How do I force SSL on my Spring Boot app that uses OAuth2 on AWS ElasticBeanstalk and Nginx?












7














I'm trying to force SSL using the reference documentation



https://docs.spring.io/spring-boot/docs/current/reference/html/howto-security.html#howto-enable-https



However, I already have



@Configuration
class WebSecurityConfiguration {


When I add extends WebSecurityConfigurerAdapter, and not even protected void configure(HttpSecurity http), then requests to a non-Oauth2 page /home/ are redirected to /login for no reason. It works with the property settings. Just by extending the class extends WebSecurityConfigurerAdapter breaks the app. There are other unrelated routes secured by OAuth2. I've seen this non-deterministic random behavior before while setting up Oauth2.



This is the outline of the WebSecurityConfiguration class.



@Configuration
class WebSecurityConfiguration {

@Autowired
UserMapper userMapper;

@Bean
PasswordEncoder passwordEncoder() {

@Bean
protected UserDetailsService userDetailsService() {


And that's it.



I tried to add a Nginx configuration to redirect to SSL, in this answer https://stackoverflow.com/a/53310987/148844, but it didn't work. It does redirect to SSL but I get 404 errors for all paths




HTTP Status 404 - /home

type Status report

message /home

description The requested resource is not available.

Apache Tomcat/8.0.47




tomcat 404



So it is forcing SSL and accessing Tomcat, but the Spring Boot app is completely messed up. It's as if the WAR file in the ZIP was never deployed.



Reference: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/java-tomcat-proxy.html#java-tomcat-proxy-nginx










share|improve this question
























  • what is your WebSecurityConfiguration class doing exactly?
    – Darren Forsythe
    Nov 13 at 21:02










  • @DarrenForsythe Added class outline.
    – Chloe
    Nov 13 at 21:09
















7














I'm trying to force SSL using the reference documentation



https://docs.spring.io/spring-boot/docs/current/reference/html/howto-security.html#howto-enable-https



However, I already have



@Configuration
class WebSecurityConfiguration {


When I add extends WebSecurityConfigurerAdapter, and not even protected void configure(HttpSecurity http), then requests to a non-Oauth2 page /home/ are redirected to /login for no reason. It works with the property settings. Just by extending the class extends WebSecurityConfigurerAdapter breaks the app. There are other unrelated routes secured by OAuth2. I've seen this non-deterministic random behavior before while setting up Oauth2.



This is the outline of the WebSecurityConfiguration class.



@Configuration
class WebSecurityConfiguration {

@Autowired
UserMapper userMapper;

@Bean
PasswordEncoder passwordEncoder() {

@Bean
protected UserDetailsService userDetailsService() {


And that's it.



I tried to add a Nginx configuration to redirect to SSL, in this answer https://stackoverflow.com/a/53310987/148844, but it didn't work. It does redirect to SSL but I get 404 errors for all paths




HTTP Status 404 - /home

type Status report

message /home

description The requested resource is not available.

Apache Tomcat/8.0.47




tomcat 404



So it is forcing SSL and accessing Tomcat, but the Spring Boot app is completely messed up. It's as if the WAR file in the ZIP was never deployed.



Reference: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/java-tomcat-proxy.html#java-tomcat-proxy-nginx










share|improve this question
























  • what is your WebSecurityConfiguration class doing exactly?
    – Darren Forsythe
    Nov 13 at 21:02










  • @DarrenForsythe Added class outline.
    – Chloe
    Nov 13 at 21:09














7












7








7







I'm trying to force SSL using the reference documentation



https://docs.spring.io/spring-boot/docs/current/reference/html/howto-security.html#howto-enable-https



However, I already have



@Configuration
class WebSecurityConfiguration {


When I add extends WebSecurityConfigurerAdapter, and not even protected void configure(HttpSecurity http), then requests to a non-Oauth2 page /home/ are redirected to /login for no reason. It works with the property settings. Just by extending the class extends WebSecurityConfigurerAdapter breaks the app. There are other unrelated routes secured by OAuth2. I've seen this non-deterministic random behavior before while setting up Oauth2.



This is the outline of the WebSecurityConfiguration class.



@Configuration
class WebSecurityConfiguration {

@Autowired
UserMapper userMapper;

@Bean
PasswordEncoder passwordEncoder() {

@Bean
protected UserDetailsService userDetailsService() {


And that's it.



I tried to add a Nginx configuration to redirect to SSL, in this answer https://stackoverflow.com/a/53310987/148844, but it didn't work. It does redirect to SSL but I get 404 errors for all paths




HTTP Status 404 - /home

type Status report

message /home

description The requested resource is not available.

