腾讯云服务器上用Docker部署SpringBoot项目设置http为https

绝地灬酷狼 2023-01-18 14:21 194阅读 0赞

### SSL证书申请 ###

*  可以直接在腾讯云上申请免费的SSL证书  
    ![在这里插入图片描述][watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3FxXzQwNjA1OTEz_size_16_color_FFFFFF_t_70]
 *  按照要求填好相关信息，一般一两分钟就可以签发

### SpringBoot项目的配置 ###

*  将申请的证书下载下来解压，服务器有很多，比如Tomcat，Nginx，IIS等等，所以解压后的文件夹内有不同的子文件夹对应不同的服务器，由于SpringBoot默认是Tomcat，所以我这里用的Tomcat
 *  将Tomcat文件夹内的文件拷贝到项目的resources目录下，我这里是`*******.jks`文件（申请SSL证书时我输入了私钥密码，所以这里Tomcat文件夹内只有一个jks文件）
 *  在SpringBoot启动类中加入如下代码
    
        @Bean
        public ServletWebServerFactory servletContainer() { 
        
            TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() { 
        
                @Override
                protected void postProcessContext(Context context) { 
        
                    SecurityConstraint securityConstraint = new SecurityConstraint();
                    securityConstraint.setUserConstraint("CONFIDENTIAL");
                    SecurityCollection collection = new SecurityCollection();
                    collection.addPattern("/*");
                    securityConstraint.addCollection(collection);
                    context.addConstraint(securityConstraint);
                }
            };
            tomcat.addAdditionalTomcatConnectors(initiateHttpConnector());
            return tomcat;
        }
        @Bean
        public Connector initiateHttpConnector() { 
            Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
            connector.setScheme("http");
            connector.setPort(8080); // http端口
            connector.setSecure(false);
            connector.setRedirectPort(443); // application.properties中配置的https端口
            return connector;
        }
 *  配置文件`application.yaml`中加入如下配置
    
        server:
        	port: 443
        	ssl:
        		key-store: classpath:【jks文件名】
         		key-store-password: 【私钥密码】
        		key-store-type: JKS
        		enabled: true
 *  做完以上配置后打jar包，用docker部署就行，部署详情参考[上一篇][Link 1]
 *  这里遇到了几个坑
    
    1.  `connector.setPort(8080);`这地方如果设置为`80`，启动报错如下
        
            19:12:36.824 logback [restartedMain] INFO  o.s.s.c.ThreadPoolTaskExecutor - Initializing ExecutorService 'applicationTaskExecutor'
            19:12:37.572 logback [restartedMain] INFO  o.s.b.d.a.OptionalLiveReloadServer - LiveReload server is running on port 35729
            19:12:37.620 logback [restartedMain] INFO  o.a.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ["https-jsse-nio-443"]
            19:12:37.665 logback [restartedMain] INFO  o.a.coyote.http11.Http11NioProtocol - Stopping ProtocolHandler ["http-nio-80"]
            19:12:37.666 logback [restartedMain] INFO  o.a.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ["http-nio-80"]
            19:12:37.667 logback [restartedMain] ERROR o.apache.catalina.util.LifecycleBase - Failed to start component [Connector[HTTP/1.1-80]]
            org.apache.catalina.LifecycleException: Protocol handler start failed
            	at org.apache.catalina.connector.Connector.startInternal(Connector.java:1008)
            	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
            	at org.apache.catalina.core.StandardService.addConnector(StandardService.java:227)
            	at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.addPreviouslyRemovedConnectors(TomcatWebServer.java:263)
            	at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:195)
            	at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.startWebServer(ServletWebServerApplicationContext.java:297)
            	at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.finishRefresh(ServletWebServerApplicationContext.java:163)
            	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:552)
            	at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:141)
            	at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:743)
            	at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:390)
            	at org.springframework.boot.SpringApplication.run(SpringApplication.java:312)
            	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1214)
            	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1203)
            	at com.example.express.Application.main(Application.java:19)
            	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
            	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
            	at java.lang.reflect.Method.invoke(Method.java:498)
            	at org.springframework.boot.devtools.restart.RestartLauncher.run(RestartLauncher.java:49)
            Caused by: java.net.BindException: Address already in use: bind
            	at sun.nio.ch.Net.bind0(Native Method)
            	at sun.nio.ch.Net.bind(Net.java:444)
            	at sun.nio.ch.Net.bind(Net.java:436)
            	at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:225)
            	at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:74)
            	at org.apache.tomcat.util.net.NioEndpoint.initServerSocket(NioEndpoint.java:230)
            	at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:213)
            	at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1124)
            	at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1210)
            	at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:585)
            	at org.apache.catalina.connector.Connector.startInternal(Connector.java:1005)
            	... 19 common frames omitted
        
