[JAVA] HTTPS with Spring Boot and Let's Encrypt

Introduction

Create an HTTPS-enabled web app with Spring Boot. The application server uses Tomcat, which is automatically embedded within the Spring Boot app. The server certificate uses Let's Encrypt to create a formal certificate that is trusted on the Internet.

To use HTTPS, your server needs to be accessible from the Internet, so you need a domain name (FQDN). In my case, the server used for the test uses the following DDNS.

Private MyDNS.JP https://www.mydns.jp/

Development environment

Open JDK 14.0.1 (※) Spring Boot 4 4.6.2.RELEASE Development PC Windows 10 Pro 1909 Server AWS EC2 machine image Amazon Linux AMI 2018.03.0

Creating a server certificate

Create a server certificate to build a server over HTTPS. First, build a web server using AWS EC2.

Build an EC2 server

  1. Sign in to the AWS console and select EC2 from Services.
  2. Create an instance. The Amazon machine image should be "Amazon Linux AMI 2018.03.0 (HVM), SSD Volume Type". The minimum specifications are OK.
  3. Don't forget to download the key pair when you create the server.

Log in to the server with Tera Term. The user name is ec2-user and no password is required. As the RSA key, specify the key file downloaded in step 3. qiita0605_1.PNG

After logging in, let's update the package.

sudo yum -y update

Install Apache HTTP Server.

sudo yum -y install httpd mod_ssl
sudo service httpd start

Make the Apache root folder accessible to ec2-user.

sudo chown ec2-user /var/www/html/

OpenJDK installation

First, go to the OpenJDK site on your PC and download .tar.gz for Linux.

qiita0605_9.PNG

Upload the downloaded openjdk-14.0.1_linux-x64_bin.tar.gz to your server. You can upload by dragging and dropping to Tera Term.

Unzip it.

tar zxvf openjdk-14.0.1_linux-x64_bin.tar.gz

Create /etc/profile.d/env.sh to pass PATH to OpenJDK.

# /etc/profile.d/env.sh
export PATH=/home/ec2-user/jdk-14.0.1/bin:$PATH

Please log in to the server again to apply the PATH setting.

DDNS registration

Upload the server address to DDNS. In the case of MyDNS, you can upload it by accessing the site with wget. You need to register for a free account. For details, please check MyDNS Site.

wget -O - 'http://mydns123456:[email protected]/login.html'

Access list settings

The security group settings that are set by default on EC2 allow only SSH. Let's allow HTTP / HTTPS.

Select the instance you created in the Instances pane and click the Security Group link (such as launch-wizard-1). Select Edit Inbound Rule, click Add Rule, and allow HTTP and HTTPS from anywhere. qiita0605_2.PNG

Install Let's Encrypt Tool

Install git and socat.

sudo yum -y install git socat

Install Let's Encrypt automation shell acme.sh.

git clone https://github.com/acmesh-official/acme.sh.git
cd acme.sh
./acme.sh --install

Creating a certificate

Create a certificate with the following command. (The domain name is fake)

./acme.sh --issue -d my.domain.jp -w /var/www/html

qiita0605_3.PNG

Pack the generated certificate in pkcs12 format.

openssl pkcs12 -export -in ~/.acme.sh/my.domain.jp/my.domain.jp.cer -inkey ~/.acme.sh/my.domain.jp/my.domain.jp.key -out ~/my.domain.jp.p12

You will be prompted to enter the password, so set the password. Be sure to record this password as you will need it in your Spring Boot settings.

/home/ec2-user/my.domain.jp.p12 should have been created, so download it. I think it is easy to use the SCP function of Tera Term.

  1. Select "File"-"SSH SCP" of Tera Term
  2. Enter my.domain.jp.p12 in From: at the bottom.
  3. Change To: at the bottom to something that is easy to understand, such as the user's desktop.
  4. Click "Receive"

With the above, the PKCS12 file of the certificate by Let's Encrypt has been created.

Creating a Spring Boot app

Create a web application with Spring Boot. Here, the purpose is to explain HTTPS conversion, so the site itself will be very simple.

Creating a project

Start Spring Tool Suite and select "File"-"New"-"Spring Starter Project". qiita0605_4.PNG

Dependencies can be just "Spring Web".

qiita0605_5.PNG

Create a sample page.

Create src / main / resources / static / index.html.

