前言
本文是基于Docker安装的Nginx,并且假设已经配置好证书的Nginx进行项目部署
正文
一、https证书下载并配置
1、项目基于Springboot内置Tomcat,启动,下载Tomcat证书
2、解压之后放入项目中的根目录中
3、修改application.yml配置文件
server: port: 9100 ssl: key-store: classpath:123_www.example.pfx #证书的路径 key-store-password: 666666 #密码
4、如果最后访问时候报错,可以尝试把该证书上传到服务器和jar包同一目录下。
二、SpringBoot项目配置
1、tomcat 配置类
import org.apache.catalina.Context; import org.apache.catalina.connector.Connector; import org.apache.tomcat.util.descriptor.web.SecurityCollection; import org.apache.tomcat.util.descriptor.web.SecurityConstraint; import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory; import org.springframework.boot.web.servlet.server.ServletWebServerFactory; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; /** * @author xiaojie * @version 1.0 * @description: tomcat配置http转htttps * @date 2022/5/7 8:52 */ @Configuration public class TomcatConfig { @Value("${my.httpServer.port}") private Integer httpServerPort; //http的端口 @Value("${server.port}") private Integer serverPort;//https的端口,也是配置文件中配置的端口 @Bean public ServletWebServerFactory servletContainer() { TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() { @Override protected void postProcessContext(Context context) { SecurityConstraint securityConstraint = new SecurityConstraint(); securityConstraint.setUserConstraint("CONFIDENTIAL"); SecurityCollection collection = new SecurityCollection(); collection.addPattern("/*"); securityConstraint.addCollection(collection); context.addConstraint(securityConstraint); } }; tomcat.addAdditionalTomcatConnectors(redirectConnector()); return tomcat; } private Connector redirectConnector() { Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); connector.setScheme("http"); connector.setPort(httpServerPort); connector.setSecure(false); connector.setRedirectPort(serverPort); return connector; } }
配置文件
1. my: 2. httpServer: 3. port: 8100
2、然后将文件打包,并命名为xxx_9100.jar,上传到服务器。
将上面的端口8100修改为8101,9100端口不修改,在启动参数中修改,打包后上传到服务器。
打俩个jar包是为了做主备,也可以只打一个jar。
三、Nginx配置文件
1、myapp.conf
upstream myapp{ server ip:9100; #此处的ip写服务器的真实ip,因为是docker构建的,不然可能访问不到 server ip:9101 backup; #备机 } server { listen 443 ssl; server_name www.example.com; ssl_certificate certs/1_www.example.com.pem; ssl_certificate_key certs/1_www.example.com.key; ssl_session_timeout 5m; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_session_cache shared:SSL:1m; fastcgi_param HTTPS on; fastcgi_param HTTP_SCHEME https; location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 10s; proxy_send_timeout 60s; proxy_read_timeout 60s; proxy_ignore_client_abort on; proxy_pass https://myapp/; #此处与上面的upstream处对应 } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } }
2、启动项目
1. nohup java -jar -Dserver.port=9100 abc_9100.jar >log_9100.log & 2. nohup java -jar -Dserver.port=9101 abc_9101.jar >log_9101.log &
说明:9100和9101端口是nginx映射的端口,也是项目application.yml中配置项目的端口
3、启动项目
