Enabling HTTPS on ElasticBeansTalk and Spring Boot.
Updated: Jul 23, 2019
Here in Broscorp, we had struggle setting up Spring Boot application with HTTPS on AWS ElasticBeanstalk and we got a solution. Let me share that solution with you. The main idea of this post is to make how-to for me in future when I forget on how to achieve this next time. Hopefully that would save you some time digging in AWS documentation.
Are you aware of making HTTPS obligatory for all websites otherwise Chrome, Firefox will ignore it? Alternatively, make it difficult to browse. Then please read this article: https://searchengineland.com/effective-july-2018-googles-chrome-browser-will-mark-non-https-sites-as-not-secure-291623
Here in Broscorp, we do like to make secure applications. So for us, it's not a surprise. We put https as an additional security shield in every application we built. However, it was the first time when we had the following setup:
AWS ElasticBeanstalk is a great thing. It helps you drastically reduce the costs of deploying your app and building continuous integration and delivery. However, of course, it has its own drawbacks. So here is a walk-through on how to setup HTTPS, AWS ELB, Spring Boot.
You may say that AWS has tons of documentation explaining every single bit of everything. Yes and unfortunately no. There is no recipe so here we go.
1. Add SSL certificate and turn on 443 port.
First we have to setup load balancer properly on AWS ELB.
In order to achieve that go to Configuration section on the right.
Then go to the Load balancer section of the Configuration
And then you would see that by default you have only one listener on 80 port.
Our aim is to add another one on 443 port along with HTTPS protocol and also SSL certificate. Hopefully you have one. Otherwise I have to do another article to explain how to achieve that.
If you do everything correctly you should see something like on the screenshot.
Here is a question. Why doesn't AWS make redirection for you? By default, users gonna type your address like this "domain.com". Nobody likes to type "https:// blabla". Browsers think that you would like to access the URL using plain HTTP and makes a call using 80 port. That's why you still have to listen to this port and then redirect to https.
2. You don't have to modify NGINX settings.
First, when I tried to accomplish this task, I read many recommendations on StackOverflow. Many people recommend modifying nginx settings by overriding particular file, putting it to a specific folder while deploying the package to AWS. However, there is a better way, and I am going to show you.
3. You simply have to add two spring properties
So here were are. In your spring boot application properties just put this:
4. You also have to add a method call to your security config
I have copied a piece of code from HttpSecurity class javadoc:
Please note the line with requiresChannel().anyRequest().requireSecure()
The magic of redirection would not work without this line.
What is happening here:
1. Https is going directly to the Spring boot app
2. Http is going through all the steps but while accessing the tomcat running the spring boot app is being redirected with 302 Http code to the HTTPS version of the URL.
I hope that saved you some time setting up HTTPS with Spring Boot on ElasticBeansTalk.