1. Download SSL certificate
I am using Alibaba Cloud's SSL certificate. This time I am using an nginx type certificate.
2. nginx configure SSL certificate
Modify nginx.conf file
server{
listen 443 ssl; #需要去阿里云安全组开放443端口
server_name 你的域名;
charset utf8;
# ssl on;
ssl_certificate 存放文件的路径/xxxxx.pem;
ssl_certificate_key 存放文件的路径/xxxxx.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location /verify {
root html;
index index.html index.htm;
}
}
The path content written in the server will be converted
For example
3. Project configuration https and http
The company's Java project uses springboot, which can only recognize p12 certificates, so a tool needs to be used to convert the certificates.
Tool download link: https://pan.baidu.com/s/1WKgBRoqQ0PBLrFxcZ5Q8rg
Extraction code: 5wz8
After the installation is complete, go to the current directory to complete the operation.
When clicking on the file openssl.exe, enter: pkcs12 -export -in certificate name.pem -inkey private key name.key -out changed name.p12
A password is required when generating the p12 file. It will be used in subsequent configurations. Please remember the password you entered! ! !
Pull the generated p12 file into the project (I put it in resources here)
Configure application.yml file
server:
#此处的端口是https使用的
port: 8080
#此处的端口是http使用的
http-port: 3072
#证书配置
ssl:
key-store-type: "PKCS12" #指定KeyStore的实现类型
key-store: classpath:spark.p12 #存放位置
key-store-password: 密码 #制作证书时输入的密码
Run the project
At this point you can see that the project is running
See the effect
Project for https and http access
Control the same project through the port to implement https or http for access (operate according to project requirements)
Create TomcatServerConfig.class file
/**
* @author: MM
* @date: 2023-02-14 15:59
* 同一个项目即可以实现http访问又可以通过https访问
*/
@Component
public class TomcatServerConfig implements WebServerFactoryCustomizer<TomcatServletWebServerFactory> {
@Value("${server.http-port}")
public Integer httpPort;
@Override
public void customize(TomcatServletWebServerFactory factory) {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
connector.setPort(httpPort);
factory.addAdditionalTomcatConnectors(connector);
}
}
Then run the project and see the effect