        日志报端口占用，`http`默认端口本来就是`80`，这里设`80`就占用了？那不设呢，把这一行注释掉报错如下：
        
            19:16:10.377 logback [restartedMain] INFO  o.s.b.w.e.tomcat.TomcatWebServer - Tomcat initialized with port(s): 443 (https) -1 (http)
            19:16:10.393 logback [restartedMain] INFO  o.a.coyote.http11.Http11NioProtocol - Initializing ProtocolHandler ["https-jsse-nio-443"]
            19:16:10.406 logback [restartedMain] INFO  o.a.coyote.http11.Http11NioProtocol - Initializing ProtocolHandler ["http-nio--1"]
            19:16:10.418 logback [restartedMain] ERROR o.apache.catalina.util.LifecycleBase - Failed to initialize component [Connector[HTTP/1.1-auto-1]]
            org.apache.catalina.LifecycleException: Protocol handler initialization failed
            	at org.apache.catalina.connector.Connector.initInternal(Connector.java:983)
            	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
            	at org.apache.catalina.core.StandardService.initInternal(StandardService.java:533)
            	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
            	at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1059)
            	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
            	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:173)
            	at org.apache.catalina.startup.Tomcat.start(Tomcat.java:456)
            	at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.initialize(TomcatWebServer.java:105)
            	at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.<init>(TomcatWebServer.java:86)
            	at org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory.getTomcatWebServer(TomcatServletWebServerFactory.java:416)
            	at org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory.getWebServer(TomcatServletWebServerFactory.java:180)
            	at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.createWebServer(ServletWebServerApplicationContext.java:180)
            	at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.onRefresh(ServletWebServerApplicationContext.java:153)
            	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:543)
            	at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:141)
            	at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:743)
            	at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:390)
            	at org.springframework.boot.SpringApplication.run(SpringApplication.java:312)
            	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1214)
            	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1203)
            	at com.example.express.Application.main(Application.java:19)
            	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
            	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
            	at java.lang.reflect.Method.invoke(Method.java:498)
            	at org.springframework.boot.devtools.restart.RestartLauncher.run(RestartLauncher.java:49)
            Caused by: java.lang.IllegalArgumentException: port out of range:-1
            	at java.net.InetSocketAddress.checkPort(InetSocketAddress.java:143)
            	at java.net.InetSocketAddress.<init>(InetSocketAddress.java:188)
            	at org.apache.tomcat.util.net.NioEndpoint.initServerSocket(NioEndpoint.java:229)
            	at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:213)
            	at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1124)
            	at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1137)
            	at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:574)
            	at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74)
            	at org.apache.catalina.connector.Connector.initInternal(Connector.java:980)
            	... 26 common frames omitted
        
        不设就没有端口可用了。。。设一个非`80`端口就好使
    2.  `application.yaml`的`ssl`的配置中还有一个参数是`server.ssl.key-alias:`，这个参加貌似不能乱配，可能有讲究，我这里不知道配啥，删掉了，乱配报错如下：
        
