Hi I want to install letsencryption ssl on java app linux server.
I have hosted java app on linux server. now i want to protect this app via lets encryption,
can any one help me to do this
Regards,
Ahmad
How are you running it? Spring Boot jar or in a servlet container (like Tomcat)?
using spring boot jar
You’re going to need to install another server to handle SSL for you, as a reverse proxy.
For example, install nginx (apt install nginx or yum install nginx depending which Linux distribution), and setup a virtual host like this:
server {
listen 80;
listen [::]:80;
server_name dev.soldi.io;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Change your Spring Boot application.properties to use a different port and understand the headers:
server.port=8080
server.use-forward-headers=true
Stop your Java application, start nginx, start your Java application.
Then, download Certbot using the instructions on this site: https://certbot.eff.org/
and then run:
certbot --nginx -d dev.soldi.io
and it will create and configure a certificate for you.
can we do this using apache, with our negix?
Regards,
You can use Apache httpd if you want, but you’ll have to figure out the instructions by searching online.
Tomcat is embeded into Springboot
so its actually Tomcat running as webserver
Springboot is a framework for backend coding
I am not want to run proxy server can you give me solution for this,
The reason that I suggested a reverse proxy is that it is a simple solution that integrates with the Let’s Encrypt ecosystem, with automatic renewal.
If you want your Spring Boot jar to handle SSL for you, you are welcome to issue a certificate manually and configure your application.properties with the required server.ssl configuration parameters … and repeat that task every 60-90 days.
If i want ssl certificate with spring boot jar then i need to use open ssl?
how can i issue certificate manually???
You can stop your Spring Boot app and use:
certbot certonly --standalone -d dev.soldi.io
or you can keep your app running and use DNS validation:
certbot certonly -a manual --preferred-challenges dns -d dev.soldi.io
Once you do this, you will need to convert the certificates into the correct format for the embedded Tomcat server:
openssl pkcs12 -export -out /etc/letsencrypt/live/dev.soldi.io/bundle.pfx -inkey /etc/letsencrypt/live/dev.soldi.io/privkey.pem -in /etc/letsencrypt/live/dev.soldi.io/cert.pem -certfile /etc/letsencrypt/live/dev.soldi.io/chain.pem -password pass:apassword
and then configure application.properties with:
server.ssl.key-store=/etc/letsencrypt/live/dev.soldi.io/bundle.pfx
server.ssl.key-store-password=apassword
server.ssl.key-store-type=PKCS12
server.ssl.enabled=true
server.ssl.protocol=TLS
server.port=8443
Keep in mind the default Spring Boot jar is only capable of doing either HTTP or HTTPS, not both at the same time. If you need anything more complicated, then you need to either stop using the embedded Tomcat server, or inject a new Tomcat connector from Java code.
1 Like
[root@ip-172-31-17-177 letsencrypt]# certbot certonly --standalone -d dev.soldi.io
bash: certbot: command not found
[root@ip-172-31-17-177 letsencrypt]#
facing this issue
Re-read my earlier posts. I included a link to the Certbot website, which gives you installation instructions.
1 Like
i have done this but application is not coming online,
Why we are using server.port=8443?
before ssl i am using port 80
The application came up: https://dev.soldi.io:8443/
You can set it to port 443 and then you would be able to visit just https://dev.soldi.io/ .
But as I mentioned, only one port can be used at a time in a Spring Boot jar.
So if you have SSL enabled on port 443, port 80 will not work.
1 Like
A post was split to a new topic: Using Letsencrypt with a java spring-boot application
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.