web前后端 http转https
生活随笔
收集整理的這篇文章主要介紹了
web前后端 http转https
小編覺得挺不錯(cuò)的,現(xiàn)在分享給大家,幫大家做個(gè)參考.
1.轉(zhuǎn)換前準(zhǔn)備
http轉(zhuǎn)https需要一個(gè)證書、本文已ssl證書舉例,只有認(rèn)證的證書才能被認(rèn)可。阿里云可以申請免費(fèi)的證書, 但是生成證書需要域名。且域名要綁定ip。故ssl申請前需要域名。可上阿里云購買。
證書申請教程:證書申請
綁定ip:如果沒有服務(wù)器、也可以用本地ip代替。
?
2.后端spring boot http 轉(zhuǎn) https
1) 下載對應(yīng)tomcat證書
2) 將證書移動(dòng)到spring boot 中的resources文件夾下、配置application.yml或application.properties
application.properties:
#https 端口 server.port: 7001 #http端口 server.http.port: 7000 # 用的是公司的證書 此處不再提供,請?zhí)鎿Q成自己的證書 server.ssl.key-store: classpath:xx.pfx server.ssl.key-store-password: 96XP9E9F server.ssl.keyStoreType: PKCS12application.yml
server:port: 9004http:port: 9003ssl:key-store: classpath:XX.pfxkey-store-type: PKCS12enabled: true#密碼key-store-password: j0B2b291Dd3) http的端口自動(dòng)跳轉(zhuǎn)到https端口
HttpsConfig.java
import org.apache.catalina.Context; import org.apache.catalina.connector.Connector; import org.apache.tomcat.util.descriptor.web.SecurityCollection; import org.apache.tomcat.util.descriptor.web.SecurityConstraint; import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory; import org.springframework.context.annotation.Bean; import org.springframework.stereotype.Component;/*** HTTP自動(dòng)轉(zhuǎn)向HTTPS的配置**/ @Component public class HttpsConfig {/*** http的端口*/@Value("${server.http.port}")private int httpPort;/*** https的端口*/@Value("${server.port}")private int httpsPort;@Beanpublic TomcatServletWebServerFactory tomcatServletWebServerFactory() {TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory() {@Overrideprotected void postProcessContext(Context context) {SecurityConstraint securityConstraint = new SecurityConstraint();securityConstraint.setUserConstraint("CONFIDENTIAL");SecurityCollection securityCollection = new SecurityCollection();securityCollection.addPattern("/*");securityConstraint.addCollection(securityCollection);context.addConstraint(securityConstraint);}};factory.addAdditionalTomcatConnectors(httpConnector());return factory;}@Beanpublic Connector httpConnector() {Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");connector.setScheme("http");//Connector監(jiān)聽的http的端口號connector.setPort(httpPort);connector.setSecure(false);//監(jiān)聽到http的端口號后轉(zhuǎn)向到的https的端口號connector.setRedirectPort(httpsPort);return connector;} }報(bào)紅是因?yàn)楫?dāng)前的域名所對應(yīng)的ip和服務(wù)器ip不一致所致, 將域名對應(yīng)的IP和服務(wù)器ip對應(yīng)即可解決問題。可通過ping 域名查詢域名所對應(yīng)的地址。
?3.nginx 配置http轉(zhuǎn)https(docker)
nginx.conf
user nginx; worker_processes auto;error_log /var/log/nginx/error.log notice; pid /var/run/nginx.pid;events {worker_connections 1024; }http {include /etc/nginx/mime.types;default_type application/octet-stream;log_format main '$remote_addr - $remote_user [$time_local] "$request" ''$status $body_bytes_sent "$http_referer" ''"$http_user_agent" "$http_x_forwarded_for"';access_log /var/log/nginx/access.log main;sendfile on;#tcp_nopush on;keepalive_timeout 65;#gzip on;include /etc/nginx/conf.d/*.conf;server { listen 80; server_name www.aaa.bbb.fun;rewrite ^(.*)$ https://${server_name}$1 permanent;}server {listen 443 ssl;server_name www.aaa.bbb.fun;ssl_certificate /ssl/6431157_aaa.bbb.fun.pem;ssl_certificate_key /ssl/6431157_aaa.bbb.fun.key;ssl_session_cache shared:SSL:10m;ssl_session_timeout 5m;ssl_protocols SSLv3 TLSv1.1 TLSv1.2;ssl_ciphers HIGH:!ADH:!EXPORT56:RC4+RSA:+MEDIUM;ssl_prefer_server_ciphers on;location / {proxy_set_header Host $host; proxy_set_header X-real-ip $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; root /usr/share/nginx/html;index index.html index.htm;add_header Access-Control-Allow-Origin *;}error_page 500 502 503 504 /50x.html;location = /50x.html {root html;}} }dokcer運(yùn)行:
#運(yùn)行容器 docker run -d -p 30014:443 --name jsjmh-web -v ~/nginx/jsj/dist:/usr/share/nginx/html -v ~/nginx/jsj/conf/nginx.conf:/etc/nginx/nginx.conf -v ~/nginx/jsj/logs:/var/log/nginx -v ~/nginx/jsj/ssl:/ssl nginx#運(yùn)行說明 -v ~/nginx/jsj/dist:/usr/share/nginx/html 靜態(tài)頁面掛載 -v ~/nginx/jsj/conf/nginx.conf:/etc/nginx/nginx.conf 配置文件掛載 -v ~/nginx/jsj/logs:/var/log/nginx 日志掛載 -v ~/nginx/jsj/ssl:/ssl ssl證書掛載總結(jié)
以上是生活随笔為你收集整理的web前后端 http转https的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 申请大额信用卡为什么被拒绝
- 下一篇: python编码解码单词_在使用w2v时