问题描述
我是保护服务器的新手,所以我对此知之甚少,但我需要让在 Digital Ocean Droplet 上运行的 Spring Boot 应用程序使用 HTTPS.
I'm new to securing a server so I don't really know much about this but I need to get my Spring Boot Application that is running on a Digital Ocean Droplet to use HTTPS.
我的想法是注册一个 Letencrypt 证书,然后告诉 Spring 使用它.
My idea is to register a letsencrypt certificate and then tell Spring to use that.
但是,我不知道该怎么做.
However, I have no idea how to do that.
谢谢.
推荐答案
我写了 2 篇关于 Let's Encrypt 和 Spring Boot 的博文.
I wrote 2 blog posts about Let's Encrypt and Spring Boot.
简而言之,步骤如下:
拉取让我们加密客户端 (certbot).
Pulling the Let's Encrypt client (certbot).
为您的域(例如 example.com)生成证书
Generating a certificate for your domain (e.g. example.com)
./certbot-auto certonly -a standalone -d example.com -d www.example.com
事物在 /etc/letsencrypt/live/example.com 中生成.Spring Boot 需要 PKCS#12 格式的文件.这意味着您必须将密钥转换为 PKCS#12 密钥库(例如使用 OpenSSL).如下:
Things are generated in /etc/letsencrypt/live/example.com. Spring Boot expects PKCS#12 formatted file. It means that you must convert the keys to a PKCS#12 keystore (e.g. using OpenSSL). As follows:
- 打开
/etc/letsencrypt/live/example.com目录.
- Open
/etc/letsencrypt/live/example.comdirectory.
`openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out keystore.p12 -name tomcat -CAfile chain.pem -caname root`
带有 PKCS12 的文件 keystore.p12 现在在 /etc/letsencrypt/live/example.com 中生成.
The file keystore.p12 with PKCS12 is now generated in /etc/letsencrypt/live/example.com.
是时候配置您的 Spring Boot 应用程序了.打开 application.properties 文件并将以下属性放在那里:
It's time to configure your Spring Boot application. Open the application.properties file and put following properties there:
server.port=8443
security.require-ssl=true
server.ssl.key-store=/etc/letsencrypt/live/example.com/keystore.p12
server.ssl.key-store-password=<your-password>
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat
阅读我的博文了解更多详情和评论.
Read my blog post for further details and remarks.
这篇关于如何设置 letencrypt SSL 证书并在 Spring Boot 应用程序中使用它?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!