Prequisitions
Let’s assume you have:
- Spring boot app deployed on tomcat on path ~/tomcat/webapps/myApp
- Your domain is pointing on IP of your server
- Port 80 is redirected to 8080 - you can do it by:
sudo iptables -A PREROUTING -t nat -p tcp --dport 80 -j REDIRECT --to-ports 8080
sudo apt-get install iptables-persistent
- You have host defined in server.xml like:
<Host name="myApp.com" appBase="webapps" unpackWARs="false" autoDeploy="false"> <Alias>www.myApp.com</Alias> <Context path="" docBase="/opt/tomcat/webapps/myApp" debug="0" privileged="true" /> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="myApp_access_log." suffix=".txt" pattern="%h %l %u %t "%r" %s %b" resolveHosts="false" /> </Host>
So finally address www.myApp.biz points directly to ~/tomcat/webapps/myApp.
More details here: https://codefitter2.blogspot.com/2018/07/how-to-deploy-spring-boot-jhipster-app.html
Generate Let’s Encrypt certificate
Install Certbot:
$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache
Then:
sudo certbot certonly --webroot -w ~/tomcat/webapps/myApp -d myApp.biz,www.myApp.biz
You should see:
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: ...
Redirect ports for https:
sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443
Now you can see iptables list:
sudo iptables -t nat -L --line-numbers
and remove some line if necessary with
sudo iptables -t nat -D PREROUTING 1
-----------------------------
Configure apache:
Edit /etc/apache2/sites-available/default-ssl.conf:
Add:
ServerAdmin youremail@myApp.biz ServerName myApp.biz
...
SSLCertificateFile /etc/letsencrypt/live/myApp.biz/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/myApp.biz/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/myApp.biz/chain.pem
...
Enable the SSL module:
sudo a2enmod ssl
Enable the site just edited:
sudo a2ensite default-ssl.conf
Restart Apache:
sudo service apache2 restart
Now, redirect http to https.
In server.xml add:
<Connector port="8080" enableLookups="false" redirectPort="443" /> <Connector port="443" protocol="HTTP/1.1" enableLookups="false" redirectPort="8443" />
In web.xml add:
<security-constraint> <web-resource-collection> <web-resource-name>Restricted URLs</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
On AWS EC2 -> Instances - Security groups click view inbound rules and make sure port 443 is available.