Apache Tomcat/8.0.47




tomcat 404



So it is forcing SSL and accessing Tomcat, but the Spring Boot app is completely messed up. It's as if the WAR file in the ZIP was never deployed.



Reference: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/java-tomcat-proxy.html#java-tomcat-proxy-nginx










share|improve this question















I'm trying to force SSL using the reference documentation



https://docs.spring.io/spring-boot/docs/current/reference/html/howto-security.html#howto-enable-https



However, I already have



@Configuration
class WebSecurityConfiguration {


When I add extends WebSecurityConfigurerAdapter, and not even protected void configure(HttpSecurity http), then requests to a non-Oauth2 page /home/ are redirected to /login for no reason. It works with the property settings. Just by extending the class extends WebSecurityConfigurerAdapter breaks the app. There are other unrelated routes secured by OAuth2. I've seen this non-deterministic random behavior before while setting up Oauth2.



This is the outline of the WebSecurityConfiguration class.



@Configuration
class WebSecurityConfiguration {

@Autowired
UserMapper userMapper;

@Bean
PasswordEncoder passwordEncoder() {

@Bean
protected UserDetailsService userDetailsService() {


And that's it.



I tried to add a Nginx configuration to redirect to SSL, in this answer https://stackoverflow.com/a/53310987/148844, but it didn't work. It does redirect to SSL but I get 404 errors for all paths




HTTP Status 404 - /home

type Status report

message /home

description The requested resource is not available.

Apache Tomcat/8.0.47




tomcat 404



So it is forcing SSL and accessing Tomcat, but the Spring Boot app is completely messed up. It's as if the WAR file in the ZIP was never deployed.



Reference: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/java-tomcat-proxy.html#java-tomcat-proxy-nginx







spring amazon-web-services spring-boot amazon-elastic-beanstalk






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 25 at 23:29

























asked Nov 13 at 20:57









Chloe

10.5k1874187




10.5k1874187












  • what is your WebSecurityConfiguration class doing exactly?
    – Darren Forsythe
    Nov 13 at 21:02










  • @DarrenForsythe Added class outline.
    – Chloe
    Nov 13 at 21:09


















  • what is your WebSecurityConfiguration class doing exactly?
    – Darren Forsythe
    Nov 13 at 21:02










  • @DarrenForsythe Added class outline.
    – Chloe
    Nov 13 at 21:09
















what is your WebSecurityConfiguration class doing exactly?
– Darren Forsythe
Nov 13 at 21:02




what is your WebSecurityConfiguration class doing exactly?
– Darren Forsythe
Nov 13 at 21:02












@DarrenForsythe Added class outline.
– Chloe
Nov 13 at 21:09




@DarrenForsythe Added class outline.
– Chloe
Nov 13 at 21:09












2 Answers
2






active

oldest

votes


















2














I gave up using Spring Boot for this as it's so flaky and resorted to an Nginx configuration option. This worked, though it seems excessively verbose for just making a ZIP. There was the additional problem of a bug in Elastic Beanstalk!



AWS Elastic Beanstalk Tomcat works with .war but not .zip



When deploying the ZIP, it would not deploy the WAR! So I had to create a workaround to create two WAR files in the ZIP. (Just one, even called ROOT.war, would not work.)



I could not find a way to create an empty file with Maven, so I created an empty empty.war file in the project root directory and bundled it inside the ZIP to trick Elastic Beanstalk into working and deploying the app properly. What a mess! Oy vey!



pom.xml

        <plugin> <!-- To add .ebextensions/ Nginx config for ElasticBeanstalk -->
<artifactId>maven-assembly-plugin</artifactId>
<configuration>
<descriptors>
<descriptor>assembly.xml</descriptor>
</descriptors>
</configuration>
<executions>
<execution>
<id>make-assembly</id>
<phase>package</phase>
<goals>
<goal>single</goal>
</goals>
</execution>
</executions>
</plugin>


assembly.xml

<assembly 
xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0 http://maven.apache.org/xsd/assembly-1.1.0.xsd">
<id>bin</id>
<baseDirectory>/</baseDirectory>
<formats>
<format>zip</format>
</formats>
<files>
<file>
<source>empty.war</source>
<outputDirectory/>
</file>
<file>
<source>${project.build.directory}/AppName-0.0.3-SNAPSHOT.war</source>
<outputDirectory/>
<destName>ROOT.war</destName>
</file>
</files>

<fileSets>
<fileSet>
<directory>${project.basedir}</directory>
<outputDirectory>/.ebextensions/nginx/conf.d/elasticbeanstalk/</outputDirectory>
<includes>
<include>force-https.conf</include>
</includes>
</fileSet>
</fileSets>
</assembly>


And the configuration file is just in the project root. I didn't know where else to put it - it's not source code.



force-ssl.conf

if ($http_x_forwarded_proto = 'http') {
return 301 https://$host$request_uri;
}


http://maven.apache.org/plugins/maven-assembly-plugin/assembly.html






share|improve this answer































    0














    I think you need not to care about enabling the SSL on tomcat or application side and its not required, just enable ssl up to nginx.