            19:20:54.048 logback [restartedMain] INFO  o.s.s.c.ThreadPoolTaskExecutor - Initializing ExecutorService 'applicationTaskExecutor'
            19:20:54.796 logback [restartedMain] INFO  o.s.b.d.a.OptionalLiveReloadServer - LiveReload server is running on port 35729
            19:20:54.852 logback [restartedMain] INFO  o.a.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ["https-jsse-nio-443"]
            19:20:54.897 logback [restartedMain] ERROR o.apache.catalina.util.LifecycleBase - Failed to start component [Connector[HTTP/1.1-443]]
            org.apache.catalina.LifecycleException: Protocol handler start failed
            	at org.apache.catalina.connector.Connector.startInternal(Connector.java:1008)
            	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
            	at org.apache.catalina.core.StandardService.addConnector(StandardService.java:227)
            	at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.addPreviouslyRemovedConnectors(TomcatWebServer.java:263)
            	at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:195)
            	at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.startWebServer(ServletWebServerApplicationContext.java:297)
            	at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.finishRefresh(ServletWebServerApplicationContext.java:163)
            	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:552)
            	at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:141)
            	at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:743)
            	at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:390)
            	at org.springframework.boot.SpringApplication.run(SpringApplication.java:312)
            	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1214)
            	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1203)
            	at com.example.express.Application.main(Application.java:19)
            	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
            	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
            	at java.lang.reflect.Method.invoke(Method.java:498)
            	at org.springframework.boot.devtools.restart.RestartLauncher.run(RestartLauncher.java:49)
            Caused by: java.lang.IllegalArgumentException: jsse.alias_no_key_entry
            	at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99)
            	at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
            	at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:218)
            	at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1124)
            	at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1210)
            	at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:585)
            	at org.apache.catalina.connector.Connector.startInternal(Connector.java:1005)
            	... 19 common frames omitted
            Caused by: java.io.IOException: jsse.alias_no_key_entry
            	at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:325)
            	at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247)
            	at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97)
            	... 25 common frames omitted
            19:20:54.898 logback [restartedMain] INFO  o.a.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ["http-nio-8080"]
            19:20:54.916 logback [restartedMain] INFO  o.a.coyote.http11.Http11NioProtocol - Pausing ProtocolHandler ["https-jsse-nio-443"]
            19:20:54.916 logback [restartedMain] INFO  o.a.coyote.http11.Http11NioProtocol - Pausing ProtocolHandler ["http-nio-8080"]
            19:20:55.298 logback [restartedMain] INFO  o.a.catalina.core.StandardService - Stopping service [Tomcat]
            19:20:55.302 logback [restartedMain] INFO  o.a.coyote.http11.Http11NioProtocol - Stopping ProtocolHandler ["http-nio-8080"]
            19:20:55.308 logback [restartedMain] INFO  o.apache.catalina.util.LifecycleBase - The stop() method was called on component [StandardServer[-1]] after stop() had already been called. The second call will be ignored.
            19:20:55.308 logback [restartedMain] INFO  o.a.coyote.http11.Http11NioProtocol - Stopping ProtocolHandler ["https-jsse-nio-443"]
            19:20:55.308 logback [restartedMain] INFO  o.a.coyote.http11.Http11NioProtocol - Destroying ProtocolHandler ["https-jsse-nio-443"]
            19:20:55.308 logback [restartedMain] INFO  o.a.coyote.http11.Http11NioProtocol - Destroying ProtocolHandler ["http-nio-8080"]
            19:20:55.312 logback [restartedMain] INFO  o.s.b.a.l.ConditionEvaluationReportLoggingListener - 
            
            Error starting ApplicationContext. To display the conditions report re-run your application with 'debug' enabled.
            19:20:55.318 logback [restartedMain] ERROR o.s.b.d.LoggingFailureAnalysisReporter - 
            
            ***************************
            APPLICATION FAILED TO START
            ***************************
            
            Description:
            
            The Tomcat connector configured to listen on port 443 failed to start. The port may already be in use or the connector may be misconfigured.
            
            Action:
            
            Verify the connector's configuration, identify and stop any process that's listening on port 443, or configure this application to listen on another port.
            
            19:20:55.323 logback [restartedMain] INFO  o.s.s.c.ThreadPoolTaskExecutor - Shutting down ExecutorService 'applicationTaskExecutor'
            19:20:55.325 logback [restartedMain] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Shutdown initiated...
            19:20:55.558 logback [restartedMain] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Shutdown completed.
    3.  我这里启动类中`http`是设的`8080`端口，`https`是设的`443`端口，win10本地跑没问题，但打成`jar`包后，用`docker`部署时，`docker run -d -p 【宿主机端口】:443 app`指定端口映射时，宿主机端口应该指定多少呢？能不指定`443`吗？

### 非SpringBoot项目的配置 ###

*  不同证书类型，不同系统，不同服务器安装方式不同，参考[SSL证书安装][SSL]

[watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3FxXzQwNjA1OTEz_size_16_color_FFFFFF_t_70]: /images/20221021/2d424674004342fc8262bf7eb34638d0.png
[Link 1]: https://blog.csdn.net/qq_40605913/article/details/116424010
[SSL]: https://cloud.tencent.com/document/product/400/4143