Nginx+Spring boot配置https-白红宇

Nginx+Spring boot配置https

阅读量：6511 次

发布时间：2019-06-24

本文共 3047 字，大约阅读时间需要 10 分钟。

Nginx的nginx.conf配置:

#user nobody;

worker_processes 1;

#error_log logs/error.log;

#error_log logs/error.log notice;

#error_log logs/error.log info;

#pid logs/nginx.pid;

events {

worker_connections 1024;

}

http {

include mime.types;

default_type application/octet-stream;

#log_format main '$remote_addr - $remote_user [$time_local] "$request" '

# '$status $body_bytes_sent "$http_referer" '

# '"$http_user_agent" "$http_x_forwarded_for"';

#access_log logs/access.log main;

sendfile on;

#tcp_nopush on;

#keepalive_timeout 0;

keepalive_timeout 65;

#gzip on;

# HTTPS server

server {

listen 443 ssl;

server_name localhost;

ssl_certificate vcm.cer;

ssl_certificate_key vcm.key;

ssl_session_cache shared:SSL:1m;

ssl_session_timeout 5m;

ssl_ciphers HIGH:!aNULL:!MD5;

ssl_prefer_server_ciphers on;

location / {

proxy_pass https://localhost:8443;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto https;

# proxy_redirect off;

}

location /redirect/station {

proxy_pass $arg_destScheme://$arg_destIp:$arg_destPort$arg_destUrl?token=$arg_token?;

if ($http_user_agent !~ 'Chrome'){

add_header Content-Type "application/octet-stream";

add_header Content-Disposition "attachment; filename=\"$arg_hFilename\"";

}

location /redirect/ipsan {

proxy_pass $arg_destScheme://$arg_destIp:$arg_destPort$arg_destUrl?token=$arg_token?;

if ($http_user_agent !~ 'Chrome'){

add_header Content-Type "application/octet-stream";

add_header Content-Disposition "attachment; filename=\"$arg_hFilename\"";

}

location /redirect/hikcstor {

set $destUrl $arg_destUrl;

if ($args ~* &destUrl=(.*)){

set $destUrl $1;

}

proxy_pass $arg_destScheme://$arg_destIp:$arg_destPort$destUrl;

proxy_pass_request_headers on;

proxy_set_header Date "$arg_hDay $arg_hTime";

proxy_set_header Host $arg_hHost;

proxy_set_header Accept-Language $arg_hAcceptLanguage;

proxy_set_header Authorization "$arg_hAuthTitle $arg_hAuthorization";

proxy_set_header Content-Type $arg_hContentType;

proxy_set_header Connection $arg_hConnection;

add_header Content-Type "application/octet-stream";

add_header Content-Disposition "attachment; filename=\"$arg_hFilename\"";

}

Spring boot方面：

application.property文件配置https:

server.port=8443

server.ssl.key-store=keystore.p12

server.ssl.key-store-password=msm-vcm

server.ssl.keyStoreType=PKCS12

server.ssl.keyAlias=tomcat

server.session-timeout=3600

编写类配置tomcat，将所有的请求都转到加密的https

public EmbeddedServletContainerFactory servletContainer() {

TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {

protected void postProcessContext(Context context) {

SecurityConstraint securityConstraint = new SecurityConstraint();

securityConstraint.setUserConstraint("CONFIDENTIAL");

SecurityCollection collection = new SecurityCollection();

collection.addPattern("/*");

securityConstraint.addCollection(collection);

context.addConstraint(securityConstraint);

}

};

return tomcat;

}

转载于:https://my.oschina.net/ffse54s/blog/1503803

你可能感兴趣的文章

Node.js+Koa开发微信公众号个人笔记（一）准备工作

HDU 2242 考研路茫茫——空调教室(边双连通）

查看>>

如何在C#项目中使用NHibernate

查看>>

使用vigil 监控微服务系统包含可视化界面

Python 基础起步 (十) 什么叫函数？

查看>>

每个JavaScript开发人员应阅读的书【1】 - JavaScript: The Good Parts

查看>>

8年软件测试工程师感悟——写给还在迷茫中的朋友

查看>>

5G一周热闻：华为夺联通5G大单，首张5G电话卡发放

查看>>

“迁移策略+新容器运行时”应对有状态应用的冷热迁移挑战

查看>>

使用Swoole加速Laravel(正式环境中)

查看>>

mockjs让前端开发独立于后端

查看>>