OpenFeign 微服务之间调用 https ssl证书配置

因公司项目部署的服务器安装了https ssl证书，所有请求需要变成https方式，项目中使用的是openfeign实现微服务之间调用，原http方式会报bad request 400 错误，做如下配置修改：

1.application.yml文件中加入证书信息：server.port为项目的端口号

server:
  port: 9002
  ssl:
    protocol: TLS
    key-store: classpath:xxx.com.jks
    key-store-password: xxxxx
    key-store-type: JKS

2.证书文件xxx.com.jks放在项目根目录下，此处是springboot项目，直接放在resources目录下即可

3.pom.xml引入独立的feign依赖

<dependency>
            <groupId>io.github.openfeign</groupId>
            <artifactId>feign-httpclient</artifactId>
        </dependency>

4.添加Https配置文件FeignHttpsConfig.java

import feign.Client;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.cloud.netflix.ribbon.SpringClientFactory;
import org.springframework.cloud.openfeign.ribbon.CachingSpringLoadBalancerFactory;
import org.springframework.cloud.openfeign.ribbon.LoadBalancerFeignClient;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import javax.net.ssl.*;
import java.security.*;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

@Configuration
public class FeignHttpsConfig {

    @Bean
    @ConditionalOnMissingBean
    public Client feignClient(CachingSpringLoadBalancerFactory cachingFactory,
                              SpringClientFactory clientFactory) throws NoSuchAlgorithmException, KeyManagementException {
        SSLContext ctx = SSLContext.getInstance("TLS");
        X509TrustManager tm = new X509TrustManager() {
            @Override
            public void checkClientTrusted(X509Certificate[] chain,
                                           String authType) throws CertificateException {
            }

            @Override
            public void checkServerTrusted(X509Certificate[] chain,
                                           String authType) throws CertificateException {
            }

            @Override
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        };
        ctx.init(null, new TrustManager[]{tm}, null);
        return new LoadBalancerFeignClient(new Client.Default(ctx.getSocketFactory(),
                new HostnameVerifier() {

                    @Override
                    public boolean verify(String hostname, SSLSession session) {
                        // TODO Auto-generated method stub
                        return true;
                    }
                }),
                cachingFactory, clientFactory);
    }
}

5.Feign客户端添加上述配置类

name值http请求时只写目标服务名 xx-user即可，配置https需要加上https//前缀，以及，configuration属性添加上述配置类FeignHttpsConfig.Class

@FeignClient(name = "https://xx-user", fallback = MyFallBack.class, configuration = {FeignHeaderConfig.class, FeignHttpsConfig.class})
public interface UserFeignService {
    // 业务代码
}

6.完成以上配置即可实现微服务间调用采用https ssl证书方式