This springboot ssl never works - spring-boot

I configured ssl on springboot correctly:
server.port=8443
server.ssl.key-store=classpath:springboot.p12
server.ssl.key-store-password=*****
server.ssl.key-store-type=PKCS12
It always says the same whatever port I try:The Tomcat connector configured to listen on port 8443 failed to start. The port may already be in use or the connector may be mis-configured. Action:Verify the connector's configuration, identify and stop any process that's listening on port 8443, or configure this application to listen on another port. Springboot will not start the application, it's so terrible as a framework with no way to debug it.
Any experienced developer could know such a bug that stuck me forever?!

Its apache2 use it:
SSLEngine On
SSLCertificateFile /abc.crt
SSLCertificateKeyFile /abc.key
SSLCertificateChainFile /abc.ca-bundle

It has to use this way exactly to make it work:
https://mkyong.com/spring-boot/spring-boot-ssl-https-examples/

Related

Strange behavior of server.port property in Tomcat

Actually, it is not a problem, but a strange thing I would like to understand. I use SpringBoot2 with embedded Tomcat. And I've added self-signed SSL certificate. This is pretty usual config:
server.ssl.key-store-type=PKCS12
server.ssl.key-store=classpath:keystore.p12
server.ssl.key-store-password=123456
server.ssl.key-alias=tomcat
server.port=8443
And I made a connector, to force http -> https redirect, like in many examples:
private Connector getHttpConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
connector.setPort(8080);
connector.setSecure(false);
connector.setRedirectPort(8443);
return connector;
}
If I would not specify server.port property in my config, I will see the following error:
Description:
The Tomcat connector configured to listen on port 8080 failed to
start. The port may already be in use or the connector may be
misconfigured.
Action:
Verify the connector's configuration, identify and stop any process
that's listening on port 8080, or configure this application to listen
on another port.
But if I will, I will see following:
o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s):
8443 (https) 8080 (http) with context path ''
Why server.port starts to point at https port??? Even sources of springframework.boot.autoconfigure.web.ServerProperties says that it is
/**
* Server HTTP port.
*/
Is it ok, or I've got something strange in my server? Or this is how Conectors works? :) Thank you
By default, the embedded server start on port 8080 if you don't give any value for server.port in the properties file
And you are also specifying connectors port as 8080 (connector.setPort(8080);)
Hence you are getting port conflicts.

Deploying gradle spring application on a 1and1 cloud server

I have an apache/2.4.18 ubuntu server and I want to host my spring application on it. I generated a JAR file and can run it on the server. It starts an embedded tomcat server on port 8090.
However when i navigate to 'my-site-ip:8090' the connection times out.
I have zero experience deploying web applications so any help would be appreciated.
I've created a TCP rule for port 8090 and still no joy.
The solution was adding a proxy to the Myapp.conf file as below:
ProxyRequests off
ProxyPreserveHost On
ProxyPass / http://localhost:8090/
ProxyPassReverse / http://localhost:8090/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
It´s very hard to explain all the steps in one answer but you can follow these steps to get into the full configuration by your own. I did the same on my 1&1 cloud server.
First of all you need root access to your server.
Normally, on your server the port 80 and 443 should already be open. Else you can define that in the 1&1 Admin Portal. If your Server already has the apache configuration you should be able to see the apache site if you go to your server address. You can find details and the full setup if you dont have an apache installed for this step here:
How To Install the Apache Web Server on Ubuntu
The second step would be to configure a virtual host on your apache webserver.
This is cool because you can define multiple domains and there applications on your server. So http://yourServer.com(port 80 or 443 from extern) goes to yourApp1. (port 8090 from intern).
In this step you will tell apache if your enter your url to go to your app with port 8090
How To Set Up Apache Virtual Hosts on Ubuntu
The last step would be to install your spring-boot app as a service on your machine. The docs of Spring describes it very well.
Installation as an init.d Service
If you install the app as a service you are able to start and stop the app with the service command.
service myapp start
And dont forget to add the plugin for maven or gradle to your pom.xml. This is necessary to run the app as a service.
If you follow these Steps you should be able to reach you app without specify a port and be ready to go with your app in production if necessary.
The best approach for this would be to use the apache proxy. This should get it done.
https://blog.marcnuri.com/running-apache-tomcat-and-apache-httpd-on-port-80-simultaneously/

Play Application runs on port 443 but nothing resolves from a browser

We have a Play application running on a Linux box that resolves to port 443 instead of port 80 or port 9000.
The application is up and running without errors - there are no errors in the SSH console.
Port 80 is disabled (HTTP) but we want to have the web application appear in the browser using port 443 (HTTPS).
We have the application.conf file set up to use the correct port as well as the correct keystore path and keystore type (JKS).
Since there are no errors, we would like to know what we can do to correct this situation. Any help would be great!

sonar 3.6 https configuration

I have just upgraded from Sonar 3.2.1 to Sonar 3.6. I was able to configure Sonar 3.2.1 to use https by placing a jetty.xml file in SONAR_HOME. The same approach does not seem to work for Sonar 3.6 and from looking at the source for org.sonar.application.JettyEmbedder I think the https port is hard-coded to 8443. FYI, The embedded jetty version is 7.6.11.
The relevant Sonar FAQ reads thus :
Can SonarQube run in HTTPS mode
No. But you can run SonarQube in a standard HTTPS infrastructure using reverse proxy (in this case the reverse proxy must be configured to set the value 'X_FORWARDED_PROTO: https' in each HTTP request header. Without this property, redirection initiated by the SonarQube server will fall back on HTTP).
If this is true then Sonar has taken a step backwards security-wise. Is there an alternative way to configure Sonar/Jetty to run on https ?
You can install Apache on the same machine and set reverse proxy.
Your http://your-sonar-host.com address needs to run on port 80. Apache will forward it to 9000 (sonar runs on port 9000)
After installing Apache, open the configuration and type the following:
<Location />
ProxyPass http://your-sonar-host.com:9000/
ProxyPassReverse http://your-sonar-host.com:9000/
RequestHeader set X_FORWARDED_PROTO 'https'
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
</Location>
There is nothing else you need to do.

Running Apache without explicitly declaring listening on ports such as :3000 or :6600

Using Ruby and Thin as a web service. Apache is also loaded. Can't access the web service because listing ports, such as :3000 or :6600, in the GET url is not allowed. How is the port requirement removed?
Use Apache ProxyPass.
cd /etc/apache2/sites-enabled/
sudo vi 000-default
Edit Lines:
ServerAdmin webmaster#localhost
ProxyPass /breakfast http://localhost:4567/breakfast
DocumentRoot /var/www
sudo /etc/init.d/apache2 restart
If you're talking about Apache HTTPD, either leave off the port, or specify "80" for the port.
If you're talking about Apache Tomcat, you'll need to set up an HTTP Connector with port=80, but Tomcat will need to be launched as root.

Resources