我第一次尝试建立一个自始至终的网站。我的问题是:我无法连接到我的服务器http://mysite.de nor 至https://mysite.de. 目标:允许用户通过https访问我的服务器。所有三个输入字符串都应指向https连接:my-site.de,http://my-site.de and https://my-site.de.
我已经做了什么?
我做了一个springbootweb应用程序,租了一个stratovps(centos8,但我也在ubuntu18.04上试过)。
使用digicert csr maker,它给我的命令是
keytool-genkey-alias pvpfeedback-keyalg rsa-keysize 2048-keystore pvpfeedback \u de.jks-dname“cn=pvpfeedback.de,ou=pvpfeedback,o=pvpfeedback,l=pvpfeedback,st=pvpfeedback,c=de”&&keytool-certreq-alias pvpfeedback-file pvpfeedback \u de.csr-keystore pvpfeedback \u de.jks
我将csr上传到strato(从他们那里获得免费的ssl证书)
作为回报,strato允许我下载一个.crt、一个根.crt和一个中间.crt文件。我将normal.crt和root.crt添加到.jks密钥库中
keytool-import-alias pvpfeedback-file root_pvpfeedback.de.crt-keystore pvpfeedback_de.jks
keytool-trustcacerts-importcert-alias pvpfeedback-file cert\u pvpfeedback.de.crt-keystore pvpfeedback\u de.jks
我把我所有的东西放到etc/pki/ca-trust/source/anchors并更新ca-trust-extract
我正在用java-jar-djdk.tls.client.protocols=tlsv1.2pvpfeedback-0.0.1-snapshot.jar运行我的程序
一些额外的东西:
我设置了一个apache来验证我的站点是否已注册,并且确实显示了默认的apache登录页。
chrome返回上的连接超时错误http://my-site.de and https://my-site.de:无法访问网站
这是我在这个网站上的第一篇帖子,如果我做错了什么,请告诉我。
当我在服务器上启动spring boot应用程序时,以下是反馈:
2021-02-20 18:00:09.341 INFO 19868 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8443 (https) 8080 (http) with context path ''
2021-02-20 18:00:09.360 INFO 19868 --- [ main] c.e.pvpfeedback.PvpfeedbackApplication : Started PvpfeedbackApplication in 6.042 seconds (JVM running for 7.72)
2021-02-20 18:00:09.559 INFO 19868 --- [ scheduling-1] org.mongodb.driver.connection : Opened connection [connectionId{localValue:7, serverValue:75478}] to pvpfeedbackcluster-shard-00-02.xjveo.mongodb.net:27017我的spring boot https配置:
@EnableWebSecurity
public class HTTPSSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.requiresChannel()
.anyRequest()
.requiresSecure();
}
}@Configuration
public class HttpToHttpsServerConfig {
@Bean
public ServletWebServerFactory servletContainer() {
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addAdditionalTomcatConnectors(getHttpConnector());
return tomcat;
}
private Connector getHttpConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
connector.setPort(8080);
connector.setSecure(false);
connector.setRedirectPort(8443);
return connector;
}
}server.address=<ServerIP>
server.port=8443
server.ssl.key-alias=pvpfeedback
server.ssl.key-store-password=<Password>
server.ssl.key-store=classpath:pvpfeedback_de.jks
server.ssl.key-store-provider=SUN
server.ssl.key-store-type=JKS
1条答案
按热度按时间rdrgkggo1#
我设法使它成功了。我不得不转发防火墙中的一些端口。下面的代码片段帮了我的忙: