It turns out that there is a way to do this, although I'm not sure I've found the 'proper' way since this required hours of reading source code from multiple projects. In other words, this might be a lot of dumb work (but it works).

事实证明，有一种方法可以做到这一点，尽管我不确定我是否找到了“正确”的方法，因为这需要数小时阅读多个项目的源代码。换句话说，这可能是很多愚蠢的工作（但它确实有效）。

First, there is no way to get at the server.xml in the embedded Tomcat, either to augment it or replace it. This must be done programmatically.

首先，无法获取嵌入式 Tomcat 中的 server.xml，无法对其进行扩充或替换。这必须以编程方式完成。

Second, the 'require_https' setting doesn't help since you can't set cert info that way. It doesset up forwarding from http to https, but it doesn't give you a way to make https work so the forwarding isnt helpful. However, use it with the stuff below, which doesmake https work.

其次，“require_https”设置无济于事，因为您无法以这种方式设置证书信息。它确实设置了从 http 到 https 的转发，但它没有为您提供使 https 工作的方法，因此转发没有帮助。但是，将它与下面的内容一起使用，这确实可以使 https 工作。

To begin, you need to provide an EmbeddedServletContainerFactoryas explained in the Embedded Servlet Container Support docs. The docs are for Java but the Groovy would look pretty much the same. Note that I haven't been able to get it to recognize the @Valueannotation used in their example but its not needed. For groovy, simply put this in a new .groovy file and include that file on the command line when you launch springboot.

首先，您需要提供一个EmbeddedServletContainerFactory作为解释嵌入式Servlet容器支持文档。这些文档适用于 Java，但 Groovy 看起来几乎相同。请注意，我无法让它识别@Value示例中使用的注释，但不需要。对于 groovy，只需将其放在一个新的 .groovy 文件中，并在启动spring引导时将该文件包含在命令行中。

Now, the instructions say that you can customize the TomcatEmbeddedServletContainerFactoryclass that you created in that code so that you can alter web.xml behavior, and this is true, but for our purposes its important to know that you can also use it to tailor server.xmlbehavior. Indeed, reading the source for the class and comparing it with the Embedded Tomcat docs, you see that this is the only place to do that. The interesting function is TomcatEmbeddedServletContainerFactory.addConnectorCustomizers(), which may not look like much from the Javadocs but actually gives you the Embedded Tomcat object to customize yourself. Simply pass your own implementation of TomcatConnectorCustomizerand set the things you want on the given Connectorin the void customize(Connector con)function. Now, there are about a billion things you can do with the Connectorand I couldn't find useful docs for it but the createConnector()function in this this guys personal Spring-embedded-Tomcat projectis a very practical guide. My implementation ended up looking like this:

现在，说明说您可以自定义TomcatEmbeddedServletContainerFactory您在该代码中创建的类，以便您可以更改 web.xml 行为，这是正确的，但对于我们的目的，重要的是要知道您还可以使用它来定制server.xml行为。事实上，阅读类的源代码并将其与嵌入式 Tomcat 文档进行比较，您会发现这是唯一可以做到这一点的地方。有趣的功能是TomcatEmbeddedServletContainerFactory.addConnectorCustomizers()，它可能看起来不像 Javadocs，但实际上为您提供了嵌入式 Tomcat 对象来自定义您自己。只需传递您自己的实现TomcatConnectorCustomizer并Connector在void customize(Connector con)函数中的给定上设置您想要的东西。现在，你可以用它做大约十亿件事情Connector，我找不到有用的文档，但是createConnector()这个功能在这个家伙个人的Spring-embedded-Tomcat项目中是一个非常实用的指南。我的实现最终看起来像这样：

package com.deepdownstudios.server

import org.springframework.boot.context.embedded.tomcat.TomcatConnectorCustomizer
import org.springframework.boot.context.embedded.EmbeddedServletContainerFactory
import org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory
import org.apache.catalina.connector.Connector;
import org.apache.coyote.http11.Http11NioProtocol;
import org.springframework.boot.*
import org.springframework.stereotype.*

@Configuration
class MyConfiguration {

@Bean
public EmbeddedServletContainerFactory servletContainer() {
final int port = 8443;
final String keystoreFile = "/path/to/keystore"
final String keystorePass = "keystore-password"
final String keystoreType = "pkcs12"
final String keystoreProvider = "SunJSSE"
final String keystoreAlias = "tomcat"

TomcatEmbeddedServletContainerFactory factory = 
        new TomcatEmbeddedServletContainerFactory(this.port);
factory.addConnectorCustomizers( new TomcatConnectorCustomizer() {
    void    customize(Connector con) {
        Http11NioProtocol proto = (Http11NioProtocol) con.getProtocolHandler();
            proto.setSSLEnabled(true);
        con.setScheme("https");
        con.setSecure(true);
        proto.setKeystoreFile(keystoreFile);
        proto.setKeystorePass(keystorePass);
        proto.setKeystoreType(keystoreType);
        proto.setProperty("keystoreProvider", keystoreProvider);
        proto.setKeyAlias(keystoreAlias);
    }
});
return factory;
}
}

The Autowiring will pick up this implementation an run with it. Once I fixed my busted keystore file (make sure you call keytool with -storetype pkcs12, not -storepass pkcs12as reported elsewhere), this worked. Also, it would be far better to provide the parameters (port, password, etc) as configuration settings for testing and such... I'm sure its possible if you can get the @Value annotation to work with Groovy.

Autowiring 将选择这个实现并运行它。一旦我修复了损坏的密钥库文件（确保您使用 调用 keytool -storetype pkcs12，而不是-storepass pkcs12其他地方报告的那样），这有效。此外，提供参数（端口、密码等）作为测试等的配置设置会好得多……我相信如果您可以获得 @Value 注释以与 Groovy 一起使用，那将是可能的。

Starting with Spring Boot 1.2, you can configure SSL using application.propertiesor application.yml. Here's an example for application.properties:

从 Spring Boot 1.2 开始，您可以使用application.properties或配置 SSL application.yml。下面是一个例子application.properties：

server.port = 8443
server.ssl.key-store = classpath:keystore.jks
server.ssl.key-store-password = secret
server.ssl.key-password = another-secret

Same thing with application.yml:

同样的事情application.yml：

server:
  port: 8443
  ssl:
    key-store: classpath:keystore.jks
    key-store-password: secret
    key-password: another-secret

Here's a link to the current reference documentation.

这是当前参考文档的链接。

For external keystores, prefix with "file:"

对于外部密钥库，前缀为“file:”

server.ssl.key-store=file:config/keystore 

If you don't want to implement your connector customizer, you can build and import the library (https://github.com/ycavatars/spring-boot-https-kit) which provides predefined connector customizer. According to the README, you only have to create your keystore, configure connector.https.*, import the library and add @ComponentScan("org.ycavatars.sboot.kit"). Then you'll have HTTPS connection.

如果你不想实现你connector customizer，你可以建立并导入库（https://github.com/ycavatars/spring-boot-https-kit其提供预定义的）connector customizer。根据自述文件，您只需创建密钥库、配置connector.https.*、导入库并添加@ComponentScan("org.ycavatars.sboot.kit"). 然后您将拥有 HTTPS 连接。

And here's an example of the customizer implemented in Groovy:

这是在 Groovy 中实现的定制器的示例：

https://github.com/UniconLabs/orville/blob/master/web/src/main/groovy/org/apereo/openregistry/config/TomcatSslConfiguration.groovy

https://github.com/UniconLabs/orville/blob/master/web/src/main/groovy/org/apereo/openregistry/config/TomcatSslConfiguration.groovy