独角兽企业重金招聘Python工程师标准>>>
实现访问服务器地址(默认http的80)跳转到https端口(443)
开启端口监听
因为https默认是443端口,需要开启对443端口的监听
在application.properties中
#web监听端口server.port = 443
配置ssl证书
由于没有从相关机构申请证书,使用jdk自带的证书管理工具进行生成,方法如下
keytool -genkey -alias tomcat -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650
这个命令需要交互输入一些密码以及组织的相关信息,这些信息再后面的配置中会使用到
会生成一个名为keystore.p12的文件,这个文件就是我们需要使用的文件,将其放置到resources目录下
在application.properties中配置
#httpsserver.ssl.enabled=trueserver.ssl.key-store= classpath:keystore.p12server.ssl.protocol=TLSserver.ssl.key-store-password= 自定义server.ssl.keyStoreType= PKCS12server.ssl.keyAlias= tomcat
配置跳转
创建下面的配置类
import org.apache.catalina.Context;import org.apache.catalina.connector.Connector;import org.apache.tomcat.util.descriptor.web.SecurityCollection;import org.apache.tomcat.util.descriptor.web.SecurityConstraint;import org.springframework.beans.factory.annotation.Value;import org.springframework.boot.context.embedded.EmbeddedServletContainerFactory;import org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;/*** 设置将访问80端口的请求跳转到指定的端口上去,这样用户就可以直接输入设备地址访问而不需要输入前缀和端口了** @author 阿信sxq**/@Configurationpublic class ContainerCustomizer {@Value("${server.port}")private Integer webPort;/*** 构建servlet容器的工厂类* 将80端口跳转到{@linkplain #webPort}端口** @return 内置servlet容器类的工厂实例*/@Beanpublic EmbeddedServletContainerFactory servletContainer() {TomcatEmbeddedServletContainerFactory factory = new TomcatEmbeddedServletContainerFactory() {@Overrideprotected void postProcessContext(Context context) {SecurityConstraint securityConstraint = new SecurityConstraint();securityConstraint.setUserConstraint("CONFIDENTIAL");SecurityCollection collection = new SecurityCollection();collection.addPattern("/*");securityConstraint.addCollection(collection);context.addConstraint(securityConstraint);}};factory.addAdditionalTomcatConnectors(createConnector());return factory;}/*** 创建tomcat连接器。* 该连接器将会接收http的80端口的访问,并且重定向到指定的端口上去,{@linkplain #webPort}** @return tomcat连接器*/private Connector createConnector() {final Connector connector = new Connector();connector.setPort(80);connector.setRedirectPort(webPort);return connector;}}
这个是使用内置的tomcat做容器的配置方式,使用jetty需要使用另外的方式
jetty配置跳转
下面的代码来自/questions/26655875/spring-boot-redirect-http-to-https,
由于没有使用jetty,所以没有进行验证
import org.eclipse.jetty.security.ConstraintMapping;import org.eclipse.jetty.security.ConstraintSecurityHandler;import org.eclipse.jetty.util.security.Constraint;import org.eclipse.jetty.webapp.AbstractConfiguration;import org.eclipse.jetty.webapp.WebAppContext;class HttpToHttpsJettyConfiguration extends AbstractConfiguration {// /Jetty/Howto/Configure_SSL#Redirecting_http_requests_to_https@Overridepublic void configure(WebAppContext context) throws Exception {Constraint constraint = new Constraint();constraint.setDataConstraint(2);ConstraintMapping constraintMapping = new ConstraintMapping();constraintMapping.setPathSpec("/*");constraintMapping.setConstraint(constraint);ConstraintSecurityHandler constraintSecurityHandler = new ConstraintSecurityHandler();constraintSecurityHandler.addConstraintMapping(constraintMapping);context.setSecurityHandler(constraintSecurityHandler);}}
@Configurationpublic class HttpToHttpsJettyCustomizer implements EmbeddedServletContainerCustomizer{@Overridepublic void customize(ConfigurableEmbeddedServletContainer container) {JettyEmbeddedServletContainerFactory containerFactory = (JettyEmbeddedServletContainerFactory) container;//Add a plain HTTP connector and a WebAppContext config to force redirect from http->httpscontainerFactory.addConfigurations(new HttpToHttpsJettyConfiguration());containerFactory.addServerCustomizers(server -> {HttpConfiguration http = new HttpConfiguration();http.setSecurePort(443);http.setSecureScheme("https");ServerConnector connector = new ServerConnector(server);connector.addConnectionFactory(new HttpConnectionFactory(http));connector.setPort(80);server.addConnector(connector);});}}
特别说明
使用上面的方法配置的https由于证书不是受信的,所以浏览器会报警告,需要手工确认,这个没办法