默认情况下springboot是支持一个ssl证书,但有些情况下,一个项目可能需要支持多个域名的ssl证书,这个时候,我们可以通过配置tomcat来实现这个功能,注意tomcat要8.5以上才支持
下面是springboot配置tomcat的完整代码,已在springboot2.6.4,tomcat9.0,java8环境中测试成功。
import org.apache.catalina.connector.Connector;
import org.apache.coyote.http11.Http11NioProtocol;
import org.apache.tomcat.util.net.SSLHostConfig;
import org.apache.tomcat.util.net.SSLHostConfigCertificate;
import org.springframework.boot.web.embedded.tomcat.TomcatConnectorCustomizer;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.servlet.MultipartConfigFactory;
import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.util.unit.DataSize;
import javax.servlet.MultipartConfigElement;
@Configuration
public class TomcatConfig {
@Bean
public ServletWebServerFactory servletContainer() {
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory();
tomcat.addConnectorCustomizers(new GwsTomcatConnectionCustomizer());
return tomcat;
}
@Bean
public MultipartConfigElement multipartConfigElement() {
MultipartConfigFactory factory = new MultipartConfigFactory();
// 单个数据大小
factory.setMaxFileSize(DataSize.parse("300MB")); // KB,MB
/// 总上传数据大小
factory.setMaxRequestSize(DataSize.parse("300MB"));
return factory.createMultipartConfig();
}
public class GwsTomcatConnectionCustomizer implements TomcatConnectorCustomizer {
public GwsTomcatConnectionCustomizer() {
}
@Override
public void customize(Connector connector) {
connector.setPort(12388);
connector.setScheme("https");
connector.setSecure(true);
Http11NioProtocol protocol = (Http11NioProtocol) connector.getProtocolHandler();
protocol.setSSLEnabled(true);
//设置默认
protocol.setDefaultSSLHostConfigName("cn.cloud.xxx.com");
//配置第一个域名ssl
SSLHostConfig sslHostConfig = new SSLHostConfig();
sslHostConfig.setHostName("cloud.xxx.com");
SSLHostConfigCertificate sslHostConfigCertificate = new SSLHostConfigCertificate(sslHostConfig, SSLHostConfigCertificate.Type.RSA);
//证书可以放在固定的证书文件夹里也可以放在项目中,如果放项目中,则将证书放在resources目录下,sslHostConfigCertificate.setCertificateKeystoreFile("cloud.xxx.com.jks");
sslHostConfigCertificate.setCertificateKeystoreFile("/mnt/data/cert/cloud.xxx.com.jks");
//下载jks格式时,里面会带有密码文件
sslHostConfigCertificate.setCertificateKeystorePassword("xxx");
sslHostConfigCertificate.setCertificateKeystoreType("JKS");
sslHostConfig.addCertificate(sslHostConfigCertificate);
connector.addSslHostConfig(sslHostConfig);
//配置第二个域名ssl
SSLHostConfig sslHostConfig1 = new SSLHostConfig();
sslHostConfig1.setHostName("cn.cloud.xxx.com");
SSLHostConfigCertificate sslHostConfigCertificate1 = new SSLHostConfigCertificate(sslHostConfig1, SSLHostConfigCertificate.Type.RSA);
sslHostConfigCertificate1.setCertificateKeystoreFile("/mnt/data/cert/cn.cloud.xxx.com.jks");
sslHostConfigCertificate1.setCertificateKeystorePassword("xxx");
sslHostConfigCertificate1.setCertificateKeystoreType("JKS");
sslHostConfig1.addCertificate(sslHostConfigCertificate1);
connector.addSslHostConfig(sslHostConfig1);
}
}
}
在实际项目中,可以将相关的配置项放在配置文件中,证书格式我这里下载的是jks格式