1.获取证书,这里是使用的阿里云
参考:如何申请阿里云免费SSL证书(可用于https网站)并下载下来 - lucky220 - 博客园
2.将下载下来的证书文件与jar包放在同一目录下
3.配置文件设置
(1)eureka设置
eureka:
instance:
hostname: www.ceshi.cn #设置的域名地址
prefer-ip-address: true
client:
fetch-registry: false
register-with-eureka: false
service-url:
defaultZone: https://${eureka.instance.hostname}:${server.port}/eureka
server:
enable-self-preservation: false # 关闭自我保护
eviction-interval-timer-in-ms: 5000 # 每隔5秒进行一次服务列表清理
(2)配置证书解析
server:
port: 10000
ssl:
enabled: true
key-store: 2131313212.link.jks #证书文件名
key-store-type: jks
key-store-password: 1111333 #密码
(3)项目中eureka的配置
eureka:
client:
service-url:
defaultZone: https://www.ceshi.cn:11111/eureka #eureka 路径
registry-fetch-interval-seconds: 5
instance:
hostname: www.ceshi.cn
lease-renewal-interval-in-seconds: 5
lease-expiration-duration-in-seconds: 15
4.使用feign访问其他服务时
(1)先写一个feign设置类
@Configuration
public class FeignConfig {
@Bean
@ConditionalOnMissingBean
public Client feignClient(CachingSpringLoadBalancerFactory cachingFactory,
SpringClientFactory clientFactory) throws NoSuchAlgorithmException, KeyManagementException {
SSLContext ctx = SSLContext.getInstance("SSL");
X509TrustManager tm = new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
ctx.init(null, new TrustManager[]{tm}, null);
return new LoadBalancerFeignClient(new Client.Default(ctx.getSocketFactory(),
new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
// TODO Auto-generated method stub
return true;
}
}) ,
cachingFactory, clientFactory);
}
}
(2)在访问其他的服务调用时,使用以下配置
@FeignClient(name="https://服务名称",configuration={FeignConfig.class})
