Springboot项目绑定域名,使用Nginx配置Https
<p><span style="font-size: 16px"><strong>一、https 简介</strong></span><br> <span style="font-family: 宋体; font-size: 15px">HTTPS(全称:Hyper Text Transfer Protocol over Secure Socket Layer),是以安全为目标的HTTP通道,简单讲是HTTP的安全版。即HTTP下加入SSL层,HTTPS的安全基础是SSL,因此加密的详细内容就需要SSL。 它是一个URI scheme(抽象标识符体系),句法类同http:体系。用于安全的HTTP数据传输。https:URL表明它使用了HTTP,但HTTPS存在不同于HTTP的默认端口及一个加密/身份验证层(在HTTP与TCP之间)。这个系统的最初研发由网景公司(Netscape)进行,并内置于其浏览器Netscape Navigator中,提供了身份验证与加密通讯方法。现在它被广泛用于万维网上安全敏感的通讯,例如交易支付方面。 </span> <br><span style="font-size: 16px"><strong>二、springcloud添加 https</strong></span></p><p> <span style="font-family: 宋体; font-size: 15px; color: rgba(255, 0, 0, 1)"> 直接配置(无Nginx):</span><br><span style="font-family: 宋体; font-size: 15px"> <strong>1. 首先需要SSL证书,可以自己生成(浏览器不认可),也可购买。</strong></span><br><span style="font-family: 宋体; font-size: 15px"> <strong>2. 自己生成方法(不推荐):https://www.cnblogs.com/zhangzb/p/5200418.html</strong></span><br><span style="font-family: 宋体; font-size: 15px"> <strong> 3. 免费一年证书(推荐):https://buy.cloud.tencent.com/ssl?fromSource=ssl</strong></span><br><strong><span style="font-family: 宋体; font-size: 15px"> 4. 下载完成后解压目录如下:</span></strong><br><span style="font-family: 宋体; font-size: 15px"> springcloud(springboot)一般默认嵌入tomcat中间件(服务器),如果有其他中间件选择对应文件夹下就好。</span><br> <img src="https://img2018.cnblogs.com/common/1708164/202001/1708164-20200110160930114-1796769970.png"></p>
<p><span style="color: rgba(51, 51, 51, 1)"> tomcat打开如下:.jks证书文件, keystorePass.txt 为证书秘钥</span></p>
<p><span style="color: rgba(51, 51, 51, 1)"> <img src="https://img2018.cnblogs.com/common/1708164/202001/1708164-20200110161157711-461730626.png"></span></p>
<p><span style="color: rgba(51, 51, 51, 1)"> <strong><span style="color: rgba(51, 51, 51, 1); font-family: 宋体; font-size: 15px">5. 将证书文件放入要添加https服务的resources下,一般为web层服务,然后打开springcloud(springboot)配置文件application/<span style="color: rgba(51, 51, 51, 1)">bootstarp.yml(properties)</span></span></strong></span></p>
<p><span style="color: rgba(51, 51, 51, 1)"><span style="color: rgba(51, 51, 51, 1)"><span style="color: rgba(51, 51, 51, 1)"> <img src="https://img2018.cnblogs.com/common/1708164/202001/1708164-20200110161334868-384461417.png"></span></span></span></p>
<p><span style="color: rgba(51, 51, 51, 1)"><span style="color: rgba(51, 51, 51, 1)"><span style="color: rgba(51, 51, 51, 1)"> <span style="font-family: 宋体; font-size: 15px">server.port 注册服务端口也是项目访问端口 </span></span></span></span></p>
<p><span style="color: rgba(51, 51, 51, 1)"><span style="color: rgba(51, 51, 51, 1)"><span style="color: rgba(51, 51, 51, 1)"><span style="font-family: 宋体; font-size: 15px"> server.ssl.key-store 证书路径 </span></span></span></span></p>
<p><span style="color: rgba(51, 51, 51, 1)"><span style="color: rgba(51, 51, 51, 1)"><span style="color: rgba(51, 51, 51, 1)"><span style="font-family: 宋体; font-size: 15px"> server.ssl.key-store-password 秘钥(.txt中内容) </span></span></span></span></p>
