I've never deployed a springboot application before

Greetings, its been a while since I posted here. Was working with springboot thanks to the advices of this forum.

I have generated a .jar from my springboot application. It runs fine on localhost and it also runs fine on http on my VPS when I run it with : # java $JAVA_OPTS -Dserver.port=10002 -jar acme.jar

On my VPS I use the WHM +cPanel. I also use EasyApache4.

First issue, the HTTPS is not working. From what I could google, I need to export the ssl certificate of the domain that will host the application and use it?

Second issue, I want this app to work on a subdomain, like in: coyote.acme.com instead of acme:10002. How can I do that? How can I run this app in a domain/subdomain and not as root?  

Related to SSL here is an entry example / starting point:
https://mkyong.com/spring-boot/spring-boot-ssl-https-examples/

... and the nutshell instructions:
$ git clone https://github.com/mkyong/spring-boot $ cd spring-boot-ssl $ mvn clean package $ java -jar target/spring-boot-web.jar
access https://localhost:8443

Roland Mueller wrote:Here is an entry example / starting point:
https://mkyong.com/spring-boot/spring-boot-ssl-https-examples/

... and the nutshell instructions:
$ git clone https://github.com/mkyong/spring-boot $ cd spring-boot-ssl $ mvn clean package $ java -jar target/spring-boot-web.jar
access https://localhost:8443

He uses a self-certificate. But my domain already has a certificate. Why do I have to generate another? or should I ?

Did you try to add the certificate the same way as the self-signed one?

src/main/resources/mkyong.p12

$ cat src/main/resources/application.properties ; echo # SSL server.port=8443 server.ssl.key-store=classpath:mkyong.p12 server.ssl.key-store-password=123456 # PKCS12 or JKS server.ssl.keyStoreType=PKCS12 # Spring Security # security.require-ssl=true

Roland Mueller wrote:Did you try to add the certificate the same way as the self-signed one?

src/main/resources/mkyong.p12

$ cat src/main/resources/application.properties ; echo # SSL server.port=8443 server.ssl.key-store=classpath:mkyong.p12 server.ssl.key-store-password=123456 # PKCS12 or JKS server.ssl.keyStoreType=PKCS12 # Spring Security # security.require-ssl=true

Thanks!!
It works. Just had to convert the certificate, but other than that, it works fine.
What about running inside a domain instead of root? How can I do that?
Because when I run java - jar, it runs on the main server instead of running in a certain domain.

Actually, what I'd recommend is that you offload all that stuff to a reverse proxy server.

You can use a proxying web server like Apache, nginx or IIS to handle all your incoming requests and forward them to the backend Spring Boot apps. An extra benefit is that you also have a place to put non-Java webapps if you need to.

It's a lot easier to set up virtual hosts that way, and the proxy can rewrite incoming requests to any URL pattern you prefer.

Also setting up SSL certs is less messy - they all get installied in the proxy server so you don't have to fiddle with the Spring Boot config.

And last, but definitely not least, they can present webapps at ports 80 and 443 without running them as privileged users, which is something that Java cannot do. That makes your whole system more secure.