一般使用SpringBoot开发应用程序都是使用的tomcat 稍微注意点性能就使用undertow,配置支持https请求常用nginx来做代理,直接用SpringBoot配置还是很少的,八成用不到,就怕需要用到的时候又不能及时弄出来,于是记录一下。
使用的SpringBoot版本
<parent><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-parent</artifactId><version>2.0.5.RELEASE</version><relativePath/> <!-- lookup parent from repository -->
</parent>
直接使用tomcat的话 默认就好
<dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId>
</dependency>
<!-- spring-boot-starter-web 包含了这个的-->
<dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-tomcat</artifactId>
</dependency>
使用jetty
<dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId><exclusions><exclusion><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-tomcat</artifactId></exclusion></exclusions>
</dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-jetty</artifactId>
</dependency>
使用undertow
<dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId><exclusions><exclusion><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-tomcat</artifactId></exclusion></exclusions>
</dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-undertow</artifactId>
</dependency>
在常用的端口这种配置是一样的,根据各自的不同也有不同的配置,比如吞吐量等,直接不配置使用默认配置就好,需要调优再根据具体的需求来选择。
server.port=8080
https请求配置
application.properties配置 三者一样 端口443 ssl证书参考阿里的证书
server.port=443
server.ssl.key-store=classpath:12345678_develop.mayiwu-example.com.pfx
server.ssl.key-store-password=12345678
也还有其他的一些配置
tomcat
方式一 不推荐SslConfig.java
package boot.example.ssl.config;import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;@Configuration
public class SslConfig {/*** http 转 https* 据说有坑,用这种方式将http重定向到https post方式会丢失请求参数,应该是导入的包出错的原因导致的,目前没有遇到,也没有详细测试*/@Beanpublic Connector connector() {Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");connector.setScheme("http");// 监听的http端口connector.setPort(80);connector.setSecure(false);// 监听到http端口后跳转的https端口connector.setRedirectPort(443);return connector;}/*** 拦截所有的请求*/@Beanpublic TomcatServletWebServerFactory tomcatServletWebServerFactory(Connector connector) {TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {@Overrideprotected void postProcessContext(Context context) {SecurityConstraint securityConstraint = new SecurityConstraint();securityConstraint.setUserConstraint("CONFIDENTIAL");SecurityCollection collection = new SecurityCollection();collection.addPattern("/*");securityConstraint.addCollection(collection);context.addConstraint(securityConstraint);}};//TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory();tomcat.addAdditionalTomcatConnectors(connector);return tomcat;}}
方式二
package boot.example.ssl.config;import org.apache.catalina.connector.Connector;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;/*** * 建议使用这种方式**/
@Configuration
public class Ssl2Config {@Beanpublic ServletWebServerFactory servletContainer() {TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory();tomcat.addAdditionalTomcatConnectors(createStandardConnector()); // 添加httpreturn tomcat;}// 配置http 只需要设置port不设置重定向,那么http https都可以访问private Connector createStandardConnector() {Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");connector.setPort(80);return connector;}}
jetty
HttpToHttpsJettyConfig.java
package boot.example.ssl.config;import org.eclipse.jetty.security.ConstraintMapping;
import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.util.security.Constraint;
import org.eclipse.jetty.webapp.AbstractConfiguration;
import org.eclipse.jetty.webapp.WebAppContext;public class HttpToHttpsJettyConfig extends AbstractConfiguration {@Overridepublic void configure(WebAppContext context) throws Exception {Constraint constraint = new Constraint();constraint.setDataConstraint(Constraint.DC_CONFIDENTIAL);ConstraintMapping mapping = new ConstraintMapping();mapping.setPathSpec("/*");mapping.setConstraint(constraint);ConstraintSecurityHandler handler = new ConstraintSecurityHandler();handler.addConstraintMapping(mapping);context.setSecurityHandler(handler);}
