# https 設定
1. 產生 SSL certificate
>keytool -genkey -alias tomcat -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650
>
<font color="#f00">這個 certificate 是 self-signed certificate 沒有經過第三方認證, 所以沒有公信力,正式上線會在瀏覽器看到 連線不被信任
</font>
2. application.properies 設定參考
>#https端口号.
server.port: 8443
#证书的路径.
server.ssl.key-store: classpath:keystore.p12
#证书密码,请修改为您自己证书的密码.
server.ssl.key-store-password: springboot
#秘钥库类型
server.ssl.keyStoreType: PKCS12
#证书别名
server.ssl.keyAlias: tomcat
security.require-ssl=true
>
3. Redirect HTTP requests to HTTPS
```java=
@Configuration
public class ServerConfig {
@Bean
public ServletWebServerFactory servletContainer() {
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addAdditionalTomcatConnectors(getHttpConnector());
return tomcat;
}
private Connector getHttpConnector() {
Connector connector = new Connector(TomcatServletWebServerFactory.DEFAULT_PROTOCOL);
connector.setScheme("http");
connector.setPort(8080);
connector.setSecure(false);
connector.setRedirectPort(8443);
return connector;
}
}
```
4. Spring Security
```java=
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.requiresChannel()
.anyRequest()
.requiresSecure();
}
}
```
---
資料來源:
[How to enable HTTPS in a Spring Boot Java application](https://www.thomasvitale.com/https-spring-boot-ssl-certificate/)
[apache-tomcat 8.5 SSL證書佈置及強制https](https://www.itread01.com/content/1543125544.html)
[Nginx 設定 https 連線](https://xyz.cinc.biz/2017/06/nginx-https-ssl.html)
[NGINX 設定 HTTPS 網頁加密連線,建立自行簽署的 SSL 憑證](https://blog.gtwang.org/linux/nginx-create-and-install-ssl-certificate-on-ubuntu-linux/)
[靈活多變的keytool和openssl生成證書,應用tomcat和nginx](https://www.itread01.com/content/1541037805.html#testkeystoretestjks_182)
[如何使用 OpenSSL 建立開發測試用途的自簽憑證 (Self-Signed Certificate)](https://blog.miniasp.com/post/2019/02/25/Creating-Self-signed-Certificate-using-OpenSSL)
[使用 Let’s Encrypt 取得 SSL 來設定 HTTPS 並強制使用 SSL 安全加密協定](https://polinwei.com/use-lets-encrypt-to-get-free-ssl-certificate/)
[Spring Boot 配置 SSL 憑證 jks & p12 的設定](https://polinwei.com/spring-boot-ssl-certificate-configure/)
###### tags: `Spring boot` `https` `tomcat` `Nginx` `openssl` `ssl for free`
Sign in via Google
Sign in via Facebook
Sign in via X(Twitter)
Sign in via GitHub
Sign in via Dropbox
Sign in with Wallet
Connect another wallet