1. 申请SSL证书
我这里以华为云为例,申请一个免费的SSL证书。申请的前提是你要有个域名。直接华为云控制台搜索ssl认证,步骤很简单,这里就不赘述了。
- 申请成功后的截图
申请成功后,华为云有提供安装证书的教程,可以直接参考
2. Spring boot 配置SSL
-
将申请的证书下载,找到
tomcat文件夹,文件包括一个jks和txt,将.jks文件 放入与application.yml同级目录下,也就是resources/下 -
aplication.yml配置如下:
server:
port: 8096
ssl:
key-store: classpath:scs1662618143586_news777.top_server.jks
key-store-password: Cb1@Wt&XRdAb^NnT
key-store-type: JKS
port-http:8095
- 启动项
xxApplication代码如下:
import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
import org.springframework.context.annotation.Bean;
@SpringBootApplication
public class xxxxApplication {
public static void main(String[] args) {
SpringApplication.run(OwnBlogApplication.class, args);
}
@Bean
public ServletWebServerFactory servletContainer() {
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addAdditionalTomcatConnectors(redirectConnector());
return tomcat;
}
private Connector redirectConnector() {
Connector connector = new Connector(TomcatServletWebServerFactory.DEFAULT_PROTOCOL);
connector.setScheme("http");
connector.setPort(8095);
connector.setSecure(false);
connector.setRedirectPort(8096);
return connector;
}
}