Before you get started, it’s important to keep in mind that a Spring Boot app is just a web app that’s packaged with an embedded Apache Tomcat Application Server. That means the process of setting up Tomcat to run behind an Apache Web Server is very similar to what you’ll see here. Bottom line: there’s no need to over-complicate this. While the post heading says running a Spring boot web application behind Apache, this article covers most of all J2EE based web applications be it Spring, Struts, Seam or JSF framework. It also broadly applies to any Web Service or Web Application which are bound to a port. A web server is a network service that serves content to a client over the web. This typically means web pages, but any other documents can be served as well. Web servers are also known as HTTP servers, as they use the hypertext transport protocol (HTTP). The Apache HTTP Server, httpd, is an open source web server developed by the Apache Software Foundation. The server-side of Spring-WS is designed around a central class that dispatches incoming XML messages to endpoints. Spring-WS's MessageDispatcher is extremely flexible, allowing you to use any sort of class as an endpoint, as long as it can be configured in the Spring IoC container. In a way, the message dispatcher resembles Spring's DispatcherServlet, the “ Front Controller ” used in. @EnableAutoConfiguration: Tells Spring Boot to start adding beans based on classpath settings, other beans, and various property settings. For example, if spring-webmvc is on the classpath, this annotation flags the application as a web application and activates key behaviors, such as setting up a DispatcherServlet.
Spring Boot can run as a standalone server, but putting it behind an Apache web server has several advantages, such as load balancing and cluster management. Now with LetsEncrypt it’s easier than ever (and free) to secure your site with SSL.
In this tutorial, we’ll secure an Apache server with SSL and forward requests to a Spring Boot app running on the same machine. (And once you’re done you can add Stormpath’s Spring Boot integration for robust, secure identity
management that sets up in minutes.)
Set Up Your Spring Boot Application
The most basic Spring Boot web application just shows a homepage. Using Maven, this has four files: pom.xml, Application.java, RequestController.java, and home.html.
The pom.xml file (in the root folder) declares four things: application details, starter parent, starter web dependency, and the Maven plugin (for convenience in running from the console).
RequestController.java (src/main/java/com/stormpath/tutorial) maps all requests to the homepage.
2 4 6 | <html> <body><h1>Hello there</h1></body> |
Note: you can clone this basic project from the GitHub repo.
Next, run:
2 |
You should see the page when browsing to localhost:8080.
Launch Apache
Next, we need to fire up Apache. I created an Ubuntu instance on EC2 (check out the AWS Documentation for a getting started guide). I then logged in and installed Apache with the following:
2 |
This should install and start an Apache server running on port 80. After adding HTTP to the instance inbound security group (again here, the AWS Documentation contains a guide) you should be able to browse to the public DNS.
Add LetsEncrypt
LetsEncrypt has policies against generating certificates for certain domains. amazonaws.com is one of them (because they are normally transient). You need to add a CNAME to a personal domain that points to the instance you created. Here I’m using kewp.net.za.
The following commands should install SSL certificates to your domain automatically.
2 4 | git clonehttps://github.com/stormpath/apache-ssl-tutorial mvn spring-boot:run |
Reroute Apache
Now we tell Apache to pass all traffic to our application. We can use the proxy and proxy_ajp modules for that. But first, we need to enable them.
2 | sudo a2enmod proxy_ajp |
Now we need to update the virtual host on port 443 to use the connector we created. For me the relevant file was in /etc/apache2/sites-available/000-default-le-ssl.conf. Add the follow to the bottom of the <VirtualHost *.443> element.
One last thing. The traffic between Apache and Tomcat is currently unencrypted (HTTP). This can be a problem for some apps (like Stormpath – which requires a secure connection). To fix this, we use something called Tomcat’s RemoteIpValve. Enable this by adding the following to your application.properties.