<p><span style="color: rgba(51, 51, 51, 1)"><span style="color: rgba(51, 51, 51, 1)"><span style="color: rgba(51, 51, 51, 1)"><span style="font-family: 宋体; font-size: 15px"> http.port 做转发的端口,如果不做端口转发可以不用配置,名字可以随便起 ,端口号也可自定义(不要冲突就好)。接下来直接启动服务即可,然后即可用https://+项目路径,进行访问。</span><br> <strong> <span style="color: rgba(51, 51, 51, 1); font-family: 宋体; font-size: 15px"><span style="color: rgba(51, 51, 51, 1)">6. https配置类编写(不做端口转发可以不写)</span></span></strong></span></span></span><strong><span style="color: rgba(51, 51, 51, 1); font-family: 宋体; font-size: 15px"><span style="color: rgba(51, 51, 51, 1)"><span style="color: rgba(255, 0, 0, 1)">注意:如果项目配置文件中同时有management.port,需要将其注释掉,不然无法启动服务。</span></span></span></strong></p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 128, 1)"> 1</span> <span style="color: rgba(0, 128, 0, 1)">/**</span>
<span style="color: rgba(0, 128, 128, 1)"> 2</span> <span style="color: rgba(0, 128, 0, 1)">* @Title: HttpsPort.java
</span><span style="color: rgba(0, 128, 128, 1)"> 3</span> <span style="color: rgba(0, 128, 0, 1)">* @Description: 添加https
</span><span style="color: rgba(0, 128, 128, 1)"> 4</span> <span style="color: rgba(0, 128, 0, 1)">* </span><span style="color: rgba(128, 128, 128, 1)">@author</span><span style="color: rgba(0, 128, 0, 1)"> zxj
</span><span style="color: rgba(0, 128, 128, 1)"> 5</span> <span style="color: rgba(0, 128, 0, 1)">* </span><span style="color: rgba(128, 128, 128, 1)">@version</span><span style="color: rgba(0, 128, 0, 1)"> V1.0
</span><span style="color: rgba(0, 128, 128, 1)"> 6</span> <span style="color: rgba(0, 128, 0, 1)">*/</span>
<span style="color: rgba(0, 128, 128, 1)"> 7</span> <span style="color: rgba(0, 0, 255, 1)">package</span><span style="color: rgba(0, 0, 0, 1)"> com.ewp.data.config;
</span><span style="color: rgba(0, 128, 128, 1)"> 8</span>
<span style="color: rgba(0, 128, 128, 1)"> 9</span> <span style="color: rgba(0, 0, 255, 1)">import</span><span style="color: rgba(0, 0, 0, 1)"> org.apache.catalina.Context;
</span><span style="color: rgba(0, 128, 128, 1)">10</span> <span style="color: rgba(0, 0, 255, 1)">import</span><span style="color: rgba(0, 0, 0, 1)"> org.apache.catalina.connector.Connector;
</span><span style="color: rgba(0, 128, 128, 1)">11</span> <span style="color: rgba(0, 0, 255, 1)">import</span><span style="color: rgba(0, 0, 0, 1)"> org.apache.tomcat.util.descriptor.web.SecurityCollection;
</span><span style="color: rgba(0, 128, 128, 1)">12</span> <span style="color: rgba(0, 0, 255, 1)">import</span><span style="color: rgba(0, 0, 0, 1)"> org.apache.tomcat.util.descriptor.web.SecurityConstraint;
</span><span style="color: rgba(0, 128, 128, 1)">13</span> <span style="color: rgba(0, 0, 255, 1)">import</span><span style="color: rgba(0, 0, 0, 1)"> org.springframework.beans.factory.annotation.Value;
</span><span style="color: rgba(0, 128, 128, 1)">14</span> <span style="color: rgba(0, 0, 255, 1)">import</span><span style="color: rgba(0, 0, 0, 1)"> org.springframework.boot.context.embedded.EmbeddedServletContainerFactory;
</span><span style="color: rgba(0, 128, 128, 1)">15</span> <span style="color: rgba(0, 0, 255, 1)">import</span><span style="color: rgba(0, 0, 0, 1)"> org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory;
