By default, springboot supports one SSL certificate, but in some cases, a project may need to support SSL certificates for multiple domain names. At this time, we can implement this function by configuring Tomcat. Note that Tomcat must be 8.5 or above to support it.
The following is the complete code for springboot to configure tomcat, which has been successfully tested in springboot2.6.4, tomcat9.0, and java8 environments.
import org.apache.catalina.connector.Connector;
import org.apache.coyote.http11.Http11NioProtocol;
import org.apache.tomcat.util.net.SSLHostConfig;
import org.apache.tomcat.util.net.SSLHostConfigCertificate;
import org.springframework.boot.web.embedded.tomcat.TomcatConnectorCustomizer;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.servlet.MultipartConfigFactory;
import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.util.unit.DataSize;
import javax.servlet.MultipartConfigElement;
@Configuration
public class TomcatConfig {
@Bean
public ServletWebServerFactory servletContainer() {
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory();
tomcat.addConnectorCustomizers(new GwsTomcatConnectionCustomizer());
return tomcat;
}
@Bean
public MultipartConfigElement multipartConfigElement() {
MultipartConfigFactory factory = new MultipartConfigFactory();
// 单个数据大小
factory.setMaxFileSize(DataSize.parse("300MB")); // KB,MB
/// 总上传数据大小
factory.setMaxRequestSize(DataSize.parse("300MB"));
return factory.createMultipartConfig();
}
public class GwsTomcatConnectionCustomizer implements TomcatConnectorCustomizer {
public GwsTomcatConnectionCustomizer() {
}
@Override
public void customize(Connector connector) {
connector.setPort(12388);
connector.setScheme("https");
connector.setSecure(true);
Http11NioProtocol protocol = (Http11NioProtocol) connector.getProtocolHandler();
protocol.setSSLEnabled(true);
//设置默认
protocol.setDefaultSSLHostConfigName("cn.cloud.xxx.com");
//配置第一个域名ssl
SSLHostConfig sslHostConfig = new SSLHostConfig();
sslHostConfig.setHostName("cloud.xxx.com");
SSLHostConfigCertificate sslHostConfigCertificate = new SSLHostConfigCertificate(sslHostConfig, SSLHostConfigCertificate.Type.RSA);
//证书可以放在固定的证书文件夹里也可以放在项目中,如果放项目中,则将证书放在resources目录下,sslHostConfigCertificate.setCertificateKeystoreFile("cloud.xxx.com.jks");
sslHostConfigCertificate.setCertificateKeystoreFile("/mnt/data/cert/cloud.xxx.com.jks");
//下载jks格式时,里面会带有密码文件
sslHostConfigCertificate.setCertificateKeystorePassword("xxx");
sslHostConfigCertificate.setCertificateKeystoreType("JKS");
sslHostConfig.addCertificate(sslHostConfigCertificate);
connector.addSslHostConfig(sslHostConfig);
//配置第二个域名ssl
SSLHostConfig sslHostConfig1 = new SSLHostConfig();
sslHostConfig1.setHostName("cn.cloud.xxx.com");
SSLHostConfigCertificate sslHostConfigCertificate1 = new SSLHostConfigCertificate(sslHostConfig1, SSLHostConfigCertificate.Type.RSA);
sslHostConfigCertificate1.setCertificateKeystoreFile("/mnt/data/cert/cn.cloud.xxx.com.jks");
sslHostConfigCertificate1.setCertificateKeystorePassword("xxx");
sslHostConfigCertificate1.setCertificateKeystoreType("JKS");
sslHostConfig1.addCertificate(sslHostConfigCertificate1);
connector.addSslHostConfig(sslHostConfig1);
}
}
}
In actual projects, relevant configuration items can be placed in the configuration file. The certificate format I downloaded here is jks format.