    You should be simple terminating the SSL on nginx and passing the proxy/reverse-proxy to tomcat.



    Here are some of references to prove my above point.
    https://docs.nginx.com/nginx/admin-guide/security-controls/terminating-ssl-http/
    https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-load-balancing-with-ssl-termination



    In your case, you need to follow below steps.



    1)Create 00_application.conf file and place it under the, .ebextensions/nginx/conf.d/elasticbeanstalk/.



    2)00_application.conf file should have following content.



    server {
    listen 443 ssl;
    server_name www.example.com;
    ssl_certificate www.example.com.crt;
    #...
    location /{
    //your tomcat port, I'm here assuming the your beanstalkserver tomcat is listing to 8080.
    proxy_pass http://127.0.0.1:8080;
    }
    }


    3)Stop listing to default port 80 and redirecting to 443, meaning if you have http://foo.bar/ as your domain, you redirect it https://foo.bar/, Open the nginx.conf file located at .ebextensions/nginx/nginx.conf. Also, make sure to write following line, include conf.d/elasticbeanstalk/*.conf;



    server {
    listen 80;

    server_name foo.bar;
    return 301 https://foo.bar$request_uri;
    }


    I think O-Auth, none of Auth, Spring boot v/s non springs boot apps are less important here.



    Please make sure to follow note written in AWS documentation, and section Extending the Default nginx Configuration.
    Specifically read the note that talks about
    I hope that answers your question. I have not tested everything of above on beanstalk, but rest are tested on EC2, tomcat with nginx proxy. Try this and post specific issue that you might be having in comment section.






    share|improve this answer





















    • I don't think 1) and 2) are correct. docs.aws.amazon.com/elasticbeanstalk/latest/dg/… says "Files with the .conf extension in the conf.d folder are included in the http block of the default configuration. Files in the conf.d/elasticbeanstalk folder are included in the server block within the http block." Since 00_application.conf is already included in the server block, I don't think you need server in there again. So either the file should be elsewhere or should not have server block.
      – Chloe
      Nov 24 at 18:49










    • And how would it work to hard-code the IP of the EC2 instance, when the load balancer and Tomcat server are on different IP address? How would it automatically scale the application for additional EC2 instances?
      – Chloe
      Nov 24 at 18:50










    • This also doesn't explain why when I redirected to SSL with Nginx, Tomcat was giving 404 errors for the app.
      – Chloe
      Nov 24 at 18:54










    • Ok, I'm sorry, but I think, your are mixing different issues, and making it complex. Solve problems one by one. 1) http to https. Which is simple thing, as I have explained. 2) o-auth issue. 3) load balancing. Nginx does load balancing as well, but as far I know, it is not needed in case of elastic beanstalk as it auto scales if configured. I suggest you to try my steps one one if any fails, we should be able to solve that as well. Happy coding, Thanks
      – Red Boy
      Nov 24 at 20:29











    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53289394%2fhow-do-i-force-ssl-on-my-spring-boot-app-that-uses-oauth2-on-aws-elasticbeanstal%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    2














    I gave up using Spring Boot for this as it's so flaky and resorted to an Nginx configuration option. This worked, though it seems excessively verbose for just making a ZIP. There was the additional problem of a bug in Elastic Beanstalk!



    AWS Elastic Beanstalk Tomcat works with .war but not .zip



    When deploying the ZIP, it would not deploy the WAR! So I had to create a workaround to create two WAR files in the ZIP. (Just one, even called ROOT.war, would not work.)



    I could not find a way to create an empty file with Maven, so I created an empty empty.war file in the project root directory and bundled it inside the ZIP to trick Elastic Beanstalk into working and deploying the app properly. What a mess! Oy vey!