</span><span style="color: rgba(0, 128, 128, 1)">16</span> <span style="color: rgba(0, 0, 255, 1)">import</span><span style="color: rgba(0, 0, 0, 1)"> org.springframework.context.annotation.Bean;
</span><span style="color: rgba(0, 128, 128, 1)">17</span> <span style="color: rgba(0, 0, 255, 1)">import</span><span style="color: rgba(0, 0, 0, 1)"> org.springframework.stereotype.Component;
</span><span style="color: rgba(0, 128, 128, 1)">18</span>
<span style="color: rgba(0, 128, 128, 1)">19</span> <span style="color: rgba(0, 128, 0, 1)">/**</span>
<span style="color: rgba(0, 128, 128, 1)">20</span> <span style="color: rgba(0, 128, 0, 1)"> * @ClassName: HttpsPort
</span><span style="color: rgba(0, 128, 128, 1)">21</span> <span style="color: rgba(0, 128, 0, 1)"> * @Description: 添加https
</span><span style="color: rgba(0, 128, 128, 1)">22</span> <span style="color: rgba(0, 128, 0, 1)"> * @date 2018年3月14日
</span><span style="color: rgba(0, 128, 128, 1)">23</span> <span style="color: rgba(0, 128, 0, 1)"> *
</span><span style="color: rgba(0, 128, 128, 1)">24</span><span style="color: rgba(0, 128, 0, 1)">*/</span>
<span style="color: rgba(0, 128, 128, 1)">25</span> <span style="color: rgba(0, 0, 0, 1)">@Configuration
</span><span style="color: rgba(0, 128, 128, 1)">26</span> <span style="color: rgba(0, 0, 255, 1)">public</span> <span style="color: rgba(0, 0, 255, 1)">class</span><span style="color: rgba(0, 0, 0, 1)"> HttpsPort {
</span><span style="color: rgba(0, 128, 128, 1)">27</span>
<span style="color: rgba(0, 128, 128, 1)">28</span> @Value("${server.port}"<span style="color: rgba(0, 0, 0, 1)">)
</span><span style="color: rgba(0, 128, 128, 1)">29</span> <span style="color: rgba(0, 0, 255, 1)">private</span><span style="color: rgba(0, 0, 255, 1)">int</span><span style="color: rgba(0, 0, 0, 1)"> sPort;
</span><span style="color: rgba(0, 128, 128, 1)">30</span>
<span style="color: rgba(0, 128, 128, 1)">31</span> @Value("${http.port}"<span style="color: rgba(0, 0, 0, 1)">)
</span><span style="color: rgba(0, 128, 128, 1)">32</span> <span style="color: rgba(0, 0, 255, 1)">private</span><span style="color: rgba(0, 0, 255, 1)">int</span><span style="color: rgba(0, 0, 0, 1)"> hPort;
</span><span style="color: rgba(0, 128, 128, 1)">33</span>
<span style="color: rgba(0, 128, 128, 1)">34</span> <span style="color: rgba(0, 0, 255, 1)">private</span> <span style="color: rgba(0, 0, 255, 1)">static</span> <span style="color: rgba(0, 0, 255, 1)">class</span> Tomcat <span style="color: rgba(0, 0, 255, 1)">extends</span> TomcatEmbeddedServletContainerFactory{<span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)"> 静态内部类</span>
<span style="color: rgba(0, 128, 128, 1)">35</span> <span style="color: rgba(0, 0, 0, 1)"> @Override
</span><span style="color: rgba(0, 128, 128, 1)">36</span> <span style="color: rgba(0, 0, 255, 1)">protected</span> <span style="color: rgba(0, 0, 255, 1)">void</span><span style="color: rgba(0, 0, 0, 1)"> postProcessContext(Context context) {
