springboot http转https

一、安全证书的生成
可以使用jdk自带的证书生成工具,jdk自带一个叫keytool的证书管理工具,可以用它来实现签名的证书。

1、进入cmd命令控制终端

2、生成一个证书
别名:alias = tomcat
密码:keypass = 123456
生成位置:keystore = D:/keys
keys文件夹需要自己先创建好
cmd命令:

keytool -genkey -alias tomcat -keypass 123456 -keyalg RSA -keysize 1024 -validity 365 -keystore D:/keys/tomcat.keystore -storepass 123456

3、获取tomcat.keystore文件,放入项目根目录下面

 二,配置yml文件


  1. server:
  2. port: 8443
  3. ssl:
  4. key-store: server.keystore
  5. key-alias: tomcat
  6. enabled: true
  7. key-store-type: JKS
  8. key-store-password: 123456


三、springbootApplication启动类配置


  1. import org.apache.catalina.Context;
  2. import org.apache.catalina.connector.Connector;
  3. import org.apache.tomcat.util.descriptor.web.SecurityCollection;
  4. import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
  5. import org.springframework.boot.SpringApplication;
  6. import org.springframework.boot.autoconfigure.SpringBootApplication;
  7. import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
  8. import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
  9. import org.springframework.context.annotation.Bean;
  10. @SpringBootApplication
  11. public class WeijingApplication {
  12. public static void main(String[] args) {
  13. SpringApplication.run(WeijingApplication.class, args);
  14. }
  15. @Bean
  16. public ServletWebServerFactory servletContainer() {
  17. TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
  18. @Override
  19. protected void postProcessContext(Context context) {
  20. SecurityConstraint securityConstraint = new SecurityConstraint();
  21. securityConstraint.setUserConstraint(“CONFIDENTIAL”);
  22. SecurityCollection collection = new SecurityCollection();
  23. collection.addPattern(“/*”);
  24. securityConstraint.addCollection(collection);
  25. context.addConstraint(securityConstraint);
  26. }
  27. };
  28. tomcat.addAdditionalTomcatConnectors(redirectConnector());
  29. return tomcat;
  30. }
  31. private Connector redirectConnector() {
  32. Connector connector = new Connector(“org.apache.coyote.http11.Http11NioProtocol”);
  33. connector.setScheme(“http”);
  34. connector.setPort(8080);
  35. connector.setSecure(false);
  36. connector.setRedirectPort(8443);
  37. return connector;
  38. }

启动成功

另外:springboot2.xx版本以上可以用上面的方法 如果2.xx以下的 就要换成

EmbeddedServletContainerFactory

  1. import org.apache.catalina.Context;
  2. import org.apache.catalina.connector.Connector;
  3. import org.apache.tomcat.util.descriptor.web.SecurityCollection;
  4. import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
  5. import org.springframework.boot.SpringApplication;
  6. import org.springframework.boot.autoconfigure.SpringBootApplication;
  7. import org.springframework.context.annotation.Bean;
  8. @SpringBootApplication
  9. public class WeijingApplication {
  10. public static void main(String[] args) {
  11. SpringApplication.run(WeijingApplication.class, args);
  12. }
  13. @Bean
  14. public EmbeddedServletContainerFactory servletContainer() {
  15. TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {
  16. @Override
  17. protected void postProcessContext(Context context) {
  18. SecurityConstraint constraint = new SecurityConstraint();
  19. constraint.setUserConstraint(“CONFIDENTIAL”);
  20. SecurityCollection collection = new SecurityCollection();
  21. collection.addPattern(“/*”);
  22. constraint.addCollection(collection);
  23. context.addConstraint(constraint);
  24. }
  25. };
  26. tomcat.addAdditionalTomcatConnectors(httpConnector());
  27. return tomcat;
  28. }
  29. @Bean
  30. public Connector httpConnector() {
  31. Connector connector = new Connector(“org.apache.coyote.http11.Http11NioProtocol”);
  32. connector.setScheme(“http”);
  33. //Connector监听的http的端口号
  34. connector.setPort(8080);
  35. connector.setSecure(false);
  36. //监听到http的端口号后转向到的https的端口号
  37. connector.setRedirectPort(8443);
  38. return connector;
  39. }

另外:报错端口被占用的话可以看下这个

报错是因为不能读取配置文件的端口,那个端口是要被用的

部署到Linux服务器 https启动失败报错 原因:

部署到服务器的时候 需要用再linux服务器上面 重新用Linux的JDK生成证书 (不能用windows生成的证书) 并放再固定的文件夹位置

更改yml文件配置

更改成服务器文件夹路径:/usr/local/xxx/server.keystore