1 background
Many projects did not add support for HTTPS in the early stage of development, and in the subsequent use of the process of increasing support for HTTPS, this paper will start from different solutions.
2 plan:
2.1 Solution 1: Springboot + HTTPS
2.1.1 Generating a Certificate
If the JAVA development environment is configured, you can run the keytool command to generate the certificate. We open the console and type:
keytool -genkey -alias tomcat -dname "CN=Andy,OU=kfit,O=kfit,L=HaiDian,ST=BeiJing,C=CN" -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 365
Copy the code
Then enter the password, which will be used in the configuration file below. The generated certificate is under c://users.
2.2.2 Modifying the Configuration File
HTTP port number # server. HTTP. Port = 8081 # HTTPS port Numbers for server port = 8080 # HTTPS certificate address server SSL. The key - store = classpath: server keystore Server.ssl. key-store-password=123456 server.ssl.key-password=123456 Server.ssl. enabled-protocols=TLSv1.1,TLSv1.2 # Supported SSL password server.ssl.ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_C BC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH _AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHACopy the code
2.2.3 Save the certificate in the Resource directory
2.2.4 Adding the Tomcat Configuration File
@Configuration public class TomcatConfig { @Bean public TomcatServletWebServerFactory tomcatServletWebServerFactory(){ TomcatServletWebServerFactory tomcat =new TomcatServletWebServerFactory(); tomcat.addAdditionalTomcatConnectors(httpConnector()); return tomcat; } @Bean public Connector httpConnector() { Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); connector.setScheme("http"); Connector.setport (8080); // Connector.setPort (8080); connector.setSecure(false); / / after listening to the HTTP port number to the HTTPS port / / the setRedirectPort (8081); return connector; }}Copy the code
2.2.4 validation
Note Both the HTTPS port and HTTP port are enabled
2.2 Solution 2: Nginx+ HTTPS
Configure HTTPS support using Ngiinx.
2.1.1 Generating a Certificate
Certificates available through some free platforms
2.1.2 Installing nginx under Docker
- 1 Copy the local nginx image to a folder on the server
- 2 Create the /etc/nginx, /etc/nginx/cert directory
- 3 Copy the certificate to /etc/nginx/cert
- 4 Copy the nginx.conf file to the /etc/nginx directory
- 5 Modify the nginx.conf configuration file as follows:
user nginx; worker_processes 1; #error_log /var/log/nginx/error.log info; #pid /var/run/nginx.pid; events { worker_connections 1024; } http { # include /etc/nginx/mime.types; default_type application/octet-stream; #error_log /var/log/nginx/http.log info; #access_log /var/log/nginx/access.log; client_max_body_size 1024M; sendfile on; Upstream Web {server 192.168.122.70:8080; } server { listen 90; location / { proxy_set_header Host $host; Proxy_http_version 1.1; proxy_set_header Connection ""; proxy_set_header client-ip $remote_addr; proxy_pass http://web; } } #https server { listen 80 default ssl; ssl_certificate /etc/nginx/cert/cert.pem; ssl_certificate_key /etc/nginx/cert/key.pem; location / { proxy_set_header Host $host; Proxy_http_version 1.1; proxy_set_header Connection ""; proxy_set_header client-ip $remote_addr; proxy_set_header is-https "1"; proxy_pass http://web; }}}Copy the code
- 6 docker in nginx
Docker load - input $PWD/app/nginx/nginx - 1.19.6. TarCopy the code
- 7 docker run nginx
docker run --privileged=true --net=host --name nginx -v /etc/nginx/nginx.conf:/etc/nginx/nginx.conf -v The/etc/nginx/cert: / etc/nginx/cert - d nginx: 1.19.6Copy the code
2.2.3 validation
After accessing port 80, the request is found to be HTTPS
3 Scheme Comparison
contrast | Springboot+https | Springboot+https |
---|---|---|
Whether certificate is required | Need to be | Need to be |
Whether you need to change the code | Need to be | no |
Whether to introduce third-party plug-ins or middleware | no | Need to be |
The efficiency of | Did not test | Did not test |