</span><span style="color: rgba(0, 128, 128, 1)">37</span> SecurityConstraint constraint = <span style="color: rgba(0, 0, 255, 1)">new</span><span style="color: rgba(0, 0, 0, 1)"> SecurityConstraint();
</span><span style="color: rgba(0, 128, 128, 1)">38</span> constraint.setUserConstraint("CONFIDENTIAL"<span style="color: rgba(0, 0, 0, 1)">);
</span><span style="color: rgba(0, 128, 128, 1)">39</span> SecurityCollection collection = <span style="color: rgba(0, 0, 255, 1)">new</span><span style="color: rgba(0, 0, 0, 1)"> SecurityCollection();
</span><span style="color: rgba(0, 128, 128, 1)">40</span> collection.addPattern("/*"<span style="color: rgba(0, 0, 0, 1)">);
</span><span style="color: rgba(0, 128, 128, 1)">41</span> <span style="color: rgba(0, 0, 0, 1)"> constraint.addCollection(collection);
</span><span style="color: rgba(0, 128, 128, 1)">42</span> <span style="color: rgba(0, 0, 0, 1)"> context.addConstraint(constraint);
</span><span style="color: rgba(0, 128, 128, 1)">43</span> <span style="color: rgba(0, 0, 0, 1)"> }
</span><span style="color: rgba(0, 128, 128, 1)">44</span> <span style="color: rgba(0, 0, 0, 1)"> }
</span><span style="color: rgba(0, 128, 128, 1)">45</span>
<span style="color: rgba(0, 128, 128, 1)">46</span> <span style="color: rgba(0, 0, 0, 1)"> @Bean
</span><span style="color: rgba(0, 128, 128, 1)">47</span> <span style="color: rgba(0, 0, 255, 1)">public</span> EmbeddedServletContainerFactory servletContainer() {<span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)"> 创建新的tomcat示例,指向定义的http连接</span>
<span style="color: rgba(0, 128, 128, 1)">48</span> Tomcat tomcat = <span style="color: rgba(0, 0, 255, 1)">new</span><span style="color: rgba(0, 0, 0, 1)"> Tomcat();
</span><span style="color: rgba(0, 128, 128, 1)">49</span> <span style="color: rgba(0, 0, 0, 1)"> tomcat.addAdditionalTomcatConnectors(httpConnector());
</span><span style="color: rgba(0, 128, 128, 1)">50</span> <span style="color: rgba(0, 0, 255, 1)">return</span><span style="color: rgba(0, 0, 0, 1)"> tomcat;
</span><span style="color: rgba(0, 128, 128, 1)">51</span> <span style="color: rgba(0, 0, 0, 1)"> }
</span><span style="color: rgba(0, 128, 128, 1)">52</span>
<span style="color: rgba(0, 128, 128, 1)">53</span> <span style="color: rgba(0, 0, 0, 1)"> @Bean
</span><span style="color: rgba(0, 128, 128, 1)">54</span> <span style="color: rgba(0, 0, 255, 1)">public</span><span style="color: rgba(0, 0, 0, 1)"> Connector httpConnector() {
</span><span style="color: rgba(0, 128, 128, 1)">55</span> Connector connector = <span style="color: rgba(0, 0, 255, 1)">new</span> Connector("org.apache.coyote.http11.Http11NioProtocol"<span style="color: rgba(0, 0, 0, 1)">);
</span><span style="color: rgba(0, 128, 128, 1)">56</span> connector.setScheme("http"<span style="color: rgba(0, 0, 0, 1)">);
</span><span style="color: rgba(0, 128, 128, 1)">57</span> <span style="color: rgba(0, 0, 0, 1)"> connector.setPort(hPort);
</span><span style="color: rgba(0, 128, 128, 1)">58</span> connector.setSecure(<span style="color: rgba(0, 0, 255, 1)">false</span><span style="color: rgba(0, 0, 0, 1)">);
