Java 弹簧靴&x2B;Apache反向代理:主机和端口的这种组合需要TLS
我所拥有的:Java 弹簧靴&x2B;Apache反向代理:主机和端口的这种组合需要TLS,java,spring,apache,spring-boot,ssl,Java,Spring,Apache,Spring Boot,Ssl,我所拥有的: 我有一个Spring Boot应用程序作为docker映像保存在私有注册表中 让我们来加密SSL证书 我运行了以下命令: wgethttps://dl.eff.org/certbot-auto(获取certbot) chmod a+x certbot auto(使其可执行) /certbot auto(运行它) openssl pkcs12-export-in-fullchain.pem-inkey privkey.pem-out keystore.p12-name tomc
- 我有一个Spring Boot应用程序作为docker映像保存在私有注册表中
- 让我们来加密SSL证书
(获取certbot)wgethttps://dl.eff.org/certbot-auto
(使其可执行)chmod a+x certbot auto
(运行它)/certbot auto
(转换为与Spring引导兼容的密钥)openssl pkcs12-export-in-fullchain.pem-inkey privkey.pem-out keystore.p12-name tomcat-CAfile chain.pem-caname root
security.require-ssl=true
server.ssl.key-store={key_store_location}
server.ssl.key-store-password={key_store_password}
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat
/etc/apache2/sites enabled/000 default.confRewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
ServerAdmin webmaster@localhost
ServerName {domain}
SSLEngine on
SSLProxyEngine On
SSLProtocol All -SSLv2 -SSLv3 # Disable SSL versions with POODLE vulnerability
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / https://localhost:8080/
ProxyPassReverse / https://localhost:8080/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
ServerAdmin webmaster@localhost
ServerName example.com
SSLEngine on
SSLProxyEngine On
SSLProtocol All -SSLv2 -SSLv3
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / https://localhost:8080/
ProxyPassReverse / https://localhost:8080/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
<VirtualHost *:443>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
ServerAdmin webmaster@localhost
ServerName example.com
SSLEngine on
SSLProxyEngine On
SSLProtocol All -SSLv2 -SSLv3
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / https://localhost:8080/
ProxyPassReverse / https://localhost:8080/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
重新启动发动机
重写条件%{HTTPS}关闭
重写规则(*)https://%{HTTP\u HOST}%{REQUEST\u URI}
服务器管理员webmaster@localhost
ServerName example.com
斯伦金安
SSLProxyEngine打开
SSLProtocol All-SSLv2-SSLv3
SSLCertificateKeyFile/etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile/etc/letsencrypt/live/example.com/chain.pem
SSLCertificateFile/etc/letsencrypt/live/example.com/fullchain.pem
代理请求关闭
代理主机
ProxyPass/https://localhost:8080/
ProxyPassReverse/https://localhost:8080/
ErrorLog${APACHE_LOG_DIR}/error.LOG
CustomLog${APACHE\u LOG\u DIR}/access.LOG组合
#vim:syntax=apachets=4sw=4sts=4srnoet
重新启动发动机
重写条件%{HTTPS}关闭
重写规则(*)https://%{HTTP\u HOST}%{REQUEST\u URI}
服务器管理员webmaster@localhost
ServerName example.com
斯伦金安
SSLProxyEngine打开
SSLProtocol All-SSLv2-SSLv3
SSLCertificateKeyFile/etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile/etc/letsencrypt/live/example.com/chain.pem
SSLCertificateFile/etc/letsencrypt/live/example.com/fullchain.pem
代理请求关闭
代理主机
ProxyPass/https://localhost:8080/
ProxyPassReverse/https://localhost:8080/
ErrorLog${APACHE_LOG_DIR}/error.LOG
CustomLog${APACHE\u LOG\u DIR}/access.LOG组合
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Listen 443 https
<VirtualHost Apache-IP:443>
ServerAdmin webmaster@localhost
ServerName {domain}
SSLEngine on
SSLProxyEngine On
SSLProtocol All -SSLv2 -SSLv3 # Disable SSL versions with POODLE vulnerability
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / https://localhost:8080/
ProxyPassReverse / https://localhost:8080/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
重新编写引擎打开
重写条件%{HTTPS}关闭
重写规则(*)https://%{HTTP\u HOST}%{REQUEST\u URI}
听443https
服务器管理员webmaster@localhost
服务器名{domain}
斯伦金安
SSLProxyEngine打开
SSLProtocol All-SSLv2-SSLv3#禁用带有POODLE漏洞的SSL版本
SSLCertificateKeyFile/etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile/etc/letsencrypt/live/example.com/chain.pem
SSLCertificateFile/etc/letsencrypt/live/example.com/fullchain.pem
代理请求关闭
代理主机
ProxyPass/https://localhost:8080/
ProxyPassReverse/https://localhost:8080/
ErrorLog${APACHE_LOG_DIR}/error.LOG
CustomLog${APACHE\u LOG\u DIR}/access.LOG组合
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Listen 443 https
<VirtualHost Apache-IP:443>
ServerAdmin webmaster@localhost
ServerName {domain}
SSLEngine on
SSLProxyEngine On
SSLProtocol All -SSLv2 -SSLv3 # Disable SSL versions with POODLE vulnerability
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / https://localhost:8080/
ProxyPassReverse / https://localhost:8080/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>