0

I'm trying to configure my spring boot app on apache2 with a SSL certificate but i cannot understand if all the steps i'm doing are correct, before putting it in production. I need to use https and redirect all calls from 80 to 443

So, my jar application is deployed on port 8080, so I have first edited my /etc/apache2/sites_available/000-default.conf in this way

<VirtualHost *:80>
       ServerName www.example.com

        ServerAdmin webmaster@localhost


        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        ProxyPreserveHost On
        ProxyPass / http://localhost:8080/

</VirtualHost>

And this was working great when i needed just plain http

Now i have a CA-certificate, i put the crt and the key in /etc/apache2/ssl/certs/ and /etc/apache2/ssl/private/ and edited the 

default-ssl.conf

in this way

<IfModule mod_ssl.c>
        <VirtualHost _default_:443>
                ServerAdmin webmaster@localhost

                DocumentRoot /var/www/html


                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined


                SSLEngine on
                SSLCertificateFile      /etc/ssl/certs/xxxxxxxxxxxx.crt
                SSLCertificateKeyFile /etc/ssl/private/yyyyyyyyyyy.key
                SSLCertificateChainFile /etc/apache2/ssl/certs/sf_bundle-g2-g1.crt

     <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>
    </VirtualHost>
</IfModule>

In this way, i should have enabled SSL on Apache, right? Now i need to understand how to redirect all call from 80 to 443, and if the workflow i followed is correct

MarioC
  • 2,934
  • 15
  • 59
  • 111

1 Answers1

1

Sorry if I'm missing the point but I'm not sure how exactly your question relates to Spring Boot.

Apache is "just" an HTTP server. Spring applications run in an application server like Tomcat or Wildfly or as a standalone JAR with an embedded Tomcat.

I guess you want to use the Apache as a proxy in front of the Spring application, but as far as I can see, its configuration in terms of SSL is not connected to Spring then.

One possible answer to your question would then be to do it like this (as described here: http to https apache redirection):

NameVirtualHost *:80
<VirtualHost *:80>
  ServerName mysite.example.com
  DocumentRoot /usr/local/apache2/htdocs 
  Redirect permanent / https://mysite.example.com/
</VirtualHost>

<VirtualHost _default_:443>
  ServerName mysite.example.com
  DocumentRoot /usr/local/apache2/htdocs
  SSLEngine On
</VirtualHost>
anothernode
  • 5,100
  • 13
  • 43
  • 62
  • you are right, it's not concerned to Spring, it was just to say that the application listens on port 8080, so i have first to tell apache to act as a proxy and then redirect to 443, right? – MarioC Jul 04 '17 at 17:20
  • If you want Apache to act as a proxy, you configure it to forward all incoming traffic on one port (like port 80) to your Spring application, which could listen on any port (by default 8080). But you can't really tell Apache to be a proxy, as "proxy" is just a descriptive term in this case. SSL encryption is really another story again. Having HTTP traffic on port 80 and HTTPS traffic on port 443 is just a standardised convention (which is a good idea to stick to for everything you make available publicly) but technically you could have SSL encrypted HTTPS traffic on any port you configure. – anothernode Jul 05 '17 at 08:19