}
WebServerFactoryCustomizerConfig.java
package boot.example.ssl.config;import java.util.Collections;import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.ServerConnector;
import org.springframework.boot.web.embedded.jetty.ConfigurableJettyWebServerFactory;
import org.springframework.boot.web.embedded.jetty.JettyServletWebServerFactory;
import org.springframework.boot.web.server.WebServerFactoryCustomizer;
import org.springframework.context.annotation.Configuration;@Configuration
public class WebServerFactoryCustomizerConfig implements WebServerFactoryCustomizer<ConfigurableJettyWebServerFactory>{@Overridepublic void customize(ConfigurableJettyWebServerFactory factory) {//这段代码将会使得http转https 如果注释掉,那么访问http将会访问80端口,https将会访问443端口,都是默认端口,就不会重定向到443端口((JettyServletWebServerFactory)factory).setConfigurations(Collections.singleton(new HttpToHttpsJettyConfig()));factory.addServerCustomizers(server -> {// https 443端口与配置文件里的端口保持一致HttpConfiguration httpConfiguration = new HttpConfiguration();httpConfiguration.setSecurePort(443);httpConfiguration.setSecureScheme("https");/*** 一下端口配置了http转https都会转到443* */// http 80端口ServerConnector connector = new ServerConnector(server);connector.addConnectionFactory(new HttpConnectionFactory(httpConfiguration));connector.setPort(80);server.addConnector(connector);//若是继续 还可以使用http 其他端口ServerConnector connector2 = new ServerConnector(server);connector2.addConnectionFactory(new HttpConnectionFactory(httpConfiguration));connector2.setPort(8182);server.addConnector(connector2);});}}
undertow
package boot.example.ssl.config;import org.springframework.boot.web.embedded.undertow.UndertowServletWebServerFactory;
import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;import io.undertow.Undertow;
import io.undertow.UndertowOptions;
import io.undertow.servlet.api.SecurityConstraint;
import io.undertow.servlet.api.SecurityInfo;
import io.undertow.servlet.api.TransportGuaranteeType;
import io.undertow.servlet.api.WebResourceCollection;@Configuration
public class SslConfig {/*** 采用Undertow作为服务器。* Undertow是一个用java编写的、灵活的、高性能的Web服务器,提供基于NIO的阻塞和非阻塞API,特点:* 非常轻量级,Undertow核心瓶子在1Mb以下。它在运行时也是轻量级的,有一个简单的嵌入式服务器使用少于4Mb的堆空间。* 支持HTTP升级,允许多个协议通过HTTP端口进行多路复用。* 提供对Web套接字的全面支持,包括JSR-356支持。* 提供对Servlet 3.1的支持,包括对嵌入式servlet的支持。还可以在同一部署中混合Servlet和本机Undertow非阻塞处理程序。* 可以嵌入在应用程序中或独立运行,只需几行代码。* 通过将处理程序链接在一起来配置Undertow服务器。它可以对各种功能进行配置,方便灵活。*/@Beanpublic ServletWebServerFactory undertowFactory() {UndertowServletWebServerFactory undertowFactory = new UndertowServletWebServerFactory();undertowFactory.addBuilderCustomizers((Undertow.Builder builder) -> {builder.addHttpListener(80, "0.0.0.0");// 开启HTTP2builder.setServerOption(UndertowOptions.ENABLE_HTTP2, true);});undertowFactory.addBuilderCustomizers((Undertow.Builder builder) -> {builder.addHttpListener(8088, "0.0.0.0");// 开启HTTP2builder.setServerOption(UndertowOptions.ENABLE_HTTP2, true);});undertowFactory.addDeploymentInfoCustomizers(deploymentInfo -> {// 开启HTTP自动跳转至HTTPS 注释后各自访问各自的deploymentInfo.addSecurityConstraint(new SecurityConstraint().addWebResourceCollection(new WebResourceCollection().addUrlPattern("/*")).setTransportGuaranteeType(TransportGuaranteeType.CONFIDENTIAL).setEmptyRoleSemantic(SecurityInfo.EmptyRoleSemantic.PERMIT)).setConfidentialPortManager(exchange -> 443);});return undertowFactory;}
}
如果要开启http2 那么还需要在配置文件application.properties
server.http2.enabled=true
记录了,将来或许有机会用到。