JAVA项目自签https教程,包含jar包、war包、nginx三种部署方式(windwos版)

WangChenGe
369 阅读2分钟

JAVA项目自签https教程,包含jar包、war包、nginx三种部署方式(windwos版)

一、nginx部署(windows版)

1.下载OpenSSL OpenSSL Installer for Windows

2.生成ningx支持的密钥对

openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout D:\nginx.key -out D:\nginx.pem

注:-days 为证书有效期,D:\nginx.key为生成密钥路径

3.配置文件:

server {
    listen 8080 ssl;
    server_name localhost;  # 替换为你的域名
    ssl_certificate D:/nginx-1.19.10/nginx.pem;
    ssl_certificate_key D:/nginx-1.19.10/nginx.key;

     location / {	
        	proxy_pass http://localhost:8443;//后端地址
        }
   }

重载nginx命令 nginx.exe -s reload

4.启动nginx,访问地址为 https://localhost:8080

二、jar包部署(windwos版)

1.进入jdk安装目录bin文件夹下,用jdk生成密钥

keytool.exe -genkeypair -alias myapp -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore keystore.p12 -validity 3650

2. 配置Spring Boot应用程序

注:3650 为证书有效期,密钥默认生成地址为C:\用户\用户名称\keystore.p12, 运行此命令时,系统会提示你输入一些信息,如国家名、组织名等。这些信息将嵌入到你的证书中。你还需要为密钥库和密钥设置密码

2.将keystore.p12放在resources下并配置application.propertiesapplication.yml

server.port=8443
server.ssl.key-store=classpath:keystore.p12 
server.ssl.key-store-password=123456
server.ssl.keyStoreType=PKCS12 
server.ssl.keyAlias=myapp

server:
  ssl:
    key-store: classpath:keystore.p12
    key-store-password: 123456
    key-store-type: PKCS12
    key-alias: myapp

注:key-store-password为生成密钥输入的密码

4.启动jar包,访问HTTPS站点 https://localhost:8443

5.若要强制https跳转 在springboot启动类中添加以下代码

@Bean
public Connector connector(){
    Connector connector=new Connector("org.apache.coyote.http11.Http11NioProtocol");
    connector.setScheme("http");
    connector.setPort(8080);//http访问端口
    connector.setSecure(false);
    connector.setRedirectPort(8443);//https访问端口
    return connector;
}
//拦截所有请求
@Bean
public TomcatServletWebServerFactory tomcatServletWebServerFactory(Connector connector){
    TomcatServletWebServerFactory tomcat=new TomcatServletWebServerFactory(){
        @Override
        protected void postProcessContext(Context context) {
            SecurityConstraint securityConstraint=new SecurityConstraint();
            securityConstraint.setUserConstraint("CONFIDENTIAL");
            SecurityCollection collection=new SecurityCollection();
            collection.addPattern("/*");
            securityConstraint.addCollection(collection);
            context.addConstraint(securityConstraint);
        }
    };
    tomcat.addAdditionalTomcatConnectors(connector);
    return tomcat;
}

6.访问HTTP站点 http://localhost:8080 会强制跳转至https://localhost:8443

三、war包tomcat部署(windwos版)

1.jdk生成密钥方法如上 2.配置tomcat配置文件server.xml

  <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
           maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS"
           keystoreFile="D:\Program Files\apache-tomcat-9.0.78\conf\keystore.p12" keystoreType="PKCS12" keystorePass="123456" />

注:keystoreFile 为密钥存放地址,keystorePass为生成密钥输入的密码

3.启动tomcat,访问HTTPS站点 https://localhost:8443

avatar
文章
阅读
粉丝