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>HTTPS Sample</title>
</head>
<body>
<h1>Let's Encrypt!</h1>
</body>
</html>

Enable HTTPS

Describe the following contents in src / main / resources / application.properties.

server.port=443
server.ssl.key-store=my.domain.jp.p12
server.ssl.key-store-password=MyPassword
server.ssl.keyStoreType=PKCS12

Copy the my.domain.jp.p12 file downloaded from the server to the root folder of your project.

qiita0605_6.PNG

Local operation check

Launch the Spring Boot app. Please start by "Run"-> "Run as"-> "Spring Boot App". Since the certificate has the FQDN set in DDNS, this warning will be displayed when accessing with localhost. If you ignore the warning and force it, the page will be displayed, but here it is enough to see this warning.

qiita0605_7.PNG

Upload to server

To run the site on the AWS server, you need to upload the program created by Spring Boot as a jar file.

Run "Run"-> "Run as"-> "Maven install" in Spring Tool Suite.

"SampleHTTPS-0.0.1-SNAPSHOT.jar" will be created in the "target" folder.

qiita0605_8.PNG

Right-click the file-> "Show in"-> "System Explorer" to open Explorer, and drag and drop it into Tera Term.

You also need ** my.domain.jp.p12 ** in the project folder (one level above target), so drag and drop it into Tera Term in the same way to upload it.

Start on the server

If Apache is running on the server, it will stop because the port conflicts with the application created by Spring Boot.

sudo service httpd stop
sudo chkconfig httpd off

Start the java program. However, port 443 cannot be bound by ec2-user, so su it before executing it.

sudo su
java -jar SampleHTTPS-0.0.1-SNAPSHOT.jar

qiita0605_11.PNG

If you can start it, let's display the site. The page displayed is just text, but you can see that the lock mark is displayed and HTTPS is enabled. If you look at the certificate, you can see that the certificate has been issued by Let's Encrypt.

qiita0605_12.PNG

qiita0605_10.PNG

It's been long, but that's it.

Referenced site

Enable SSL (HTTPS) in Spring boot

Let's Encrypt official https://letsencrypt.org/ja/docs/client-options/ From github of acme.sh https://github.com/acmesh-official/acme.sh

Recommended Posts

HTTPS with Spring Boot and Let's Encrypt
Download with Spring Boot
Try using DI container with Laravel and Spring Boot
Generate barcode with Spring Boot
Hello World with Spring Boot
Switch environment with Spring Boot application.properties and @Profile annotation
Implement GraphQL with Spring Boot
Get started with Spring boot
Spring Boot with Spring Security Filter settings and addictive points
Run LIFF with Spring Boot
SNS login with Spring Boot
File upload with Spring Boot
Spring Boot starting with copy
Spring Boot starting with Docker
Hello World with Spring Boot
Set cookies with Spring Boot
Use Spring JDBC with Spring Boot
Add module with Spring Boot
Getting Started with Spring Boot
Attempt to SSR Vue.js with Spring Boot and GraalJS
Create microservices with Spring Boot
Send email with spring boot
Connect Spring Boot and Angular type-safely with OpenAPI Generator
Handle Java 8 date and time API with Thymeleaf with Spring Boot
Implement REST API with Spring Boot and JPA (Application Layer)
Implement REST API with Spring Boot and JPA (Infrastructure layer)
Let's make a simple API with EC2 + RDS + Spring boot ①
Until INSERT and SELECT to Postgres with Spring boot and thymeleaf
Connect to database with spring boot + spring jpa and CRUD operation
Implement REST API with Spring Boot and JPA (domain layer)
Domain Driven Development with Java and Spring Boot ~ Layers and Modules ~
Create an app with Spring Boot 2
Database linkage with doma2 (Spring boot)
Elastic Beanstalk (Java) + Spring Boot + https
Spring Boot programming with VS Code
Until "Hello World" with Spring Boot
Get validation results with Spring Boot
(Intellij) Hello World with Spring Boot
Create an app with Spring Boot
Spring profile function, and Spring Boot application.properties
Google Cloud Platform with Spring Boot 2.0.0
Check date correlation with Spring Boot
I tried GraphQL with Spring Boot
[Java] LINE integration with Spring Boot
Beginning with Spring Boot 0. Use Spring CLI
I tried Flyway with Spring Boot
Encrypt with Java and decrypt with C #
Message cooperation started with Spring Boot
Spring Boot gradle build with Docker
Easily develop web applications with STS and Spring Boot. In 10 minutes.
Let's make a book management web application with Spring Boot part3
Let's make a book management web application with Spring Boot part2
Compare Hello, world! In Spring Boot with Java, Kotlin and Groovy
Image Spring Boot app using jib-maven-plugin and start it with Docker
[Beginner] Let's write REST API of Todo application with Spring Boot
Processing at application startup with Spring Boot
Spring with Kotorin --2 RestController and Data Class
Hello World with Eclipse + Spring Boot + Maven
[Now] Let's Redmine with Docker Compose with Let's Encrypt
Send regular notifications with LineNotify + Spring Boot
Let's try WebSocket with Java and javascript!