Nginx在开发环境用的还是比较少,之前用在Web开发中解决跨域的问题,在安卓开发中如果想经过Nginx开启https并且转发到其他服务器,相关的配置步骤也不是特别复杂。
Android使用自签名证书
如果使用自签名证书,一般需要拿到server.crt证书。如果你服务器使用的是jks或者p12证书文件,则需要先将证书提取出server.crt。
拿到server.crt证书之后,使用OkHttp进行简单的设置即可接入Https。
OkHttpClient httpClient = newOkHttpClient()
.newBuilder()
.sslSocketFactory(getSLLContext().getSocketFactory())
.build();
注意下面的server.crt放在raw目录下面:
privateSSLContext getSLLContext() {
SSLContext sslContext= null;try{
CertificateFactory certificateFactory= CertificateFactory.getInstance("X.509");
InputStream certificate= mContext.getAssets().open("server.crt");
KeyStore keyStore=KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null);
String certificateAlias= Integer.toString(0);
keyStore.setCertificateEntry(certificateAlias, certificateFactory.generateCertificate(certificate));
sslContext= SSLContext.getInstance("TLS");final TrustManagerFactory trustManagerFactory =TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keyStore);
sslContext.init(null, trustManagerFactory.getTrustManagers(), newSecureRandom());
}catch(CertificateException e) {
e.printStackTrace();
}catch(KeyStoreException e) {
e.printStackTrace();
}catch(NoSuchAlgorithmException e) {
e.printStackTrace();
}catch(IOException e) {
e.printStackTrace();
}catch(KeyManagementException e) {
e.printStackTrace();
}returnsslContext;
}
Nginx开启Https
1.准备server.crt和server.key放在conf目录下
2.在conf目录下的nginx.conf中配置如下代码
server {
listen443ssl;
server_name localhost;
ssl_certificate server.crt;
ssl_certificate_key server.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location/{
root html;
index index.html index.htm;
}
}