如何将自签名 SSL 证书添加到 jHipster 示例应用程序? [英] How to add self signed SSL certificate to jHipster sample app?

问题描述

我已经创建了示例 jHipster 应用程序.现在我想添加自签名 SSL 证书并在本地测试以访问 https.如何实现这一目标?

I have create sample jHipster app. Now I want to add self signed SSL certificate and test in local to have a access to https. How to achieve this?

推荐答案

这些说明适用于 JHipster 所基于的所有 Spring Boot 应用程序.我已经在新生成的 JHipster 2.7 项目.

These instructions are applicable for all Spring Boot applications, on which JHipster is based. I have tested this on a newly generated JHipster 2.7 project.

从头开始时需要完成以下步骤:

You need to complete these steps when starting from scratch:

1. 生成自签名证书
2. 将 SSL 属性添加到您的 application.properties 或 application.yml，如 Spring Boot 文档
3. (可选)将 HTTP 重定向到 HTTPS

<小时>

生成自签名证书

首先你需要在你的项目目录中生成你的自签名证书，这可以用keytool来完成，这是Java提供的实用脚本:

---

Generating a self-signed certificate

First you need to generate your self-signed certificate in your project directory, this can be done with keytool, which is utility script provided by Java:

keytool -genkey -alias tomcat -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650
Enter keystore password:  
Re-enter new password:
What is your first and last name?
  [Unknown]:  
What is the name of your organizational unit?
  [Unknown]:  
What is the name of your organization?
  [Unknown]:  
What is the name of your City or Locality?
  [Unknown]:  
What is the name of your State or Province?
  [Unknown]:  
What is the two-letter country code for this unit?
  [Unknown]:  
Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
  [no]:  yes

我选择了密码 mypassword 所以这是我将在下一步中使用的密码.完成此操作后，您将在当前目录中看到 keystore.p12.

I have chosen password mypassword so this is the one I will use in the next step. When you have done this, you will see a keystore.p12 in your current directory.

现在您需要为 Tomcat 添加 HTTPS 连接器属性.你可以在src/main/resources/中找到属性(yml)文件，你需要更新application.yml(或者如果它只是为了在application-dev.yml 具有以下属性:

Now you need to add the HTTPS connector properties for Tomcat. You can find the property (yml) files in src/main/resources/ and you need to update the application.yml (or if it is only for development in application-dev.yml with the following properties:

server:
  ssl:
    key-store: keystore.p12
    key-store-password: mypassword
    keyStoreType: PKCS12
    keyAlias: tomcat

现在您可以使用 mvn clean package 使用 Maven(或 Gradle，如果您为 JHipster 应用程序选择它)打包您的应用程序，并使用 mvn spring-boot:run.您现在可以在 https://localhost:8080

Now you can package your application with Maven (or Gradle if you chose that for your JHipster application) using mvn clean package and run the application using mvn spring-boot:run. You can now access your application on https://localhost:8080

为简单起见，我没有更改端口，但理想情况下您也应该在属性文件中更改它，但我将其省略，因为它们已经在 application-dev.yml 和 application-prod.yml 所以你必须在那里改变它或删除它并把它放在一般的 application.yml

For simplicity I did not change the port, but ideally you should change it as well in the properties files, but I left it out since they are already defined in application-dev.yml and application-prod.yml so you would have to change it in there or remove it and put it in the general application.yml

您只能通过 application.properties 启用一种协议，因此当您像上面那样执行此操作时，只有 HTTPS 会起作用.如果你想让 HTTP 也能工作，并重定向到 HTTPS，你必须添加一个 @Configuration 类，如下所示

You can only enable one protocol through the application.properties, so when you do this like above only HTTPS will work. If you want HTTP to work too, and redirect to HTTPS you have to add a @Configuration class like below

@Bean
  public EmbeddedServletContainerFactory servletContainer() {
    TomcatEmbeddedServletContainerFactory tomcat = new      TomcatEmbeddedServletContainerFactory() {
        @Override
        protected void postProcessContext(Context context) {
          SecurityConstraint securityConstraint = new SecurityConstraint();
          securityConstraint.setUserConstraint("CONFIDENTIAL");
          SecurityCollection collection = new SecurityCollection();
          collection.addPattern("/*");
          securityConstraint.addCollection(collection);
          context.addConstraint(securityConstraint);
        }
      };

    tomcat.addAdditionalTomcatConnectors(initiateHttpConnector());
    return tomcat;
  }

  private Connector initiateHttpConnector() {
    Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
    connector.setScheme("http");
    connector.setPort(8080);
    connector.setSecure(false);
    connector.setRedirectPort(8443);

    return connector;
  }

这个回复基本上是我关于同一主题的博客文章的副本:http://www.drissamri.be/blog/java/enable-https-in-spring-boot/

This response is basically a copy of my blog post on the same subject: http://www.drissamri.be/blog/java/enable-https-in-spring-boot/

这篇关于如何将自签名 SSL 证书添加到 jHipster 示例应用程序?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！