Created
March 2, 2016 13:51
-
-
Save mihkels/6e30e8e21acc68a55482 to your computer and use it in GitHub Desktop.
Revisions
-
mihkels created this gist
Mar 2, 2016 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,38 @@ @Configuration public class MultiConnectionSupport { @Value("${server.port}") private int serverPort; @Value("${server.http.port}") private int httpServerPort; @Bean public EmbeddedServletContainerFactory servletContainer() { final TomcatEmbeddedServletContainerFactory tomcat = new RedirectTomcatEmbeddedServletContainerFactory(); tomcat.addAdditionalTomcatConnectors(createSslConnector()); return tomcat; } private Connector createSslConnector() { final Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); connector.setScheme("http"); connector.setPort(httpServerPort); connector.setSecure(false); connector.setRedirectPort(serverPort); return connector; } private static class RedirectTomcatEmbeddedServletContainerFactory extends TomcatEmbeddedServletContainerFactory { @Override protected void postProcessContext(Context context) { final SecurityConstraint securityConstraint = new SecurityConstraint(); securityConstraint.setUserConstraint("CONFIDENTIAL"); final SecurityCollection collection = new SecurityCollection(); collection.addPattern("/*"); securityConstraint.addCollection(collection); context.addConstraint(securityConstraint); } } } This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,8 @@ server: port: 443 http: port: 80 ssl: key-store: classpath:ssl/letsencrypt.jks key-store-password: password key-password: password This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,12 @@ # IMPORTANT: You must run ./letsencrypt-auto inside the server where the application will be running. # Generate certificat files ./letsencrypt-auto certonly --standalone -d example.com # Go to directory where certificates where generated cd /etc/letsencrypt/live # Create new letsencrypt.jks keystore openssl pkcs12 -export -in cert.pem -inkey privkey.pem -out cert_and_key.p12 -name tomcat -CAfile chain.pem -caname root keytool -importkeystore -deststorepass password -destkeypass password -destkeystore letsencrypt.jks -srckeystore cert_and_key.p12 -srcstoretype PKCS12 -srcstorepass password -alias tomcat keytool -import -trustcacerts -alias root -file chain.pem -keystore letsencrypt.jks