Created
March 2, 2016 13:51
-
-
Save mihkels/6e30e8e21acc68a55482 to your computer and use it in GitHub Desktop.
Spring Boot with Letsencrypt SSL certificate support
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server: | |
port: 443 | |
http: | |
port: 80 | |
ssl: | |
key-store: classpath:ssl/letsencrypt.jks | |
key-store-password: password | |
key-password: password |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# IMPORTANT: You must run ./letsencrypt-auto inside the server where the application will be running. | |
# Generate certificat files | |
./letsencrypt-auto certonly --standalone -d example.com | |
# Go to directory where certificates where generated | |
cd /etc/letsencrypt/live | |
# Create new letsencrypt.jks keystore | |
openssl pkcs12 -export -in cert.pem -inkey privkey.pem -out cert_and_key.p12 -name tomcat -CAfile chain.pem -caname root | |
keytool -importkeystore -deststorepass password -destkeypass password -destkeystore letsencrypt.jks -srckeystore cert_and_key.p12 -srcstoretype PKCS12 -srcstorepass password -alias tomcat | |
keytool -import -trustcacerts -alias root -file chain.pem -keystore letsencrypt.jks |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@Configuration | |
public class MultiConnectionSupport { | |
@Value("${server.port}") | |
private int serverPort; | |
@Value("${server.http.port}") | |
private int httpServerPort; | |
@Bean | |
public EmbeddedServletContainerFactory servletContainer() { | |
final TomcatEmbeddedServletContainerFactory tomcat = new RedirectTomcatEmbeddedServletContainerFactory(); | |
tomcat.addAdditionalTomcatConnectors(createSslConnector()); | |
return tomcat; | |
} | |
private Connector createSslConnector() { | |
final Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); | |
connector.setScheme("http"); | |
connector.setPort(httpServerPort); | |
connector.setSecure(false); | |
connector.setRedirectPort(serverPort); | |
return connector; | |
} | |
private static class RedirectTomcatEmbeddedServletContainerFactory extends TomcatEmbeddedServletContainerFactory { | |
@Override | |
protected void postProcessContext(Context context) { | |
final SecurityConstraint securityConstraint = new SecurityConstraint(); | |
securityConstraint.setUserConstraint("CONFIDENTIAL"); | |
final SecurityCollection collection = new SecurityCollection(); | |
collection.addPattern("/*"); | |
securityConstraint.addCollection(collection); | |
context.addConstraint(securityConstraint); | |
} | |
} | |
} |
Nice gist, btw check this link out.
This doesn't work with newer versions of SpringBoot.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
For the Java noobs like myself that aren't using an IDE like Netbeans that adds the
import
s for you you'll need something like this at the top of theMultiConnectionSupport.java
:The
letsencrpyt.sh
openssl
andkeytool
commands work for other certs from other authorities as well, instead of the.pem
files use the othercrt
s provided by them.