Create an HTTPS-enabled web app with Spring Boot. The application server uses Tomcat, which is automatically embedded within the Spring Boot app. The server certificate uses Let's Encrypt to create a formal certificate that is trusted on the Internet.
To use HTTPS, your server needs to be accessible from the Internet, so you need a domain name (FQDN). In my case, the server used for the test uses the following DDNS.
Private MyDNS.JP https://www.mydns.jp/
Open JDK 14.0.1 (※) Spring Boot 4 4.6.2.RELEASE Development PC Windows 10 Pro 1909 Server AWS EC2 machine image Amazon Linux AMI 2018.03.0
Create a server certificate to build a server over HTTPS. First, build a web server using AWS EC2.
Log in to the server with Tera Term. The user name is ec2-user and no password is required. As the RSA key, specify the key file downloaded in step 3.
After logging in, let's update the package.
sudo yum -y update
Install Apache HTTP Server.
sudo yum -y install httpd mod_ssl sudo service httpd start
Make the Apache root folder accessible to ec2-user.
sudo chown ec2-user /var/www/html/
First, go to the OpenJDK site on your PC and download .tar.gz for Linux.
Upload the downloaded openjdk-14.0.1_linux-x64_bin.tar.gz to your server. You can upload by dragging and dropping to Tera Term.
tar zxvf openjdk-14.0.1_linux-x64_bin.tar.gz
Create /etc/profile.d/env.sh to pass PATH to OpenJDK.
# /etc/profile.d/env.sh export PATH=/home/ec2-user/jdk-14.0.1/bin:$PATH
Please log in to the server again to apply the PATH setting.
Upload the server address to DDNS. In the case of MyDNS, you can upload it by accessing the site with wget. You need to register for a free account. For details, please check MyDNS Site.
wget -O - 'http://mydns123456:[email protected]/login.html'
The security group settings that are set by default on EC2 allow only SSH. Let's allow HTTP / HTTPS.
Select the instance you created in the Instances pane and click the Security Group link (such as launch-wizard-1). Select Edit Inbound Rule, click Add Rule, and allow HTTP and HTTPS from anywhere.
Install git and socat.
sudo yum -y install git socat
Install Let's Encrypt automation shell acme.sh.
git clone https://github.com/acmesh-official/acme.sh.git cd acme.sh ./acme.sh --install
Create a certificate with the following command. (The domain name is fake)
./acme.sh --issue -d my.domain.jp -w /var/www/html
Pack the generated certificate in pkcs12 format.
openssl pkcs12 -export -in ~/.acme.sh/my.domain.jp/my.domain.jp.cer -inkey ~/.acme.sh/my.domain.jp/my.domain.jp.key -out ~/my.domain.jp.p12
You will be prompted to enter the password, so set the password. Be sure to record this password as you will need it in your Spring Boot settings.
/home/ec2-user/my.domain.jp.p12 should have been created, so download it. I think it is easy to use the SCP function of Tera Term.
With the above, the PKCS12 file of the certificate by Let's Encrypt has been created.
Create a web application with Spring Boot. Here, the purpose is to explain HTTPS conversion, so the site itself will be very simple.
Start Spring Tool Suite and select "File"-"New"-"Spring Starter Project".
Dependencies can be just "Spring Web".
Create a sample page.
Create src / main / resources / static / index.html.
<!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>HTTPS Sample</title> </head> <body> <h1>Let's Encrypt!</h1> </body> </html>
Describe the following contents in src / main / resources / application.properties.
server.port=443 server.ssl.key-store=my.domain.jp.p12 server.ssl.key-store-password=MyPassword server.ssl.keyStoreType=PKCS12
Copy the my.domain.jp.p12 file downloaded from the server to the root folder of your project.
Launch the Spring Boot app. Please start by "Run"-> "Run as"-> "Spring Boot App". Since the certificate has the FQDN set in DDNS, this warning will be displayed when accessing with localhost. If you ignore the warning and force it, the page will be displayed, but here it is enough to see this warning.
To run the site on the AWS server, you need to upload the program created by Spring Boot as a jar file.
Run "Run"-> "Run as"-> "Maven install" in Spring Tool Suite.
"SampleHTTPS-0.0.1-SNAPSHOT.jar" will be created in the "target" folder.
Right-click the file-> "Show in"-> "System Explorer" to open Explorer, and drag and drop it into Tera Term.
You also need ** my.domain.jp.p12 ** in the project folder (one level above target), so drag and drop it into Tera Term in the same way to upload it.
If Apache is running on the server, it will stop because the port conflicts with the application created by Spring Boot.
sudo service httpd stop sudo chkconfig httpd off
Start the java program. However, port 443 cannot be bound by ec2-user, so su it before executing it.
sudo su java -jar SampleHTTPS-0.0.1-SNAPSHOT.jar
If you can start it, let's display the site. The page displayed is just text, but you can see that the lock mark is displayed and HTTPS is enabled. If you look at the certificate, you can see that the certificate has been issued by Let's Encrypt.
It's been long, but that's it.
Let's Encrypt official https://letsencrypt.org/ja/docs/client-options/ From github of acme.sh https://github.com/acmesh-official/acme.sh