    pom.xml

            <plugin> <!-- To add .ebextensions/ Nginx config for ElasticBeanstalk -->
    <artifactId>maven-assembly-plugin</artifactId>
    <configuration>
    <descriptors>
    <descriptor>assembly.xml</descriptor>
    </descriptors>
    </configuration>
    <executions>
    <execution>
    <id>make-assembly</id>
    <phase>package</phase>
    <goals>
    <goal>single</goal>
    </goals>
    </execution>
    </executions>
    </plugin>


    assembly.xml

    <assembly 
    xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0 http://maven.apache.org/xsd/assembly-1.1.0.xsd">
    <id>bin</id>
    <baseDirectory>/</baseDirectory>
    <formats>
    <format>zip</format>
    </formats>
    <files>
    <file>
    <source>empty.war</source>
    <outputDirectory/>
    </file>
    <file>
    <source>${project.build.directory}/AppName-0.0.3-SNAPSHOT.war</source>
    <outputDirectory/>
    <destName>ROOT.war</destName>
    </file>
    </files>

    <fileSets>
    <fileSet>
    <directory>${project.basedir}</directory>
    <outputDirectory>/.ebextensions/nginx/conf.d/elasticbeanstalk/</outputDirectory>
    <includes>
    <include>force-https.conf</include>
    </includes>
    </fileSet>
    </fileSets>
    </assembly>


    And the configuration file is just in the project root. I didn't know where else to put it - it's not source code.



    force-ssl.conf

    if ($http_x_forwarded_proto = 'http') {
    return 301 https://$host$request_uri;
    }


    http://maven.apache.org/plugins/maven-assembly-plugin/assembly.html






    share|improve this answer




























      2














      I gave up using Spring Boot for this as it's so flaky and resorted to an Nginx configuration option. This worked, though it seems excessively verbose for just making a ZIP. There was the additional problem of a bug in Elastic Beanstalk!



      AWS Elastic Beanstalk Tomcat works with .war but not .zip



      When deploying the ZIP, it would not deploy the WAR! So I had to create a workaround to create two WAR files in the ZIP. (Just one, even called ROOT.war, would not work.)



      I could not find a way to create an empty file with Maven, so I created an empty empty.war file in the project root directory and bundled it inside the ZIP to trick Elastic Beanstalk into working and deploying the app properly. What a mess! Oy vey!



      pom.xml

              <plugin> <!-- To add .ebextensions/ Nginx config for ElasticBeanstalk -->
      <artifactId>maven-assembly-plugin</artifactId>
      <configuration>
      <descriptors>
      <descriptor>assembly.xml</descriptor>
      </descriptors>
      </configuration>
      <executions>
      <execution>
      <id>make-assembly</id>
      <phase>package</phase>
      <goals>
      <goal>single</goal>
      </goals>
      </execution>
      </executions>
      </plugin>


      assembly.xml

      <assembly 
      xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0 http://maven.apache.org/xsd/assembly-1.1.0.xsd">
      <id>bin</id>
      <baseDirectory>/</baseDirectory>
      <formats>
      <format>zip</format>
      </formats>
      <files>
      <file>
      <source>empty.war</source>
      <outputDirectory/>
      </file>
      <file>
      <source>${project.build.directory}/AppName-0.0.3-SNAPSHOT.war</source>
      <outputDirectory/>
      <destName>ROOT.war</destName>
      </file>
      </files>

      <fileSets>
      <fileSet>
      <directory>${project.basedir}</directory>
      <outputDirectory>/.ebextensions/nginx/conf.d/elasticbeanstalk/</outputDirectory>
      <includes>
      <include>force-https.conf</include>
      </includes>
      </fileSet>
      </fileSets>
      </assembly>


      And the configuration file is just in the project root. I didn't know where else to put it - it's not source code.



      force-ssl.conf

      if ($http_x_forwarded_proto = 'http') {
      return 301 https://$host$request_uri;
      }


      http://maven.apache.org/plugins/maven-assembly-plugin/assembly.html






      share|improve this answer


























        2












        2








        2






        I gave up using Spring Boot for this as it's so flaky and resorted to an Nginx configuration option. This worked, though it seems excessively verbose for just making a ZIP. There was the additional problem of a bug in Elastic Beanstalk!



        AWS Elastic Beanstalk Tomcat works with .war but not .zip



        When deploying the ZIP, it would not deploy the WAR! So I had to create a workaround to create two WAR files in the ZIP. (Just one, even called ROOT.war, would not work.)



        I could not find a way to create an empty file with Maven, so I created an empty empty.war file in the project root directory and bundled it inside the ZIP to trick Elastic Beanstalk into working and deploying the app properly. What a mess! Oy vey!



        pom.xml

                <plugin> <!-- To add .ebextensions/ Nginx config for ElasticBeanstalk -->
        <artifactId>maven-assembly-plugin</artifactId>
        <configuration>
        <descriptors>
        <descriptor>assembly.xml</descriptor>
        </descriptors>
        </configuration>
        <executions>
        <execution>
        <id>make-assembly</id>
        <phase>package</phase>
        <goals>
        <goal>single</goal>
        </goals>
        </execution>
        </executions>
        </plugin>


        assembly.xml

        <assembly 
        xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0 http://maven.apache.org/xsd/assembly-1.1.0.xsd">
        <id>bin</id>
        <baseDirectory>/</baseDirectory>
        <formats>
        <format>zip</format>
        </formats>
        <files>
        <file>
        <source>empty.war</source>
        <outputDirectory/>
        </file>
        <file>
        <source>${project.build.directory}/AppName-0.0.3-SNAPSHOT.war</source>
        <outputDirectory/>
        <destName>ROOT.war</destName>
        </file>
        </files>

        <fileSets>
        <fileSet>
        <directory>${project.basedir}</directory>
        <outputDirectory>/.ebextensions/nginx/conf.d/elasticbeanstalk/</outputDirectory>
        <includes>
        <include>force-https.conf</include>
        </includes>
        </fileSet>
        </fileSets>
        </assembly>


        And the configuration file is just in the project root. I didn't know where else to put it - it's not source code.



        force-ssl.conf

        if ($http_x_forwarded_proto = 'http') {
        return 301 https://$host$request_uri;
        }


        http://maven.apache.org/plugins/maven-assembly-plugin/assembly.html






        share|improve this answer














        I gave up using Spring Boot for this as it's so flaky and resorted to an Nginx configuration option. This worked, though it seems excessively verbose for just making a ZIP. There was the additional problem of a bug in Elastic Beanstalk!



        AWS Elastic Beanstalk Tomcat works with .war but not .zip



        When deploying the ZIP, it would not deploy the WAR! So I had to create a workaround to create two WAR files in the ZIP. (Just one, even called ROOT.war, would not work.)



        I could not find a way to create an empty file with Maven, so I created an empty empty.war file in the project root directory and bundled it inside the ZIP to trick Elastic Beanstalk into working and deploying the app properly. What a mess! Oy vey!



        pom.xml

                <plugin> <!-- To add .ebextensions/ Nginx config for ElasticBeanstalk -->
        <artifactId>maven-assembly-plugin</artifactId>
        <configuration>
        <descriptors>
        <descriptor>assembly.xml</descriptor>
        </descriptors>
        </configuration>
        <executions>
        <execution>
        <id>make-assembly</id>
        <phase>package</phase>
        <goals>
        <goal>single</goal>
        </goals>
        </execution>
        </executions>
        </plugin>


        assembly.xml

        <assembly 
        xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0 http://maven.apache.org/xsd/assembly-1.1.0.xsd">
        <id>bin</id>
        <baseDirectory>/</baseDirectory>
        <formats>
        <format>zip</format>
        </formats>
        <files>
        <file>
        <source>empty.war</source>
        <outputDirectory/>
        </file>
        <file>
        <source>${project.build.directory}/AppName-0.0.3-SNAPSHOT.war</source>
        <outputDirectory/>
        <destName>ROOT.war</destName>
        </file>
        </files>

        <fileSets>
        <fileSet>
        <directory>${project.basedir}</directory>
        <outputDirectory>/.ebextensions/nginx/conf.d/elasticbeanstalk/</outputDirectory>
        <includes>
        <include>force-https.conf</include>
        </includes>
        </fileSet>
        </fileSets>
        </assembly>


        And the configuration file is just in the project root. I didn't know where else to put it - it's not source code.



        force-ssl.conf

        if ($http_x_forwarded_proto = 'http') {
        return 301 https://$host$request_uri;
        }


        http://maven.apache.org/plugins/maven-assembly-plugin/assembly.html







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Nov 26 at 22:50

























        answered Nov 15 at 1:07









        Chloe

        10.5k1874187




        10.5k1874187

























            0














            I think you need not to care about enabling the SSL on tomcat or application side and its not required, just enable ssl up to nginx.



            You should be simple terminating the SSL on nginx and passing the proxy/reverse-proxy to tomcat.



            Here are some of references to prove my above point.
            https://docs.nginx.com/nginx/admin-guide/security-controls/terminating-ssl-http/
            https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-load-balancing-with-ssl-termination



            In your case, you need to follow below steps.



            1)Create 00_application.conf file and place it under the, .ebextensions/nginx/conf.d/elasticbeanstalk/.



            2)00_application.conf file should have following content.



            server {
            listen 443 ssl;
            server_name www.example.com;
            ssl_certificate www.example.com.crt;
            #...
            location /{
            //your tomcat port, I'm here assuming the your beanstalkserver tomcat is listing to 8080.
            proxy_pass http://127.0.0.1:8080;
            }
            }


            3)Stop listing to default port 80 and redirecting to 443, meaning if you have http://foo.bar/ as your domain, you redirect it https://foo.bar/, Open the nginx.conf file located at .ebextensions/nginx/nginx.conf. Also, make sure to write following line, include conf.d/elasticbeanstalk/*.conf;



            server {
            listen 80;

            server_name foo.bar;
            return 301 https://foo.bar$request_uri;
            }


            I think O-Auth, none of Auth, Spring boot v/s non springs boot apps are less important here.



            Please make sure to follow note written in AWS documentation, and section Extending the Default nginx Configuration.
            Specifically read the note that talks about
            I hope that answers your question. I have not tested everything of above on beanstalk, but rest are tested on EC2, tomcat with nginx proxy. Try this and post specific issue that you might be having in comment section.






            share|improve this answer





















            • I don't think 1) and 2) are correct. docs.aws.amazon.com/elasticbeanstalk/latest/dg/… says "Files with the .conf extension in the conf.d folder are included in the http block of the default configuration. Files in the conf.d/elasticbeanstalk folder are included in the server block within the http block." Since 00_application.conf is already included in the server block, I don't think you need server in there again. So either the file should be elsewhere or should not have server block.
              – Chloe
              Nov 24 at 18:49










            • And how would it work to hard-code the IP of the EC2 instance, when the load balancer and Tomcat server are on different IP address? How would it automatically scale the application for additional EC2 instances?
              – Chloe
              Nov 24 at 18:50










            • This also doesn't explain why when I redirected to SSL with Nginx, Tomcat was giving 404 errors for the app.
              – Chloe
              Nov 24 at 18:54










            • Ok, I'm sorry, but I think, your are mixing different issues, and making it complex. Solve problems one by one. 1) http to https. Which is simple thing, as I have explained. 2) o-auth issue. 3) load balancing. Nginx does load balancing as well, but as far I know, it is not needed in case of elastic beanstalk as it auto scales if configured. I suggest you to try my steps one one if any fails, we should be able to solve that as well. Happy coding, Thanks
              – Red Boy
              Nov 24 at 20:29
















            0














            I think you need not to care about enabling the SSL on tomcat or application side and its not required, just enable ssl up to nginx.



            You should be simple terminating the SSL on nginx and passing the proxy/reverse-proxy to tomcat.



            Here are some of references to prove my above point.
            https://docs.nginx.com/nginx/admin-guide/security-controls/terminating-ssl-http/
            https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-load-balancing-with-ssl-termination



            In your case, you need to follow below steps.



            1)Create 00_application.conf file and place it under the, .ebextensions/nginx/conf.d/elasticbeanstalk/.



            2)00_application.conf file should have following content.



            server {
            listen 443 ssl;
            server_name www.example.com;
            ssl_certificate www.example.com.crt;
            #...
            location /{
            //your tomcat port, I'm here assuming the your beanstalkserver tomcat is listing to 8080.
            proxy_pass http://127.0.0.1:8080;
            }
            }


            3)Stop listing to default port 80 and redirecting to 443, meaning if you have http://foo.bar/ as your domain, you redirect it https://foo.bar/, Open the nginx.conf file located at .ebextensions/nginx/nginx.conf. Also, make sure to write following line, include conf.d/elasticbeanstalk/*.conf;



            server {
            listen 80;

            server_name foo.bar;
            return 301 https://foo.bar$request_uri;
            }


            I think O-Auth, none of Auth, Spring boot v/s non springs boot apps are less important here.



            Please make sure to follow note written in AWS documentation, and section Extending the Default nginx Configuration.
            Specifically read the note that talks about
            I hope that answers your question. I have not tested everything of above on beanstalk, but rest are tested on EC2, tomcat with nginx proxy. Try this and post specific issue that you might be having in comment section.






            share|improve this answer





















            • I don't think 1) and 2) are correct. docs.aws.amazon.com/elasticbeanstalk/latest/dg/… says "Files with the .conf extension in the conf.d folder are included in the http block of the default configuration. Files in the conf.d/elasticbeanstalk folder are included in the server block within the http block." Since 00_application.conf is already included in the server block, I don't think you need server in there again. So either the file should be elsewhere or should not have server block.
              – Chloe
              Nov 24 at 18:49










            • And how would it work to hard-code the IP of the EC2 instance, when the load balancer and Tomcat server are on different IP address? How would it automatically scale the application for additional EC2 instances?
              – Chloe
              Nov 24 at 18:50










            • This also doesn't explain why when I redirected to SSL with Nginx, Tomcat was giving 404 errors for the app.
              – Chloe
              Nov 24 at 18:54










            • Ok, I'm sorry, but I think, your are mixing different issues, and making it complex. Solve problems one by one. 1) http to https. Which is simple thing, as I have explained. 2) o-auth issue. 3) load balancing. Nginx does load balancing as well, but as far I know, it is not needed in case of elastic beanstalk as it auto scales if configured. I suggest you to try my steps one one if any fails, we should be able to solve that as well. Happy coding, Thanks
              – Red Boy
              Nov 24 at 20:29














            0












            0








            0






            I think you need not to care about enabling the SSL on tomcat or application side and its not required, just enable ssl up to nginx.



            You should be simple terminating the SSL on nginx and passing the proxy/reverse-proxy to tomcat.



            Here are some of references to prove my above point.
            https://docs.nginx.com/nginx/admin-guide/security-controls/terminating-ssl-http/
            https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-load-balancing-with-ssl-termination



            In your case, you need to follow below steps.



            1)Create 00_application.conf file and place it under the, .ebextensions/nginx/conf.d/elasticbeanstalk/.



            2)00_application.conf file should have following content.



            server {
            listen 443 ssl;
            server_name www.example.com;
            ssl_certificate www.example.com.crt;
            #...
            location /{
            //your tomcat port, I'm here assuming the your beanstalkserver tomcat is listing to 8080.
            proxy_pass http://127.0.0.1:8080;
            }
            }


            3)Stop listing to default port 80 and redirecting to 443, meaning if you have http://foo.bar/ as your domain, you redirect it https://foo.bar/, Open the nginx.conf file located at .ebextensions/nginx/nginx.conf. Also, make sure to write following line, include conf.d/elasticbeanstalk/*.conf;



            server {
            listen 80;

            server_name foo.bar;
            return 301 https://foo.bar$request_uri;
            }


            I think O-Auth, none of Auth, Spring boot v/s non springs boot apps are less important here.



            Please make sure to follow note written in AWS documentation, and section Extending the Default nginx Configuration.
            Specifically read the note that talks about
            I hope that answers your question. I have not tested everything of above on beanstalk, but rest are tested on EC2, tomcat with nginx proxy. Try this and post specific issue that you might be having in comment section.






            share|improve this answer












            I think you need not to care about enabling the SSL on tomcat or application side and its not required, just enable ssl up to nginx.



            You should be simple terminating the SSL on nginx and passing the proxy/reverse-proxy to tomcat.



            Here are some of references to prove my above point.
            https://docs.nginx.com/nginx/admin-guide/security-controls/terminating-ssl-http/
            https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-load-balancing-with-ssl-termination



            In your case, you need to follow below steps.



            1)Create 00_application.conf file and place it under the, .ebextensions/nginx/conf.d/elasticbeanstalk/.



            2)00_application.conf file should have following content.



            server {
            listen 443 ssl;
            server_name www.example.com;
            ssl_certificate www.example.com.crt;
            #...
            location /{
            //your tomcat port, I'm here assuming the your beanstalkserver tomcat is listing to 8080.
            proxy_pass http://127.0.0.1:8080;
            }
            }


            3)Stop listing to default port 80 and redirecting to 443, meaning if you have http://foo.bar/ as your domain, you redirect it https://foo.bar/, Open the nginx.conf file located at .ebextensions/nginx/nginx.conf. Also, make sure to write following line, include conf.d/elasticbeanstalk/*.conf;



            server {
            listen 80;

            server_name foo.bar;
            return 301 https://foo.bar$request_uri;
            }


            I think O-Auth, none of Auth, Spring boot v/s non springs boot apps are less important here.



            Please make sure to follow note written in AWS documentation, and section Extending the Default nginx Configuration.
            Specifically read the note that talks about
            I hope that answers your question. I have not tested everything of above on beanstalk, but rest are tested on EC2, tomcat with nginx proxy. Try this and post specific issue that you might be having in comment section.







            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered Nov 23 at 20:33









            Red Boy

            2,1052923




            2,1052923












            • I don't think 1) and 2) are correct. docs.aws.amazon.com/elasticbeanstalk/latest/dg/… says "Files with the .conf extension in the conf.d folder are included in the http block of the default configuration. Files in the conf.d/elasticbeanstalk folder are included in the server block within the http block." Since 00_application.conf is already included in the server block, I don't think you need server in there again. So either the file should be elsewhere or should not have server block.
              – Chloe
              Nov 24 at 18:49










            • And how would it work to hard-code the IP of the EC2 instance, when the load balancer and Tomcat server are on different IP address? How would it automatically scale the application for additional EC2 instances?
              – Chloe
              Nov 24 at 18:50










            • This also doesn't explain why when I redirected to SSL with Nginx, Tomcat was giving 404 errors for the app.
              – Chloe
              Nov 24 at 18:54










