Using SSL with Tomcat and Spring - spring

I would like to add encrypted connections to my Spring application running on a Tomcat server in a remote host (Amazon EC2 server). I was going to add a Let's Encrypt certificate to my Tomcat, but while searching on the web I read that encrypting my connections could considerably slow down my application. So I was wondering, what would be the best practice to encrypt my application? And does it really slow down so much my application that it would be noticeable? I would really like to implement the best solution, so I am very grateful in advance for suggestions.

The (almost) universal practice is to put a proper high performance web server like nginx or Apache HTTPD in front of your application server acting as a reverse proxy and handling SSL. That way your application server stays on a private network and only a web server is exposed. It’s very easy and you can find many tutorials on how to set it up. Like this one: http://webapp.org.ua/sysadmin/setting-up-nginx-ssl-reverse-proxy-for-tomcat/

Related

Make netty server on localhost accesable over internet

I have developed a Jooby-Application which is hosted on a netty server. I can access the application on localhost and tests were fine. Now I want to make the app accessable over internet and dont know what is the best way to reach this goal?
The complete application is hosted on a Windows Server, because it uses Excel. (Read/Write over Apache POI. For macros it has to be Windows) Should I try to connect the running netty-server with IIS or can I just forward the requests from outside to localhost? The last mentioned approach propably is a bad idea regarding security issues.
It works with reverse proxy over IIS. I had to install some features like Application Request Routing and URL Rewrite. Then I can start the jooby application (netty server) as usual on a specific port at localhost and set a reverse proxy to it.
I am not sure why being on a window is necessary, anyways, Netty is just a Java network programming framework, it can run on any platform where Java is installed.
You need to host a server, you can buy a VPS, install windows as OS, install Java, you can run your application as you like.
What I understand is you need to test it, for that you can use any port forwarding service like https://pagekite.net/support/intro/features/ to enable "world access" to localhost

Webserver for Angular and Spring application

I'm building a small web application for a personal project. It will be an Angular web application which will talk to a Spring-Boot service layer which in turn will read/write stuff to MongoDb.
I hope to host all this on a single EC2 instance in AWS. My question is how to configure a web server (like Apache but doesn't have to be) to 'beautify' the URLs a bit. Example, without touching anything angular will run at something like host:4200 and the service layer at host:8080. I will then have to map a proper domain to host in AWS, but the hiding of ports etc is where it gets murky for me.
I want to be able to hit my web app at domain.com (no ports etc) and I also want my service layer to ideally have a similar setup e.g. domain.com/service (no ports etc).
How do I configure a webservice to do this for me? Examples or pointers to specific examples would be ideal, but even a pointer to the right documentation will be helpful.
This thread is kind of similar to what I want but not too helpful: How to deploy Spring framework backend and Angular 2 frontend application in any online server?
You can use a setup with AWS CloudFront as reverse proxy and CDN cache. You can map the Domain Name and SSL Certificates(You can use AWS issued free SSL Certificates through AWS Certificate Manager) to CloudFront while the EC2 instance is plugged as an origin behind CloudFront as shown in the following diagram.
In the diagram I have optionally added, which is a common practice in designing applications in AWS.
Hosting the Angular App in S3
Using Autoscaling & Loadbalancing for EC2 instances.
You need to use Apache or other web server as a reverse proxy. Start here -
https://devops.profitbricks.com/tutorials/configure-apache-as-a-reverse-proxy-using-mod_proxy-on-ubuntu/
You then will need to setup a custom domain name. The easiest option is to just use an ELB (now called Classic Load Balancer). More details are here -
http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/using-domain-names-with-elb.html

Sharing sessions between different servers behind an nginx reverse proxy

Wondering if we can share session data between two servers (running different code) behind an Nginx reverse proxy.
To be precise, we have a legacy app in PHP running on an apache server. We are updating some functionality and hosting only that functionality on a separate server (nginx). Both apps update the same DB.
nginX uses load balancing/ reverse proxy URL rewritting techniques to decide which server to send the client to based on the URL path they use.
So, a person can add items to his virtual basket (held in session) on
the new server application.
He then decides to edit his personal information which is on the other server (Legacy).
Nginx uses it's reverse proxy/load balancing magic to decide which server to send the person to based on where an app is available.
The question is, how can a session created on one app server be available to another app server aswell? is it possible to setup the reverse proxy to store all session data and how. Please point me to the right direction of you can help with google links aswell.
your question has several possible answers. It all depends on the way the application is designed.
A possible scenario would be to keep session information on a database shared among different web heads. In this way the client, once authenticated will retrieve its "session status" regardless which server he is accessing in the final servers cluster backend.
Again, this depends very much on the way the application is/has been designed.
I think there is very little magic you can do on an old legacy application just by configuring the reverse proxy engine.
In the end, sessions are handled by the application server and not the proxy frontend.

play-framework [2.0] HTTPS

i'me working on a web server using play framework 2.0, where the login is executed by a android device software we're also making. And are main concern is that we can't find any support for HTTPS in play 2.0. Sense this is a school project we can't aford clouds nor other proxy to solve the HTTPS for us.
Our main problem is the password and email going in plain sight in the request's body, encrypting and decrypting in the mobile device and on the server looks costly in performance and sense HTTPS takes care of this we wanted to avoid it. Is there any way we can use HTTPS to protect the users login data, or any other suggestion.
If not we might have to migrate all are application to another framework, because it wont look good important confidential data going through the internet without encryption.
Historically, I've seen most folks run the Java/Scala application server behind a reverse proxy of some kind. Setting up HTTPS in apache isn't too hard, and then just use ModProxy to send requests internally to your Play application.
Any one of the reverse proxy systems can likely do this, nginx is popular too, and generally has easier configuration than apache, but I've never used it with HTTPS.
The number one reason normally to do this is security. You can't start a Java program as a non privileged user on port 80. If you start your Java program as root running on port 80, then any hole in your application has root privileges! As a result, starting the Java app on another port, then reverse proxy from an web server that can run as a non-priveleged user on port 80.
(*) This is a slightly over-simplified, but a discussion of this weirdness is beyond the scope of this I think.
It's now possible to use Play and https directly. This was added in Play 2.1
Simply start the server with:
JAVA_OPTS=-Dhttps.port=9001 play start

Load test Service layer with LoadRunner thru Spring Remote

I have N-tier application; the presentation layer remote to the service layer through Spring Remote over HTTP. The enterprise uses Mercury LoadRunner for load testing. My question is how can I test the Service Layer by itself using LoadRunner and Spring Remote?? I looked around and could not find documentation on how to do so. Kindly share your experience. Thanks!
It's been a long time since I used this method, so I don't know if it will still work.
Record a web script and look in your proxy settings, you'll see that the web browser is pointing at localhost on port 7777. Set the Spring Remote machine's proxy server to be your VUGen machine on port 7777, it should record without problems, but you'll have to tweak your runtime settings to properly emulate a server.
If this doesn't work then you'll have to record the network traffic with a packet capture library (winpcap, pcap or Wireshark) and write your scripts by hand. This won't be hard if you understand HTTP.

Resources