SoFunction
Updated on 2025-04-22

How to enable https service in springboot project

Springboot project enables https service

To enable HTTPS service in your Spring Boot project, follow these steps:

1. Generate SSL certificate keystore

Generate a self-signed certificate using keytool

Run the following command in the terminal or command line tool to generate a keystore file in PKCS12 format:

keytool -genkeypair -alias myapp -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore keystore.p12 -validity 365
  • -alias myapp: Set the alias tomyapp, can be modified as needed.
  • -keyalg RSA: Use the RSA algorithm to generate key pairs.
  • -keysize 2048: Set the key length to 2048 bits, and it is recommended to have at least 2048 bits to ensure security.
  • -storetype PKCS12: Specify the storage type to be PKCS12 format, which is a common format supported by Spring Boot.
  • -keystore keystore.p12: The generated keystore file name can be customized.
  • -validity 365: Set the validity period of the certificate to be 365 days.

Follow the prompts to enter your password and other information. Remember to record these passwords, as they will be used in subsequent configurations.

Add the keystore file to the project resource directory

Will be generatedkeystore.p12Files are placed in the project's resource directory, usually:

src/main/resources/

2. Configure Spring Boot Application

Modify according to your choiceorFile to enable HTTPS.

Revise

existAdd the following configuration to the file:

-store=classpath:keystore.p12
-store-password=your_keystore_password
-alias=myapp
# Optional: Specify HTTPS port, default is 8443=8443

replaceyour_keystore_passwordReplace the password you set when generating the keystoremyappThe alias set for you.

Revise

existAdd the following configuration to the file:

server:
  ssl:
    key-store: classpath:keystore.p12
    key-store-password: your_keystore_password
    key-alias: myapp
  # Optional: Specify HTTPS port, default is 8443  port: 8443

Similarly, replaceyour_keystore_passwordandmyappfor your own value.

3. Start the Spring Boot application

Once configured, rebuild and run your Spring Boot app.

Make sure there are no error prompts and the service is successfully bound to the specified HTTPS port (default is 8443).

Verify HTTPS connection

Visit in the browser:

https://localhost:8443

Although a security warning is displayed (because a self-signed certificate is used), at least it can be confirmed that the HTTPS configuration is in effect.

If a formal deployment is required, replace it with a valid SSL certificate issued by a trusted CA.

4. Precautions for production environment

Use a formal CA certificate

In production environments, valid SSL certificates issued by trusted certificate authorities (such as Let’s Encrypt, GlobalSign, etc.) must be used.

These certificates do not trigger a browser's security warning, ensuring that users trust your website.

Configure reverse proxy

For improved performance and security, it is recommended to configure Nginx or other reverse proxy server in production to terminate HTTPS connections and forward requests to the HTTP port of Spring Boot application (such as 8080).

This allows Nginx's powerful SSL support and optimization capabilities to take advantage of.

Example Nginx configuration:

server {
    listen 443 ssl;
    server_name your_domain.com;

    ssl_certificate /path/to/your/;
    ssl_certificate_key /path/to/your/;

    location / {
        proxy_pass http://localhost:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Ensure replacementyour_domain.com, certificate path and key path are your own values.

Enable HSTS (HTTP strict transmission security)

To force the browser to use HTTPS connection, HSTS can be enabled in the Nginx configuration:

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

This will tell the browser to always use HTTPS to access your website for a specified time.

5. Verification and testing

Test HTTPS connection

usecurlCommand or browser access:

curl -I https://your_domain.com

Make sure the response header containsStrict-Transport-Securityheader, and status code is 200 OK.

Check SSL/TLS configuration

Your HTTPS configuration can be checked using online tools such as SSLLabs' SSL Test to ensure it complies with the latest security standards and best practices.

6. Troubleshooting of FAQs

Certificate path error

If the keystore file is not properly placedsrc/main/resources/In the directory, the application will not be able to find the file.

Make sure the file path is correct and rebuild the project.

Error password

Check whether the password set when generating the keystore is the same as the one in the configurationkey-store-passwordConsistent.

If inconsistent, a load failure error will be raised.

Port occupied

If the specified HTTPS port (such as 8443) has been occupied by other programs, the service will not be started.

Use the following command to check the port status:

netstat -an | grep 8443

Make sure no other processes occupy the port.

Browser Security Warning

In a production environment, please replace the self-signed certificate as a certificate issued by the official CA to avoid browser security warnings and improve user experience and trust.

Summarize

Through the above steps, you can successfully enable HTTPS service in your Spring Boot project. Whether in development or production environments, ensure the configuration is correct and take appropriate measures to enhance security and performance.

Be sure to test all configurations and use a valid SSL certificate for optimal security before formal deployment.

The above is personal experience. I hope you can give you a reference and I hope you can support me more.