Skip to content

Instantly share code, notes, and snippets.

@mihkels
Created March 2, 2016 13:51
Show Gist options
  • Save mihkels/6e30e8e21acc68a55482 to your computer and use it in GitHub Desktop.
Save mihkels/6e30e8e21acc68a55482 to your computer and use it in GitHub Desktop.
Spring Boot with Letsencrypt SSL certificate support
server:
port: 443
http:
port: 80
ssl:
key-store: classpath:ssl/letsencrypt.jks
key-store-password: password
key-password: password
# IMPORTANT: You must run ./letsencrypt-auto inside the server where the application will be running.
# Generate certificat files
./letsencrypt-auto certonly --standalone -d example.com
# Go to directory where certificates where generated
cd /etc/letsencrypt/live
# Create new letsencrypt.jks keystore
openssl pkcs12 -export -in cert.pem -inkey privkey.pem -out cert_and_key.p12 -name tomcat -CAfile chain.pem -caname root
keytool -importkeystore -deststorepass password -destkeypass password -destkeystore letsencrypt.jks -srckeystore cert_and_key.p12 -srcstoretype PKCS12 -srcstorepass password -alias tomcat
keytool -import -trustcacerts -alias root -file chain.pem -keystore letsencrypt.jks
@Configuration
public class MultiConnectionSupport {
@Value("${server.port}")
private int serverPort;
@Value("${server.http.port}")
private int httpServerPort;
@Bean
public EmbeddedServletContainerFactory servletContainer() {
final TomcatEmbeddedServletContainerFactory tomcat = new RedirectTomcatEmbeddedServletContainerFactory();
tomcat.addAdditionalTomcatConnectors(createSslConnector());
return tomcat;
}
private Connector createSslConnector() {
final Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
connector.setPort(httpServerPort);
connector.setSecure(false);
connector.setRedirectPort(serverPort);
return connector;
}
private static class RedirectTomcatEmbeddedServletContainerFactory extends TomcatEmbeddedServletContainerFactory {
@Override
protected void postProcessContext(Context context) {
final SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
final SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
}
}
@brunoaduarte
Copy link

This doesn't work with newer versions of SpringBoot.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment