vps做网站空间wordpress支付宝支付宝
由于线上Redis要启用TLS,搜遍了google百度也没一个标准的解决方案,要不这个方法没有,要不那个类找不到...要不就是配置了还是一直连不上redis....
本文基于 spring-data-redis-2.1.9.RELEASE 版本来提供一个解决方案:
1.运维那边提供过来三个文件,分别是redis.crt redis.key ca.crt
redis.crt 是公钥 redis.key是私钥 ca.crt是服务器证书,由于是测试生成的所以我代码中直接不校验,该文件对我无效
2. 使用命令
openssl pkcs12 -export -in redis.crt -inkey redis.key -out redis_keystore.p12生成PKCS#12证书束.(如果你们用的是JDK8_301以上版本则可以直接使用该文件)
3.使用命令
keytool -importkeystore -srckeystore redis_keystore.p12 -srcstoretype PKCS12 -deststoretype JKS -destkeys
tore redis_keystore.jks生成jks Java密钥库 (如果你们用的是JDK8_301以下版本则需要使用这种格式)
4.yml配置
spring:redis:database: 0host: 192.168.3.231password:port: 6380ssl:enable: truekeystore:file: classpath:redis_keystore.jkspassword: yourpassword5. 将2/3步骤生成的文件放在resources目录下
6. RedisConfig代码配置
import com.fasterxml.jackson.annotation.JsonAutoDetect;
import com.fasterxml.jackson.annotation.PropertyAccessor;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.PropertyNamingStrategy;
import com.fasterxml.jackson.databind.SerializationFeature;
import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
import com.fasterxml.jackson.datatype.jsr310.ser.LocalDateTimeSerializer;
import io.lettuce.core.ClientOptions;
import io.lettuce.core.SslOptions;
import lombok.RequiredArgsConstructor;
import org.apache.commons.io.FileUtils;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.Resource;
import org.springframework.core.io.ResourceLoader;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.data.redis.connection.RedisStandaloneConfiguration;
import org.springframework.data.redis.connection.lettuce.LettuceClientConfiguration;
import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.data.redis.serializer.Jackson2JsonRedisSerializer;
import org.springframework.data.redis.serializer.StringRedisSerializer;import java.io.File;
import java.text.SimpleDateFormat;
import java.time.LocalDateTime;
import java.time.format.DateTimeFormatter;
import java.util.TimeZone;/*** @author felix* @date 2022/10/26*/
@Configuration
@RequiredArgsConstructor
public class RedisConfig {@Value("${spring.redis.host}")private String host;@Value("${spring.redis.port}")private Integer port;@Value("${spring.redis.password:}")private String password;@Value("${spring.redis.ssl.enable:}")private Boolean ssl;@Value("${spring.redis.ssl.keystore.file:}")private Resource keystore;@Value("${spring.redis.ssl.keystore.password:}")private String keystorePassword;private final ResourceLoader resourceLoader;@Beanpublic LettuceConnectionFactory lettuceConnectionFactory() throws Exception {RedisStandaloneConfiguration redisStandaloneConfiguration = new RedisStandaloneConfiguration();redisStandaloneConfiguration.setHostName(host);redisStandaloneConfiguration.setPort(port);redisStandaloneConfiguration.setPassword(password);LettuceClientConfiguration.LettuceClientConfigurationBuilder lettuceClientConfigurationBuilder =LettuceClientConfiguration.builder();if (ssl != null && ssl) {//此处解决springboot打包后取不到资源文件问题String tempPath = System.getProperty("java.io.tmpdir") + File.separator + "bms_" + System.currentTimeMillis();String tempFile = tempPath + File.separator + keystore.getFilename();File path = new File(tempPath);if (!path.exists()) {path.mkdir();}File keystoreFile = new File(tempFile);FileUtils.copyInputStreamToFile(keystore.getInputStream(), keystoreFile);//此处配置SSL keystoreSslOptions sslOptions = SslOptions.builder().jdkSslProvider().keystore(keystoreFile, keystorePassword.toCharArray()).build();ClientOptions clientOptions = ClientOptions.builder().sslOptions(sslOptions).build();//disablePeerVerification 关闭证书校验lettuceClientConfigurationBuilder.clientOptions(clientOptions).useSsl().disablePeerVerification();}LettuceClientConfiguration lettuceClientConfiguration = lettuceClientConfigurationBuilder.build();return new LettuceConnectionFactory(redisStandaloneConfiguration, lettuceClientConfiguration);}
}7.编写test进行测试
@Testpublic void test() {redisTemplate.opsForValue().set("TEST", "111");}至此,整个TLS配置就完成了.
由于没有比较完善的方案,整整浪费了我一天多的时间.
记录一下,希望能帮到更多的人!