nginx使用ssl模組配置HTTPS支援

百聯達發表於2015-03-18
NginxHTTP
一:生成證照

$ cd /usr/local/nginx/conf
建立伺服器私鑰,命令會讓你輸入一個口令:

$ openssl genrsa -des3 -out server.key 1024
建立簽名請求的證照(CSR):

$ openssl req -new -key server.key -out server.csr
在載入SSL支援的Nginx並使用上述私鑰時除去必須的口令:


$ cp server.key server.key.org
$ openssl rsa -in server.key.org -out server.key

二: 配置nginx
最後標記證照使用上述私鑰和CSR:


$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
修改Nginx配置檔案,讓其包含新標記的證照和私鑰:


server {
    server_name localhost;
    listen 443;
    ssl on;
    ssl_certificate /usr/local/nginx/conf/server.crt;
    ssl_certificate_key /usr/local/nginx/conf/server.key;
}
重啟nginx。

另外還可以加入如下程式碼實現80埠重定向到443


server {
listen 80;
server_name ww.centos.bz;
rewrite ^(.*) permanent;
}

: Apache HttpClient模擬https呼叫

import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;


import org.apache.http.client.HttpClient;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.PlainSocketFactory;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.PoolingClientConnectionManager;
import org.apache.log4j.Logger;


public class SSLHttpClientFactory {


private static Logger logger = Logger.getLogger(SSLHttpClientFactory.class);


/**
* @description 獲取支援http,https兩種協議的httpClient
* @param 
* @return
* @throws 
*/
public static HttpClient wrapClient(HttpClient httpClient) {
try {
SSLContext ctx = SSLContext.getInstance("TLS");
X509TrustManager tm = new X509TrustManager() {


@Override
public void checkClientTrusted(
java.security.cert.X509Certificate[] chain,
String authType)
throws java.security.cert.CertificateException {


}


@Override
public void checkServerTrusted(
java.security.cert.X509Certificate[] chain,
String authType)
throws java.security.cert.CertificateException {


}


@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {


return null;
}


};
ctx.init(null, new TrustManager[] { tm }, null);
SSLSocketFactory ssf = new SSLSocketFactory(ctx,
SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("https", 443, ssf));
registry.register(new Scheme("http", 80, PlainSocketFactory
.getSocketFactory()));
ClientConnectionManager mgr = new PoolingClientConnectionManager(
registry);
return new DefaultHttpClient(mgr, httpClient.getParams());
} catch (Exception e) {
logger.error("封裝https client異常", e);
return httpClient;
}


}


}
=====================================================================

 /**
     * @description 傳送json請求,並返回結果
     * @param url
     *            請求地址
     * @param jsonRequest
     *            請求引數
     * @return jsonResponse 返回結果
     * @throws
     */
    public static String sendJsonRequest(String url, String jsonRequest)
            throws Exception {
    logger.info("請求URL:" + url);
        logger.info("請求引數:" + jsonRequest);
        String jsonResponse = null;
        httpClient = new DefaultHttpClient();
       httpClient = SSLHttpClientFactory.wrapClient(httpClient );
        postMethod = new HttpPost(url);


        StringEntity entity = new StringEntity(jsonRequest, "UTF-8");
        entity.setContentEncoding(new BasicHeader(HTTP.CONTENT_ENCODING,
                Consts.UTF_8.toString()));
        entity.setContentType(new BasicHeader(HTTP.CONTENT_TYPE,
                "application/json;charset=UTF-8"));


        postMethod.setEntity(entity);
        postMethod.getParams().setParameter(
                CoreProtocolPNames.USER_AGENT,
                System.getProperty("os.name") + "(version "
                        + System.getProperty("os.version") + " "
                        + System.getProperty("os.arch") + ") "
                        + System.getProperty("user.language"));
      //新增頭資訊告訴服務端可以對Response進行GZip壓縮  
        postMethod.setHeader("Accept-Encoding", "gzip, deflate");
        // 開始請求
        startTime = System.currentTimeMillis();
        HttpResponse response = httpClient.execute(postMethod);


        logger.info("status:"+response.getStatusLine().getStatusCode());
        
        // 讀取請求結果
        if (HttpStatus.SC_OK == response.getStatusLine().getStatusCode()) {
            HttpEntity httpEntity = response.getEntity();
            //對gzip壓縮過的返回結果 進行解密
            if(response.getFirstHeader("Content-Encoding") != null  && response.getFirstHeader("Content-Encoding").getValue().toLowerCase().indexOf("gzip") > -1) 
            {
            jsonResponse =dealGzipResponse(response);
            }
            else {
            jsonResponse = EntityUtils.toString(httpEntity);

}


        }
        endTime = System.currentTimeMillis();
        logger.info("返回結果size:" + jsonResponse.length());
        logger.info("返回結果:" + Des3.decode(jsonResponse,"B30588A0EF18527DBBFB5ADB"));
        logger.info("本次請求花費時間:" + (endTime - startTime) + "ms");


        return jsonResponse;


    }
    
    
    
    /**
     * @description 解析gzip返回結果
     * @param 
     * @return
     * @throws 
     */
    public static String dealGzipResponse(HttpResponse response) throws IOException
    {
    logger.info("=======解析gzip返回結果==========");
    InputStream is = response.getEntity().getContent(); 
        GZIPInputStream  gzin = new GZIPInputStream(is);  
        
        InputStreamReader isr = new InputStreamReader(gzin,"UTF-8");   
        java.io.BufferedReader br = new java.io.BufferedReader(isr);  
        StringBuffer sb = new StringBuffer();   
        String tempbf;  
        while ((tempbf = br.readLine()) != null) {  
            sb.append(tempbf);  
        }  
        isr.close();  
        gzin.close();  
        
        return sb.toString();
    }

來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/28624388/viewspace-1464716/,如需轉載,請註明出處,否則將追究法律責任。

相關文章