SpringBoot and Vaadin HTTPS

Brian.76 · November 19, 2024, 4:57pm

I’m creating a Spring Boot application (v3.3.5) with Vaadin (v24.5.3) and I’ve read several articles on how to enable HTTPS, but they don’t seem to be working for me. Here are the steps:

create self-signed certificate and pks12 key using java keytool -genkeypair
put generated p12 file in /src/main/resources of project
export certificate from p12 file add to KeyChain, and say trust always
add spring configuration to application.properties to point to key

server.ssl.key-store=classpath:keystore.p12
server.ssl.key-store-password=password
server.ssl.key-store-type=PKCS12
server.ssl.key-alias=springboot
server.ssl.key-password=password
server.ssl.enabled=true
server.port=8443

start application, go to https://localhost:8443, but all i get is a blank page

In the Chrome developer tool, i see a bunch of these errors, but not sure if they are related:
Error in WebSocket connection to wss://localhost:35729/

Is there something else I am missing? Thank you for the help

marcoc_753 · November 19, 2024, 9:15pm

This seems to be a known issue connecting to Spring Live Reload websocket.

github.com/vaadin/flow

Do not connect directly to the Spring Boot livereload server

opened 09:13AM - 28 Apr 22 UTC

Artur-

enhancement live reload

### Describe your motivation When you start a Spring Boot application using S…pring boot dev tools, it automatically starts a livereload server on port 35729. This port is hard coded so if you start two Spring Boot applications, you will have only one livereload server listening. Flow connects directly to the port from the browser, so if you run two applications locally then both will connect to the same livereload server. Live reloading will work for one and not for the other. Apparently also if you configure the server to use ssl then we try to use a secure websocket connection (`wss://`) for port 35729 but this does not work (#13632). ### Describe the solution you'd like Instead of connecting to the livereload server from the browser, we should use the same debug window connection we already have. On the server, we should listen to reload events from Spring Boot like the LiveReloadServer does: https://github.com/spring-projects/spring-boot/blob/fdb1010cbc75517f511d4ab82de7d8f0ee058849/spring-boot-project/spring-boot-devtools/src/main/java/org/springframework/boot/devtools/autoconfigure/LocalDevToolsAutoConfiguration.java#L193-L198 When an event arrives, we send the "reload" command using the debug window connection and react as we do today. ### Additional context This will remove the need for one websocket connection and make livereload work even if you run multiple applications locally

Brian.76 · November 20, 2024, 2:03am

Thank you for the link. Is there a current solution, or is there just no way that SpringBoot/Vaadin and HTTPS can work together? I am only trying to load my application in one browser window, and I have tried adding the following line to my application.properties to stop the livereload server file but it does not help:

spring.devtools.livereload.enabled=false

Thank you!

SimonMartinelli · November 20, 2024, 5:49am

I don’t recommend to use HTPS on the Spring application. Usually there is a reverse proxy in front of the application so you don’t have to deal with that.

Where are you running your application?

marcoc_753 · November 20, 2024, 6:32am

Removing org.springframework.boot:spring-boot-devtools from your dependencies should prevent the connection to Spring Live Reload web socket.

Brian.76 · November 20, 2024, 1:23pm

Hi Simon, for now I am just running on my local laptop. Eventually I would like to deploy this on the cloud since it is a small app, and assume at that point i would need HTTPs support. I’m not familiar with reverse proxy setup, so I will do some reading on that. Thank you for the suggestion

Brian.76 · November 20, 2024, 1:24pm

Thanks Marco, I will remove that dependency!

SimonMartinelli · November 20, 2024, 1:45pm

No matter which cloud service you will use HTTPS will be there already.
You don’t have to manage it in your application.

You also don’t need to read about reverse proxy because this depends on the cloud provider you choose.

Just use plain HTTP in your app

rucko24 · November 20, 2024, 1:59pm

A similar conversion also took place here.

Brian.76 · November 20, 2024, 11:20pm

ok, I’m more a back-end developer and have been sheltered from the deployment side of things, so thanks for the info!

fedorko · November 25, 2024, 9:09am

Hi Brian,

I am using my keystore in file system instead of inside jar (classpath).
That allows me to use HTTP for development and switch to HTTPS in production,
all without rebuilding jar file. It is also important to be able to regularly update
keystore, if you are using standard Certificate (not self-signed), which has limited
validity max 2 years. With self-signed certificate, browser will be warning that
you are connecting to unsecured server.

Here is my application.properties file:

server.ssl.enabled=true
server.ssl.key-store: file:./tangram.p12
server.ssl.key-store-password: tangram
server.ssl.key-store-type: pkcs12
server.ssl.key-alias: tangram.sk

Both files “application.properties” and “tangram.p12” (keystore) are stored in “root” of deployment directory (directory where my JAR file is).
Notice “server.ssl.key-store: file:./tangram.p12”, which means to look for keystore in file system.
No other setting are necessary, just to switch server.ssl.enabled to “true” or “false” and restart service.

Bretislav1 · November 25, 2024, 4:41pm

As @SimonMartinelli suggested, don’t try to setup HTTPS directly in Spring Boot. If you need to test how will your application run with HTTPS enabled, I’d recommend to follow this How To:

It enables you to develop using HTTP and test HTTPS only when needed. It basically spawns a reverse proxy for your app running on localhost:8080 in a Docker

SimonMartinelli · November 25, 2024, 5:00pm

I usually use Caddy https://caddyserver.com/ in such a scenario

Brian.76 · November 30, 2024, 11:52pm

Thank you for the information!