Spring boot Https 設定

1. 產生 SSL certificate


keytool -genkey -alias tomcat -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650



Enter keystore password:
Re-enter new password:
What is your first and last name?
  [Unknown]:  jerry
What is the name of your organizational unit?
  [Unknown]:  td
What is the name of your organization?
  [Unknown]:  com
What is the name of your City or Locality?
  [Unknown]:  taipei
What is the name of your State or Province?
  [Unknown]:  taiwan
What is the two-letter country code for this unit?
  [Unknown]:  tw
Is CN=jarvis, OU=td, O=urad, L=taipei, ST=taiwan, C=tw correct?
  [no]:  yes

這個 certificate 是 self-signed certificate 沒有經過第三方認證, 所以沒有公信力,
正式上線會在瀏覽器看到 連線不被信任

要有公信力的 certificate 最簡單的是 Lets Encrypt, 其他就是花一些錢找簽發 certificate 的組織

2. Enable HTTPS in Spring Boot

Spring Boot 內建的 tomcat 預設 http 是 8080, Spring Boot 可以設定 http 跟 https,
但沒辦法同時存在這兩個設定, 如果要同時存在兩種 connection,
建議依照 文件 建議設定 https,
再透過 programmatically 去設定 http 會比較容易。

相關範例可以參考 : https://github.com/spring-projects/spring-boot/tree/master/spring-boot-samples/spring-boot-sample-tomcat-multi-connectors

application.properies 設定參考


server:
    port: 8443
    ssl.key-store: keystore.p12
    ssl.key-store-password: myKeyPassword
    ssl.keyStoreType: PKCS12
    ssl.keyAlias: tomcat

3. Redirect HTTP to HTTPS



import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.boot.context.embedded.EmbeddedServletContainerFactory;
import org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;

/**
 * Created by jerry on 2017/10/12.
 * 重新導向 Http 到 Https (只運作於 prod 環境)
 * https://drissamri.be/blog/java/enable-https-in-spring-boot/
 */
@Profile("prod")
@Configuration
public class WebConfiguration {

    @Bean
    public EmbeddedServletContainerFactory servletContainer() {
        TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {
            @Override
            protected void postProcessContext(Context context) {
                SecurityConstraint securityConstraint = new SecurityConstraint();
                securityConstraint.setUserConstraint("CONFIDENTIAL");
                SecurityCollection collection = new SecurityCollection();
                collection.addPattern("/*");
                securityConstraint.addCollection(collection);
                context.addConstraint(securityConstraint);
            }
        };

        tomcat.addAdditionalTomcatConnectors(initiateHttpConnector());
        return tomcat;
    }

    private Connector initiateHttpConnector() {
        Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
        connector.setScheme("http");
        connector.setPort(8080);
        connector.setSecure(false);
        connector.setRedirectPort(8443);

        return connector;
    }
}

2 則留言:

  1. 董同学11/11/2018

    請問您的Blogger是怎麼使用Markdown寫作的呢?渲染很好看呢。

    回覆刪除
    回覆
    1. 冬天好涼12/19/2019

      Hi,
      我自己有在後台修改一下 HTML,
      code syntax highlighting 我是用 https://prismjs.com/,
      沒有用 Markdown 寫作, 都是直接寫 HTML, 單純是以前想熟悉 HTML Tags
      我有寫了一篇簡單的 Prism 介紹
      https://jtlearn.blogspot.com/2017/05/blogger-code-syntax-highlighting-with.html
      希望有協助到您,

      刪除

訂閱: 張貼留言 (Atom)