前言
在實際開發過程中,如果後端需要啟用https訪問,通常專案啟動後配置nginx代理再配置https,前端呼叫時高版本的chrome還會因為證書未信任導致呼叫失敗,透過摸索整理一套開發除錯下的https方案,特此分享
後端配置
生成HTTPS金鑰
keytool -genkeypair -alias tomcat -keyalg RSA -keysize 2048 -ext "SAN=IP:192.168.1.14" -keypass abcd@1234 -keystore frame.jks -storepass abcd@1234 -validity 360000
SAN需要設定你自己電腦的固定ip
配置SSL訪問
這裡以2.0.0.RELEASE版本為例
server:
ssl:
key-store: classpath:systemfile/frame.jks
key-store-password: abcd@1234
key-store-type: JKS
key-alias: tomcat
如果需要打包部署測試環境,需要新增以下配置將jks金鑰排除在外
<resources>
<resource>
<filtering>true</filtering>
<directory>src/main/resources</directory>
<excludes>
<exclude>**/*.jks</exclude>
</excludes>
</resource>
<resource>
<filtering>false</filtering>
<directory>src/main/resources</directory>
<includes>
<include>**/*.jks</include>
</includes>
</resource>
</resources>
建立TomcatConfig配置信任
@Configuration
public class TomcatConfig {
@Bean
public TomcatServletWebServerFactory servletContainer() {
TomcatServletWebServerFactory tomcatServletContainerFactory = new TomcatServletWebServerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint constraint = new SecurityConstraint();
constraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
constraint.addCollection(collection);
context.addConstraint(constraint);
}
};
tomcatServletContainerFactory.addConnectorCustomizers(new FrameTomcatConnectorCustomizer());
return tomcatServletContainerFactory;
}
}
瀏覽器設定
使用360瀏覽器訪問系統後臺管理地址,點選位址列的檢視證書並匯出
開啟360瀏覽期設定,搜尋證書,配置SSL證書,在受信任的根證書派發機構和受信任的釋出者兩個tab下匯入剛才匯出的證書
關閉瀏覽器重新開啟,訪問系統地址,位址列鎖變綠則代表配置成功
開發除錯
postman在除錯https介面時在Setting目錄關閉SSL驗證