In February, Google announced that, starting in July, the Chrome browser’s address bar would mark all HTTP sites as unsafe. Now that it’s the end of June, it’s time to ditch HTTP and embrace HTTPS, which is easily monitored by third parties.

Upgrade a SpringBoot website to SECURE HTTPS from HTTPS certificate application, HTTPS configuration, and HTTP redirection to HTTPS.

The certificate application

At present, there are not many cloud service providers that provide free HTTPS certificates in China. Tencent, which has always been not generous, is very generous this time. Tencent cloud provides free SSL certificates of Asian honest brand DV version, and users who have registered and authenticated can apply for 20 free certificates.

Create a certificate

Select the certificate

First you need to register and authenticate Tencent Cloud, then enter SSL certificate management menu, click apply certificate button, then select free DVSSL certificate in the pop-up box, click OK button.

Improving domain name Information

Then fill in your domain name information, the general name is the domain name you want to apply for the certificate, and the application email address is your common email address, as shown below:

Complete domain name Verification

After you select DNS authentication, you will see the following information:

Enter the domain name provider background, add a resolution can be:

Finally, return to the certificate verification interface, click the verification can be successful certification, certification after success, wait for the audit can be approved, the general audit time is a few minutes to a few hours.

After completing the audit, you can download the certificate in the certificate list interface. The downloaded file is a ZIP package, which contains the certificate format required by various commonly used web hosting software:

Site configuration

Copy the key

By default, SpringBoot uses Tomcat for website hosting. Therefore, copy the certificate (file extension JKS) from the Tomcat directory in the compressed package to the Resources directory of the SpringBoot project:

Update the configuration

After the certificate is copied, open the application. Yml configuration file and change the port of the website to 443. Key-store-password can be found in the text file in the Tomcat folder of the certificate compression package. In addition, you can configure the SSL certificate type and path information.

Server: address: 0.0.0.0 port: 443 SSL: enabledtrue
    key-store: classpath:luooqi.com.jks
    key-store-password: xxxxxxxxxxxx
    key-store-type: JKS
Copy the code

The project can be accessed by typing https://yourdomain in the address bar. After publishing on the server, you can see the following effect:

Redirect HTTP requests to HTTPS

The website has been upgraded to HTTPS, but many old users do not know this. When they visit the old HTTP address, they find the website is no longer accessible:

So the best thing to do is redirect HTTP to HTTPS. Here’s how to do it in code.

Add HTTP port configuration

Start by adding a custom HTTP port configuration to the configuration file:

http-port: 80
Copy the code

Establish a redirection relationship

Create a new HttpsConfiguration class, inject both the HTTP port and HTTPS port from the configuration file, and create a new Connector to handle HTTP requests. Set the port of Connector to the injected HTTP port and the redirection port to the new HTTPS port.

import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class HttpsConfiguration {
    @Value("${http-port}")
    private int port;

    @Value("${server.port}")
    private int sslPort;

    @Bean
    public ServletWebServerFactory servletContainer() {
        TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
            @Override
            protected void postProcessContext(Context context) {
                SecurityConstraint securityConstraint = new SecurityConstraint();
                securityConstraint.setUserConstraint("CONFIDENTIAL");
                SecurityCollection collection = new SecurityCollection();
                collection.addPattern("/ *"); securityConstraint.addCollection(collection); context.addConstraint(securityConstraint); }}; tomcat.addAdditionalTomcatConnectors(redirectConnector());return tomcat;
    }

    private Connector redirectConnector() {
        Connector connector = new Connector(TomcatServletWebServerFactory.DEFAULT_PROTOCOL);
        connector.setScheme("http");
        connector.setPort(port);
        connector.setSecure(false);
        connector.setRedirectPort(sslPort);
        returnconnector; }}Copy the code

Pay special attention to

Need to pay special attention to in the above code is, TomcatServletWebServerFactory must add HTTP in its postProcessContext method of matching range addPattern (” / * “), or redirect is invalid.

Any Code, Code Any!

Scan code to pay attention to “AnyCode”, programming road, together forward.