.descriptor.web.SecurityConstraint; import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration;
@Configuration public class HttpsConfiguration { @Bean public TomcatServletWebServerFactory servletContainer() { TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() { @Override protected void postProcessContext(Context context) { SecurityConstraint constraint = new SecurityConstraint(); constraint.setUserConstraint("CONFIDENTIAL"); SecurityCollection collection = new SecurityCollection(); collection.addPattern("/*"); constraint.addCollection(collection); context.addConstraint(constraint); } }; tomcat.addAdditionalTomcatConnectors(httpConnector()); return tomcat; } @Bean public Connector httpConnector() { Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); connector.setScheme("http"); //Connector监听的http的端口号 connector.setPort(6161); connector.setSecure(false); //监听到http的端口号后转向到的https的端口号 connector.setRedirectPort(8843); return connector; } }
配置.properties/.yml文件,并复制到springboot项目的resource目录下
server.ssl.key-store=tomcat.keystore server.ssl.key-store-password=123456 server.ssl.key-store-type=PKCS12 server.ssl.key-alias=tomcat
但是以上方式生成的证书是不受浏览器信任的证书
向腾讯云申请一年的免费的证书
阿里云也可以
配置端口转发
import org.apache.catalina.Context; import org.apache.catalina.connector.Connector; import org.apache.tomcat.util.descriptor.web.SecurityCollection; import org.apache.tomcat.util.descriptor.web.SecurityConstraint; import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; /** * @author wzm * @version 1.0.0 * @date 2019/6/27 12:27 **/ @Configuration public class HttpsConfiguration { @Value("${server.port}") private int sPort; @Value("${http.port}") private int hPort; @Bean public TomcatServletWebServerFactory servletContainer() { TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() { @Override protected void postProcessContext(Context context) { SecurityConstraint constraint = new SecurityConstraint(); constraint.setUserConstraint("CONFIDENTIAL"); SecurityCollection collection = new SecurityCollection(); collection.addPattern("/*"); constraint.addCollection(collection); context.addConstraint(constraint); } }; tomcat.addAdditionalTomcatConnectors(httpConnector()); return tomcat; }
@Bean public Connector httpConnector() { //org.apache.coyote.http2.Http2Protocol //org.apache.coyote.http11.Http11NioProtocol Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); connector.setScheme("http"); //Connector监听的http的端口号 connector.setPort(hPort); connector.setSecure(false); //监听到http的端口号后转向到的https的端口号 connector.setRedirectPort(sPort); return connector; } }
spring-boot配置文件:
server:
port: 8084
servlet.context-path: /tldollar
ssl:
key-store: classpath:2421151_www.esbug.com.pfx
key-store-password: gHkFz29P
http:
port: 8080