There are thousands of articles on how to set up HTTPS in either tomcat or at the application level in your spring boot application. But I didn't find a way to configure tomcat for an application that already has configured HTTPS.
I've already set up my spring boot application to run on HTTPS by configuring these properties:
server.port=7070
server.ssl.enabled=true
server.ssl.key-store-password=my_password
server.ssl.key-store-type=PKCS12
server.ssl.key-store=keystore-path
server.ssl.key-alias=key_alias
And it perfectly works when I run my IDE(Intellij) and serves on https://localhost:7070
on my machine.
On the other hand, When I deploy my app into the tomcat. it runs on the port of tomcat which is defined on server.xml connector. for instance :
<Connector port="7071" protocol="HTTP/1.1" connectionTimeout="20000" />
By doing so, The connector port in tomcat overrides the port number on the application.properties. So if I want to run my application in HTTPS in tomcat, Documents says I need to define a new connector, for example :
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
type="RSA" />
</SSLHostConfig>
</Connector>
or
<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150" SSLEnabled="true" >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
certificateFile="conf/localhost-rsa-cert.pem"
certificateChainFile="conf/localhost-rsa-chain.pem"
type="RSA" />
</SSLHostConfig>
</Connector>
But these ways, I have to configure my Keystore, password, alias, and ... again in my tomcat.
I'm wondering is there any other way around not configuring again my Keystore, password and .. again in tomcat?
CodePudding user response:
No, there is no other way around it. server.*
properties are only applied when running the application in an embedded container. When deploying to an existing Tomcat instance, they are not used.