</span><span style="color: rgba(0, 128, 128, 1)">59</span> <span style="color: rgba(0, 0, 0, 1)"> connector.setRedirectPort(sPort);
</span><span style="color: rgba(0, 128, 128, 1)">60</span> <span style="color: rgba(0, 0, 255, 1)">return</span><span style="color: rgba(0, 0, 0, 1)"> connector;
</span><span style="color: rgba(0, 128, 128, 1)">61</span> <span style="color: rgba(0, 0, 0, 1)"> }
</span><span style="color: rgba(0, 128, 128, 1)">62</span>
<span style="color: rgba(0, 128, 128, 1)">63</span> }</pre>
</div>
<p> <span style="color: rgba(243, 59, 69, 1); font-family: 宋体; font-size: 15px">Nginx配置:</span></p>
<p><span style="font-family: 宋体; font-size: 15px"> <strong>1.打开linux下Nginx安装目录找到配置文件nginx.conf(一般路径为:/usr/local/nginx/conf)进行如下配置</strong></span></p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 128, 1)"> 1</span> <span style="color: rgba(0, 0, 0, 1)"># HTTPS server
</span><span style="color: rgba(0, 128, 128, 1)"> 2</span> <span style="color: rgba(0, 0, 0, 1)"> server {
</span><span style="color: rgba(0, 128, 128, 1)"> 3</span> listen 443<span style="color: rgba(0, 0, 0, 1)"> ssl;#网页浏览端口,主要是用于HTTPS服务
</span><span style="color: rgba(0, 128, 128, 1)"> 4</span> <span style="color: rgba(0, 0, 0, 1)"> server_namewww.asquirrel.cn asquirrel.cn;#顶级域名,二级域名
</span><span style="color: rgba(0, 128, 128, 1)"> 5</span> <span style="color: rgba(0, 0, 0, 1)"> ssl on;
</span><span style="color: rgba(0, 128, 128, 1)"> 6</span> <span style="color: rgba(0, 0, 0, 1)"> ssl_certificate 1_asquirrel.cn_bundle.crt;#证书路径
</span><span style="color: rgba(0, 128, 128, 1)"> 7</span> <span style="color: rgba(0, 0, 0, 1)"> ssl_certificate_key 2_asquirrel.cn.key;#证书秘钥路径
</span><span style="color: rgba(0, 128, 128, 1)"> 8</span> <span style="color: rgba(0, 0, 0, 1)"> ssl_session_timeout5m;
</span><span style="color: rgba(0, 128, 128, 1)"> 9</span> <span style="color: rgba(0, 0, 0, 1)"> fastcgi_param HTTPS on;
</span><span style="color: rgba(0, 128, 128, 1)">10</span> <span style="color: rgba(0, 0, 0, 1)"> fastcgi_param HTTP_SCHEME https;
</span><span style="color: rgba(0, 128, 128, 1)">11</span> location /<span style="color: rgba(0, 0, 0, 1)"> {
</span><span style="color: rgba(0, 128, 128, 1)">12</span> proxy_pass https:<span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">ewp_web_contract; #代理转发的路径</span>
<span style="color: rgba(0, 128, 128, 1)">13</span> proxy_redirect <span style="color: rgba(0, 0, 255, 1)">default</span><span style="color: rgba(0, 0, 0, 1)">;
</span><span style="color: rgba(0, 128, 128, 1)">14</span> <span style="color: rgba(0, 0, 0, 1)"> proxy_set_header Host $host;
</span><span style="color: rgba(0, 128, 128, 1)">15</span> proxy_set_header X-Real-<span style="color: rgba(0, 0, 0, 1)">IP $remote_addr;
</span><span style="color: rgba(0, 128, 128, 1)">16</span> proxy_set_header X-Forwarded-<span style="color: rgba(0, 0, 255, 1)">for</span><span style="color: rgba(0, 0, 0, 1)"> $proxy_add_x_forwarded_for;