            • Ok, I'm sorry, but I think, your are mixing different issues, and making it complex. Solve problems one by one. 1) http to https. Which is simple thing, as I have explained. 2) o-auth issue. 3) load balancing. Nginx does load balancing as well, but as far I know, it is not needed in case of elastic beanstalk as it auto scales if configured. I suggest you to try my steps one one if any fails, we should be able to solve that as well. Happy coding, Thanks
              – Red Boy
              Nov 24 at 20:29


















            • I don't think 1) and 2) are correct. docs.aws.amazon.com/elasticbeanstalk/latest/dg/… says "Files with the .conf extension in the conf.d folder are included in the http block of the default configuration. Files in the conf.d/elasticbeanstalk folder are included in the server block within the http block." Since 00_application.conf is already included in the server block, I don't think you need server in there again. So either the file should be elsewhere or should not have server block.
              – Chloe
              Nov 24 at 18:49










            • And how would it work to hard-code the IP of the EC2 instance, when the load balancer and Tomcat server are on different IP address? How would it automatically scale the application for additional EC2 instances?
              – Chloe
              Nov 24 at 18:50










            • This also doesn't explain why when I redirected to SSL with Nginx, Tomcat was giving 404 errors for the app.
              – Chloe
              Nov 24 at 18:54










            • Ok, I'm sorry, but I think, your are mixing different issues, and making it complex. Solve problems one by one. 1) http to https. Which is simple thing, as I have explained. 2) o-auth issue. 3) load balancing. Nginx does load balancing as well, but as far I know, it is not needed in case of elastic beanstalk as it auto scales if configured. I suggest you to try my steps one one if any fails, we should be able to solve that as well. Happy coding, Thanks
              – Red Boy
              Nov 24 at 20:29
















            I don't think 1) and 2) are correct. docs.aws.amazon.com/elasticbeanstalk/latest/dg/… says "Files with the .conf extension in the conf.d folder are included in the http block of the default configuration. Files in the conf.d/elasticbeanstalk folder are included in the server block within the http block." Since 00_application.conf is already included in the server block, I don't think you need server in there again. So either the file should be elsewhere or should not have server block.
            – Chloe
            Nov 24 at 18:49




            I don't think 1) and 2) are correct. docs.aws.amazon.com/elasticbeanstalk/latest/dg/… says "Files with the .conf extension in the conf.d folder are included in the http block of the default configuration. Files in the conf.d/elasticbeanstalk folder are included in the server block within the http block." Since 00_application.conf is already included in the server block, I don't think you need server in there again. So either the file should be elsewhere or should not have server block.
            – Chloe
            Nov 24 at 18:49












            And how would it work to hard-code the IP of the EC2 instance, when the load balancer and Tomcat server are on different IP address? How would it automatically scale the application for additional EC2 instances?
            – Chloe
            Nov 24 at 18:50




            And how would it work to hard-code the IP of the EC2 instance, when the load balancer and Tomcat server are on different IP address? How would it automatically scale the application for additional EC2 instances?
            – Chloe
            Nov 24 at 18:50












            This also doesn't explain why when I redirected to SSL with Nginx, Tomcat was giving 404 errors for the app.
            – Chloe
            Nov 24 at 18:54




            This also doesn't explain why when I redirected to SSL with Nginx, Tomcat was giving 404 errors for the app.
            – Chloe
            Nov 24 at 18:54












            Ok, I'm sorry, but I think, your are mixing different issues, and making it complex. Solve problems one by one. 1) http to https. Which is simple thing, as I have explained. 2) o-auth issue. 3) load balancing. Nginx does load balancing as well, but as far I know, it is not needed in case of elastic beanstalk as it auto scales if configured. I suggest you to try my steps one one if any fails, we should be able to solve that as well. Happy coding, Thanks
            – Red Boy
            Nov 24 at 20:29




            Ok, I'm sorry, but I think, your are mixing different issues, and making it complex. Solve problems one by one. 1) http to https. Which is simple thing, as I have explained. 2) o-auth issue. 3) load balancing. Nginx does load balancing as well, but as far I know, it is not needed in case of elastic beanstalk as it auto scales if configured. I suggest you to try my steps one one if any fails, we should be able to solve that as well. Happy coding, Thanks
            – Red Boy
            Nov 24 at 20:29


















            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.





            Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


            Please pay close attention to the following guidance:


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53289394%2fhow-do-i-force-ssl-on-my-spring-boot-app-that-uses-oauth2-on-aws-elasticbeanstal%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            Guess what letter conforming each word

            Port of Spain

            Run scheduled task as local user group (not BUILTIN)