openssl genrsa -des3 -out private.pem 2048
openssl req -new -key private.pem -out private.csr
openssl genrsa -aes256 -out rootCA.pem 2048
openssl req -x509 -new -nodes -key rootCA.pem -days 3650 -out rootCA.csr
openssl x509 -req -in private.csr -CA rootCA.csr -CAkey rootCA.pem -CAcreateserial -out private.crt -days 3650
openssl pkcs12 -export -in private.crt -inkey private.pem -out keystore -name tomcat
ssl 적용 테스트 용이라 대충 만들었어요 :)
server.port=8443
server.ssl.key-store=classpath:keystore.jks
server.ssl.key-store-password=secret
server.ssl.key-password=another-secret
server.port=8443
server.ssl.certificate=classpath:my-cert.crt
server.ssl.certificate-private-key=classpath:my-cert.key
server.ssl.trust-certificate=classpath:ca-cert.crt
server.ssl.key-store-password=secret
이렇게 설정을 하면 더이상 8080
포트에서 HTTP 연결을 지원하지 않음
8080
포트로 HTTP를, 8443
포트로 HTTPS를 연결하고 싶다면 추가적으로 설정이 필요
/**
* Redirect all traffic from port 8080 to 8443
* @return
*/
@Bean
public ServletWebServerFactory servletContainer(){
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory(){
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addAdditionalTomcatConnectors(redirectConnector());
return tomcat;
}
private Connector redirectConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
connector.setPort(8080);
connector.setSecure(false);
connector.setRedirectPort(8443);
return connector;
}
8080의 요청을 8443으로 redirect함으로써 8080 HTTP로도 접근이 가능하고, 8443 HTTPS으로도 접근이 가능
참고
Spring Boot SSL (HTTPS) examples
Spring Enabling HTTPS (공식매뉴얼)
Spring Configure SSL (공식매뉴얼)