</span><span style="color: rgba(0, 128, 128, 1)">17</span> proxy_set_header X-Forwarded-<span style="color: rgba(0, 0, 0, 1)">Proto https;
</span><span style="color: rgba(0, 128, 128, 1)">18</span> error_page 502 = /500<span style="color: rgba(0, 0, 0, 1)">.html;
</span><span style="color: rgba(0, 128, 128, 1)">19</span> <span style="color: rgba(0, 0, 0, 1)"> }
</span><span style="color: rgba(0, 128, 128, 1)">20</span>
<span style="color: rgba(0, 128, 128, 1)">21</span> }</pre>
</div>
<p><span style="font-family: 宋体; font-size: 15px"> <strong>2.将下载好的证书放在与nginx.conf同级目录下,可新建文件夹,也可不建。<span style="color: rgba(255, 0, 0, 1)">证书用Nignx文件夹下的,不要用其他文件夹下的</span></strong></span></p>
<p><span style="font-family: 宋体; font-size: 15px"><span style="color: rgba(255, 0, 0, 1)"><img src="https://img2018.cnblogs.com/common/1708164/202001/1708164-20200110161958961-1525232939.png"></span></span></p>
<p><span style="color: rgba(0, 0, 0, 1)"><span style="font-family: 宋体"> </span><strong><span style="font-family: 宋体; font-size: 15px">3.监听80端口,转发请求</span></strong></span></p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 128, 1)">1</span> <span style="color: rgba(0, 0, 0, 1)">server {
</span><span style="color: rgba(0, 128, 128, 1)">2</span> listen 80<span style="color: rgba(0, 0, 0, 1)">;
</span><span style="color: rgba(0, 128, 128, 1)">3</span> <span style="color: rgba(0, 0, 0, 1)"> server_nameasquirrel.cn;#访问的路径
</span><span style="color: rgba(0, 128, 128, 1)">4</span> <span style="color: rgba(0, 0, 255, 1)">if</span> ($host != 'www.asquirrel.cn'<span style="color: rgba(0, 0, 0, 1)">) {
</span><span style="color: rgba(0, 128, 128, 1)">5</span> rewrite ^/(.*)$ https:<span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">www.asquirrel.cn/$1 permanent;#转发的路径</span>
<span style="color: rgba(0, 128, 128, 1)">6</span> <span style="color: rgba(0, 0, 0, 1)"> }
</span><span style="color: rgba(0, 128, 128, 1)">7</span>
<span style="color: rgba(0, 128, 128, 1)">8</span> }</pre>
</div>
<p> <strong><span style="font-family: 宋体; font-size: 15px">4.项目web模块需做如下配置(主要作用于项目内部进行https交互)</span></strong></p>
<p><span style="font-family: 宋体; font-size: 15px"> 第一:添加tomcat文件夹下的证书</span></p>
<p><span style="font-family: 宋体; font-size: 15px"><span style="color: rgba(255, 0, 0, 1)"><img src="https://img2018.cnblogs.com/common/1708164/202001/1708164-20200110162238015-920062306.png"></span></span></p>
<p><span style="font-family: 宋体; font-size: 15px"><span style="color: rgba(255, 0, 0, 1)"> <span style="color: rgba(0, 0, 0, 1)">第二:配置application.properties</span></span></span></p>
<p><span style="font-family: 宋体; font-size: 15px"><span style="color: rgba(255, 0, 0, 1)"><span style="color: rgba(0, 0, 0, 1)"> <img src="https://img2018.cnblogs.com/common/1708164/202001/1708164-20200110162313041-446989252.png"></span></span></span></p>
<p><span style="font-family: 宋体; font-size: 15px"><span style="color: rgba(255, 0, 0, 1)"> <strong> <span style="color: rgba(0, 0, 0, 1)">5.重启项目web层服务和Nignx,访问域名就可以看到浏览器显示安全标志</span></strong></span></span></p><br><br>
来源:https://www.cnblogs.com/yzss/p/12176756.html
頁:
[1]