-
-
Save amitbansal26/27868354ac59d5344a8e53aa0ad3a113 to your computer and use it in GitHub Desktop.
Spring Boot with Letsencrypt SSL certificate support
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server: | |
| port: 443 | |
| http: | |
| port: 80 | |
| ssl: | |
| key-store: classpath:ssl/letsencrypt.jks | |
| key-store-password: password | |
| key-password: password |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # IMPORTANT: You must run ./letsencrypt-auto inside the server where the application will be running. | |
| # Generate certificat files | |
| ./letsencrypt-auto certonly --standalone -d example.com | |
| # Go to directory where certificates where generated | |
| cd /etc/letsencrypt/live | |
| # Create new letsencrypt.jks keystore | |
| openssl pkcs12 -export -in cert.pem -inkey privkey.pem -out cert_and_key.p12 -name tomcat -CAfile chain.pem -caname root | |
| keytool -importkeystore -deststorepass password -destkeypass password -destkeystore letsencrypt.jks -srckeystore cert_and_key.p12 -srcstoretype PKCS12 -srcstorepass password -alias tomcat | |
| keytool -import -trustcacerts -alias root -file chain.pem -keystore letsencrypt.jks |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @Configuration | |
| public class MultiConnectionSupport { | |
| @Value("${server.port}") | |
| private int serverPort; | |
| @Value("${server.http.port}") | |
| private int httpServerPort; | |
| @Bean | |
| public EmbeddedServletContainerFactory servletContainer() { | |
| final TomcatEmbeddedServletContainerFactory tomcat = new RedirectTomcatEmbeddedServletContainerFactory(); | |
| tomcat.addAdditionalTomcatConnectors(createSslConnector()); | |
| return tomcat; | |
| } | |
| private Connector createSslConnector() { | |
| final Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); | |
| connector.setScheme("http"); | |
| connector.setPort(httpServerPort); | |
| connector.setSecure(false); | |
| connector.setRedirectPort(serverPort); | |
| return connector; | |
| } | |
| private static class RedirectTomcatEmbeddedServletContainerFactory extends TomcatEmbeddedServletContainerFactory { | |
| @Override | |
| protected void postProcessContext(Context context) { | |
| final SecurityConstraint securityConstraint = new SecurityConstraint(); | |
| securityConstraint.setUserConstraint("CONFIDENTIAL"); | |
| final SecurityCollection collection = new SecurityCollection(); | |
| collection.addPattern("/*"); | |
| securityConstraint.addCollection(collection); | |
| context.addConstraint(securityConstraint); | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi thanks for sharing! I have not try it yet, but I have some questions:
1- Will this be auto-renewed?
2- What's the MultiConnectionSupport class for? I'm reading several post about Let'sEncrypt and SpringBoot and this is the first time I see somthing like this
Thank you!